Skip to content

Releases: Eugeny/russh

v0.49.0

10 Dec 23:15
@github-actions github-actions
v0.49.0
e456efe

Choose a tag to compare

View all tags
v0.49.0

Changes

This release fixes the regression in v0.48 which made it impossible to choose the hash algorithm when using RSA keys for authentication. Unfortunately, the fix is a breaking API change, hence the version bump.

client::Handle::authenticate_publickey now takes a russh_keys::key::PrivateKeyWithHashAlg which you can construct from an Arc<russh_keys::PrivateKey> + Option<russh_keys::HashAlg>.

The latter lets you choose between SHA1, SHA256 and SHA512 for RSA keys, and must be None for all other key types.

Example:

let key_pair = load_secret_key(key_path, None)?;

let auth_res = session
    .authenticate_publickey(
        user, 
        PrivateKeyWithHashAlg::new(Arc::new(key_pair), Some(HashAlg::Sha512))?
    )
    .await?;
Loading

v0.48.2

09 Dec 20:52
@github-actions github-actions
v0.48.2
02c86e0

Choose a tag to compare

View all tags
v0.48.2

Fixes

  • 044da62: fixed handling of rsa-sha2-* key algorithms
Loading

v0.48.1

07 Dec 19:08
@github-actions github-actions
v0.48.1
457706e

Choose a tag to compare

View all tags
v0.48.1

Breaking changes

russh v0.48 drops its own data parsing and key handling code in favor of the RustCrypto project's ssh-key (#368) and ssh-encoding (#371) crates. This means there are some breaking changes, which are listed here:

Important for library users

  • russh_keys::key::PublicKey is replaced with russh_keys::PublicKey (ssh_key::PublicKey)

  • russh_keys::key::KeyPair is replaced with russh_keys::PrivateKey (ssh_key::PrivateKey)

  • russh_keys::key::parse_public_key no longer takes a hash algorithm argument as RSA keys are no longer locked down to a specific algorithm internally. RSA key specific hash algorithms are only used in Preferred::key.

  • Key type constants in russh_keys::key and russh_keys::key::Name are removed - use the russh_keys::Algorithm enum instead. Config::preferred::key now also takes russh_keys::Algorithms instead of russh_key::key::Names.

  • russh::client::Handle::authenticate_future is renamed to russh::client::Handle::authenticate_publickey_with

Less important

  • new russh::Error enum variants:

    • Error:Signature
    • Error:SshKey
    • Error:SshEncoding

  • new russh_keys::Error enum variants:

    • Error::Rsa
    • Error::Utf8

  • russh::auth::Signer is now an async_trait

  • russh_keys::ec is removed

  • russh_keys::encoding is removed (use russh_keys::ssh_encoding)

  • russh_keys::signature is removed

  • russh_keys::protocol is removed

  • russh_keys::key::SignatureHash is replaced with russh_keys::HashAlg (ssh_key::HashAlg)

  • russh_keys::key::SignatureBytes is removed

  • russh_keys::key::RsaPrivate is removed (use russh_keys::ssh_key::private::RsaPrivateKey)

  • russh_keys::key::RsaPublic is removed (use russh_keys::ssh_key::public::RsaPublicKey)

  • russh_keys::key::RsaCrtExtra is removed

  • russh_keys::key::Signature is replaced with russh_keys::signature::Signature (signature::Signature)

Features

Fixes

Docs

  • 2dca3c6: Document how to reply to channel requests (#381) (Quentin Santos) #381
Loading

v0.47.0-beta.3

24 Nov 17:27
@github-actions github-actions
v0.47.0-beta.3
ff95994

Choose a tag to compare

View all tags
v0.47.0-beta.3

Breaking changes

russh v0.47 will drop its own data parsing and key handling code in favor of the RustCrypto project's ssh-key (#368) and ssh-encoding (#371) crates. This means there are some breaking changes, which are listed here:

Important for library users

  • russh_keys::key::PublicKey is replaced with russh_keys::PublicKey (ssh_key::PublicKey)

  • russh_keys::key::KeyPair is replaced with russh_keys::PrivateKey (ssh_key::PrivateKey)

  • russh_keys::key::parse_public_key no longer takes a hash algorithm argument as RSA keys are no longer locked down to a specific algorithm internally. RSA key specific hash algorithms are only used in Preferred::key.

