Core Shell 3.6 – OpenSSH 8.8 and Nerd Fonts

The codebase of embedded OpenSSH has been updated to version 8.8. See Core Shell 3.6 – OpenSSH 8.8 and Nerd Fonts - #2 by yang for the OpenSSH changes.


  • Add a new LogVerbose configuration directive, this option is intended for OpenSSH debugging and is not enabled by default.
  • Add a PermitRemoteOpen option that allows the client to restrict the destination when reverse dynamic forwarding is used with SOCKS.
  • Add a KnownHostsCommand option that allows the client to obtain known_hosts data from a command in addition to the usual files.
  • Embedding Nerd Fonts (@fastzombies #3287/10).


  • Rename the PubkeyAcceptedKeyTypes directive to PubkeyAcceptedAlgorithms in advanced options.
  • Similarly, rename HostbasedKeyTypes to HostbasedAcceptedAlgorithms.
  • Remove ChallengeResponseAuthentication directive in favour of KbdInteractiveAuthentication.
  • Always display fingerprint context while prompting user to confirm host key (@kaffeeundsalz #3645.
  • The default font changed to the embedded Hack Nerd Font Mono.
  • Specifies the port number to connect on the remote host explicitly in equivalent command (@liushuai #3662).


Special thanks to Jonathan Groves (@jonathangroves), Alex Bartl (@alexbartl), @kaffeeundsalz, @fastzombies and Shuai Liu (@liushuai) for helping this release.

1 Like

OpenSSH Changes since Version 8.4

For detailed release notes of OpenSSH, please refer to OpenSSH: Release Notes

Potentially-incompatible changes

  • This release changes the first-preference signature algorithm from ECDSA to ED25519.
  • Set the TOS/DSCP specified in the configuration for interactive use prior to TCP connect. The connection phase of the SSH session is time-sensitive and often explicitly interactive. The ultimate interactive/bulk TOS/DSCP will be set after authentication completes.
  • Remove the pre-standardization cipher It is an alias for aes256-cbc before it was standardized in RFC4253 (2006), has been deprecated and disabled by default since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001.
  • Update/replace the experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime coupled with X25519. The previous method is replaced with Per its designers, the sntrup4591761 algorithm was superseded almost two years ago by sntrup761.
  • Disable CheckHostIP by default. It provides insignificant benefits while making key rotation significantly more difficult, especially for hosts behind IP-based load-balancers.

New features

  • This release enables UpdateHostkeys by default subject to some conservative preconditions:
    • The key was matched in the UserKnownHostsFile (and not in the GlobalKnownHostsFile).
    • The same key does not exist under another name.
    • A certificate host key is not in use.
    • known_hosts contains no matching wildcard hostname pattern.
    • VerifyHostKeyDNS is not enabled.
    • The default UserKnownHostsFile is in use.
  • Allow the ssh_config(5) CanonicalizePermittedCNAMEs directive to accept a "none" argument to specify the default behaviour.
  • Add a new LogVerbose configuration directive for that allows forcing maximum debug logging by file/function/line pattern-lists.
  • When prompting the user to accept a new hostkey, display any other host names/addresses already associated with the key.
  • Allow UserKnownHostsFile=none to indicate that no known_hosts file should be used to identify host keys.
  • Add a ssh_config KnownHostsCommand option that allows the client to obtain known_hosts data from a command in addition to the usual files.
  • Add a ssh_config PermitRemoteOpen option that allows the client to restrict the destination when RemoteForward is used with SOCKS.
  • For FIDO keys, if a signature operation fails with a "incorrect PIN" reason and no PIN was initially requested from the user, then request a PIN and retry the operation. This supports some biometric devices that fall back to requiring PIN when reading of the biometric failed, and devices that require PINs for all hosted credentials.
  • Use the new extension (when available) to select better transfer lengths in the client.


  • When requesting a FIDO token touch on stderr, inform the user once the touch has been recorded.
  • Prevent integer overflow when ridiculously large ConnectTimeout values are specified, capping the effective value (for most platforms) at 24 days. bz#3229
  • Consider the ECDSA key subtype when ordering host key algorithms in the client.
  • Rename the PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. The previous name incorrectly suggested that it control allowed key algorithms, when this option actually specifies the signature algorithms that are accepted. The previous name remains available as an alias. bz#3253
  • Similarly, rename HostbasedKeyTypes to HostbasedAcceptedAlgorithms.
  • More strictly enforce KEX state-machine by banning packet types once they are received. Fixes memleak caused by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
  • When doing an sftp recursive upload or download of a read-only directory, ensure that the directory is created with write and execute permissions in the interim so that the transfer can actually complete, then set the directory permission as the final step. bz#3222
  • Ignore comments at the end of config lines in ssh_config, similar to what we already do for sshd_config. bz#2320
  • Fix potential integer truncation of (unlikely) timeout values. bz#3250
  • Make hostbased authentication send the signature algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on signature algorithm and not key type.
  • Ensure that pkcs11_del_provider() is called before exit. GHPR234
  • Fix problems in string->argv conversion. Multiple backslashes were not being dequoted correctly and quoted space in the middle of a string was being incorrectly split. GHPR223
  • Return non-zero exit status when killed by signal; bz#3281
  • Start time-based re-keying exactly on schedule in the client and server mainloops. Previously the re-key timeout could expire but re-keying would not start until a packet was sent or received, causing a spin in select() if the connection was quiescent.
  • Remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as a deprecated alias so configuration files continue to work as well as a reference in the man page for people looking for it. bz#3303
  • Fix decoding of X.509 subject name when extracting a key from a PKCS#11 certificate. bz#3327
  • Sessions started with ControlPersist were incorrectly executing a shell when the -N (no shell) option was specified. bz#3290
  • Fix debug message when finding a private key to match a certificate being attempted for user authentication. Previously it would print the certificate's path, whereas it was supposed to be showing the private key's path. GHPR247
  • Add a workaround for a bug in OpenSSH 7.4 sshd(8), which allows RSA/SHA2 signatures for public key authentication but fails to advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse to offer valid keys. bz#3213
  • Allow ssh_config SetEnv to override $TERM, which is otherwise handled specially by the protocol. Useful in ~/.ssh/config to set TERM to something generic (e.g. "xterm" instead of "xterm-256color") for destinations that lack terminfo entries.
  • Fix SEGV in UpdateHostkeys debug() message, triggered when the update removed more host keys than remain present.