Overview

Apache Mina SSHD 2.12.0 contains a number of enhancements and bug-fixes. See the lists at the GitHub issue tracker.

Bug Fixes

• GH-428/GH-392 SCP client fails silently when error signalled due to missing file or lacking permissions
• GH-434 Ignore unknown key types from agent or in OpenSSH host keys extension

New Features

• GH-429 Support GIT protocol-v2
• GH-445 OpenSSH “strict key exchange” protocol extension (CVE-2023-48795 mitigation)

Behavioral changes and enhancements

New ScpTransferEventListener callback method

Following GH-428/GH-392 a new handleReceiveCommandAckInfo method has been added to enable users to inspect acknowledgements of a receive related command. The user is free to inspect the command that was attempted as well as the response code and decide how to handle it - including even throwing an exception if OK status (if this makes sense for whatever reason). The default implementation checks for ERROR code and throws an exception if so.

OpenSSH protocol extension: strict key exchange

GH-445 implements an extension to the SSH protocol introduced in OpenSSH 9.6. This “strict key exchange” extension hardens the SSH key exchange against the “Terrapin attack” (CVE-2023-48795). The extension is active if both parties announce their support for it at the start of the initial key exchange. If only one party announces support, it is not activated to ensure compatibility with SSH implementations that do not implement it. Apache MINA sshd clients and servers always announce their support for strict key exchange.

Getting the Distributions

• Source distributions:
  • Apache Mina SSHD 2.12.0 Sources (.tar.gz) PGP SHA512
  • Apache Mina SSHD 2.12.0 Sources (.zip) PGP SHA512
• Binary distributions:
  • Apache Mina SSHD 2.12.0 Binary (.tar.gz) PGP SHA512
  • Apache Mina SSHD 2.12.0 Binary (.zip) PGP SHA512

Please report any feedback to users@mina.apache.org.