  • Key type constants in russh_keys::key and russh_keys::key::Name are removed - use the russh_keys::Algorithm enum instead. Config::preferred::key now also takes russh_keys::Algorithms instead of russh_key::key::Names.

  • russh::client::Handle::authenticate_future is renamed to russh::client::Handle::authenticate_publickey_with

Less important

  • new russh::Error enum variants:

    • Error:Signature
    • Error:SshKey
    • Error:SshEncoding

  • new russh_keys::Error enum variants:

    • Error::Rsa
    • Error::Utf8

  • russh::auth::Signer is now an async_trait

  • russh_keys::ec is removed

  • russh_keys::encoding is removed (use russh_keys::ssh_encoding)

  • russh_keys::signature is removed

  • russh_keys::protocol is removed

  • russh_keys::key::SignatureHash is replaced with russh_keys::HashAlg (ssh_key::HashAlg)

  • russh_keys::key::SignatureBytes is removed

  • russh_keys::key::RsaPrivate is removed (use russh_keys::ssh_key::private::RsaPrivateKey)

  • russh_keys::key::RsaPublic is removed (use russh_keys::ssh_key::public::RsaPublicKey)

  • russh_keys::key::RsaCrtExtra is removed

  • russh_keys::key::Signature is replaced with russh_keys::signature::Signature (signature::Signature)

Features

Fixes

Docs

  • 2dca3c6: Document how to reply to channel requests (#381) (Quentin Santos) #381
Loading

v0.46.0

03 Nov 19:52
@github-actions github-actions
v0.46.0
e7a9ee9

Choose a tag to compare

View all tags
v0.46.0

Changes

  • wasm-support: add wasm support (#351) #351 (irvingouj @ Devolutions)
  • 97dc08b: Support Pageant as agent (#326) #326
  • 26aae26: added named pipe support for AgentClient and AgentClient::dynamic()
  • 8b88465: added AgentClient::into_inner
  • 67a6ba8: Implement streamlocal-forward for remote => local UDS forwarding (#312) (kanpov) #312
  • b9759d4: client channel handling changes - server_channel_open_direct_tcpip, server_channel_open_agent_forward and server_channel_open_session now receive a Channel instead of a ChannelId. Also added should_accept_unknown_server_channel and server_channel_open_unknown callbacks.
  • d6ee97a: new rich NoCommonAlgo error
  • cb8d9e9: fixed #338 - make KeyPair::generate_ed25519 infallible
  • 9444608: Add a way to open an agent forwarding channel (#344) (Thomas Rampelberg) #344
  • ee59e07: Add ed25519 to ALL_KEY_TYPES (#360) (Toni Peter) #360
  • 3f7271b: fixed #358 - relax strict kex checks to match OpenSSH
  • 72aa097: Update deps (#363) (Lucas Kent) #363

Fixes

Loading

v0.45.0

14 Aug 22:07
@github-actions github-actions
v0.45.0
ca5129f

Choose a tag to compare

View all tags
v0.45.0

Changes

  • 4eaa080: added support for the 3des-cbc cipher. As an outdated cipher, it's not included in the defaults list and has to be explicitly enabled.

Improvements

Loading

v0.44.1

14 Aug 21:10
@github-actions github-actions
v0.44.1
ba8bde9

Choose a tag to compare

View all tags
v0.44.1

Security fixes

CVE-2024-43410 - SSH OOM DoS through malicious packet length

It was possible for an attacker to cause Warpgate to allocate an arbitrary amount of memory by sending a packet with a malformed length field, potentially causing the application to get killed due to excessive RAM usage.

Loading

v0.44.0

18 Jul 07:39
@github-actions github-actions
v0.44.0
4178268

Choose a tag to compare

View all tags
v0.44.0

Breaking changes

OpenSSL-free RSA

  • This release adds a default pure-Rust RSA implementation, meaning that you can disable the openssl feature to reduce your app size and improve portability and build speed.
  • RSA is now enabled by default in Preferred::DEFAULT when the openssl feature is disabled.

Preferred algorithms config changes - 77cc2f7

  • The fields specifying cipher algorithms in Preferred are now Cow<&'static, [Name]> instead of &'static [Name], allowing you to dynamically construct the lists. If you're using custom algorithm lists, you'll need to update your code:
  config.preferred = Preferred {
-   kex: &[CURVE25519],
+   kex: Cow::Borrowed(&[CURVE25519]),
    ..<_>::default()
  }
  • The type of Preferred::compression items is now russh::compression::Name instead of String.
  • All Name structs now implement TryFrom<&'static str> which will validate that the named algorithm is actually implemented in the library.
  • There are now companion algorithm lists to choose from dynamically: russh_keys::key::ALL_KEY_TYPES, russh::kex::ALL_KEX_ALGORITHMS, russh::cipher::ALL_CIPHERS, russh::compression::ALL_COMPRESSION_ALGORITHMS and russh::mac::ALL_MAC_ALGORITHMS.

Incorrect Ed25519 PKCS#8 key saving

  • Up to v0.43, russh-keys has generated incorrect key format when saving Ed25519 keys in PKCS#8 format. This is fixed in v0.44 but by default, v0.44 will fail to parse keys generated in v0.43.
  • To allow v0.44 to parse these keys, enable the legacy-ed25519-pkcs8-parser feature of the russh-keys crate.

Other changes

  • 3bfd99f: ecdh-sha2-nistp{256,384,521} kex support (#282) (Michael Gleason) #282
  • 800969b: Implement -cbc ciphers. (#297) (Pierre Barre) #297
  • 1eaadfb: Add support for glob pattern matching in Host directives (#306) (Adam Chappell) #306
  • 88196a7: allow converting ChannelId into u32

Fixes

Loading

v0.44.0-beta.4

16 Jul 19:08
@github-actions github-actions
v0.44.0-beta.4
64c9b1a

Choose a tag to compare

View all tags
v0.44.0-beta.4 Pre-release
Pre-release

Changes

Incorrect Ed25519 PKCS#8 key saving

  • Up to v0.43, russh-keys has generated incorrect key format when saving Ed25519 keys in PKCS#8 format. This is fixed in v0.44 but by default, v0.44 will fail to parse keys generated in v0.43.
  • To allow v0.44 to parse these keys, enable the legacy-ed25519-pkcs8-parser feature of the russh-keys crate.
Loading

v0.44.0-beta.3

09 Jul 20:25
@github-actions github-actions
v0.44.0-beta.3
3d4fed1

Choose a tag to compare

View all tags
v0.44.0-beta.3 Pre-release
Pre-release

Preferred algorithms config changes

  • 77cc2f7: algorithm names QoL changes

  • The fields specifying cipher algorithms in Preferred are now Cow<&'static, [Name]> instead of &'static [Name], allowing you to dynamically construct the lists. If you're using custom algorithm lists, you'll need to update your code:

  config.preferred = Preferred {
-   kex: &[CURVE25519],
+   kex: Cow::Borrowed(&[CURVE25519]),
    ..<_>::default()   
  }
  • The type of Preferred::compression items is now russh::compression::Name instead of String.
  • All Name structs now implement TryFrom<&'static str> which will validate that the named algorithm is actually implemented in the library.
  • There are now companion algorithm lists to choose from dynamically: russh_keys::key::ALL_KEY_TYPES, russh::kex::ALL_KEX_ALGORITHMS, russh::cipher::ALL_CIPHERS, russh::compression::ALL_COMPRESSION_ALGORITHMS and russh::mac::ALL_MAC_ALGORITHMS.

Changes

  • 3bfd99f: ecdh-sha2-nistp{256,384,521} kex support (#282) (Michael Gleason) #282
  • 800969b: Implement -cbc ciphers. (#297) (Pierre Barre) #297
  • 1eaadfb: Add support for glob pattern matching in Host directives (#306) (Adam Chappell) #306
  • 88196a7: allow converting ChannelId into u32

Fixes

Loading