Breaking changes

Changes in the Handler traits

859e685: refactor Handler trait to use mutable reference instead of owned variables (Alessandro Ricottone) #247

The Handler traits no longer take ownership of both self and Session or have to return them. These have been replaced with normal &mut references.

You will need to update your Handler impls to match the new method signatures, for example:

     async fn channel_open_session(
-        self,
+        &mut self,
         channel: Channel<Msg>,
-        session: Session,
+        session: &mut Session,
-    ) -> Result<(Self, bool, Session), Self::Error> {
+    ) -> Result<bool, Self::Error> {
         ...
-        Ok((self, true, session))
+        Ok(true)
     }
 
     async fn auth_publickey(
-        self,
+        &mut self,
         _: &str,
         _: &key::PublicKey,
-    ) -> Result<(Self, server::Auth), Self::Error> {
+    ) -> Result<server::Auth, Self::Error> {
         ...
-        Ok((self, server::Auth::Accept))
+        Ok(server::Auth::Accept)
     }

russh::server::run moved into the Server trait

a592366: Move run and run_on_socket to Server trait (Alessandro Ricottone) #247

You'll need to replace the call to run with a call to Server::run_on_address, for example:

-    russh::server::run(config, ("0.0.0.0", 2222), &mut server).await?;
+    server.run_on_address(config, ("0.0.0.0", 2222)).await?;
 }
 

Changes

• 1d7dab8: Better disconnect event handling (Adrian Müller) #255 - added Handler::disconnected
• 45edb29: added specific error types for keepalive and inactivity timeouts
• 0fcb1ec: Allow retrieving peer SSH Protocol Version String (#260) (Adrian Müller (DTT)) #260
• 5c60d30: Actually process global request results (Adrian Müller) #250
• dcbe4ba: update examples to new APIs (Alessandro Ricottone) #249

Fixes

• 62366e9: #259, #245, ref #227 - fixed host key algo selection when Preferred::key and the available host keys don't match (#262) #262

Breaking changes

Changes in the Handler traits

859e685: refactor Handler trait to use mutable reference instead of owned variables (Alessandro Ricottone) #247

The Handler traits no longer take ownership of both self and Session or have to return them. These have been replaced with normal &mut references.

You will need to update your Handler impls to match the new method signatures, for example:

     async fn channel_open_session(
-        self,
+        &mut self,
         channel: Channel<Msg>,
-        session: Session,
+        session: &mut Session,
-    ) -> Result<(Self, bool, Session), Self::Error> {
+    ) -> Result<bool, Self::Error> {
         ...
-        Ok((self, true, session))
+        Ok(true)
     }
 
     async fn auth_publickey(
-        self,
+        &mut self,
         _: &str,
         _: &key::PublicKey,
-    ) -> Result<(Self, server::Auth), Self::Error> {
+    ) -> Result<server::Auth, Self::Error> {
         ...
-        Ok((self, server::Auth::Accept))
+        Ok(server::Auth::Accept)
     }

russh::server::run moved into the Server trait

a592366: Move run and run_on_socket to Server trait (Alessandro Ricottone) #247

You'll need to replace the call to run with a call to Server::run_on_address, for example:

-    russh::server::run(config, ("0.0.0.0", 2222), &mut server).await?;
+    server.run_on_address(config, ("0.0.0.0", 2222)).await?;
 }
 

Changes

• 2ce82f2: Support for NIST P-521 public keys (akeamc) #230
• 8f6af5e: Support for diffie-hellman-group16-sha512 hex (Brendon Ho) #233
• 273fd88: Add russh::server::run_on_socket to facilitate dropping privileges immediately after socket binding (Samuel Ainsworth) #231
• be6f5be: implement Ord, PartialOrd for ChannelId (Sherlock Holo) #238

Fixes

• b9dce87: Improve keepalive and inactivity timers (Milo Mirate) #214
• 1541fe5: Analogous keepalive fixes to the client module (Samuel Ainsworth) #243
• bd13e95: Avert the race between sending data and sending EOF (Milo Mirate) #222
• 44a2392: server/encrypted.rs: respect proceed_with_methods in "none" and "password" authentication methods (Samuel Ainsworth) #241
• 42c98a6: fixed #227 - only advertise host key algos for host keys present in server::Config

Security fixes

CVE-2023-48795 - Terrapin Attack [a355c62]

A flaw in the SSH protocol itself allows an active MitM attacker to prevent the client & server from negotiating OpenSSH security extensions, or, with AsyncSSH, take control of the user's session.

This release adds the support for the kex-strict-*[email protected] extensions designed by OpenSSH specifically to prevent this attack.

More info: https://terrapin-attack.com

Changes

• Explicitly set minimum supported Rust version (1.65)

Breaking changes

• acd744a: ChannelStream rebuild (Maya the bee) #181
  • ChannelStream is now generic over the same type as the parent Channel
  • You can now obtain separate AsyncRead and AsyncWrite handles for a channel, as well as its extended streams with make_reader(_ext) and make_writer(_ext).

Changes

• 92660ef: Support for NIST P-256 public keys (George Hopkins) #208
• 4a683d2: Add client-sent keepalives (Milo Mirate) #196
• c4a0688: Add method to read known host key (George Hopkins) #205
• 7c03dd9: add sftp client example (Roman) #184
• 3463ed0: Fix ChannelMsg::Close docs (Lucas Kent) #212
• cd59590: Added client-side inactivity timeout (Adrian Müller) #211
• c0f3458: added Server::handle_session_error and session closure logging

Fixes

• d0908de: fixed #218 - fixed padding calculation, AES-GCM rekey and hmac-sha2-256(-etm) MAC
• 52e5eaa: Use ChannelMsg::WindowAdjusted during data transfer (Joe Grund) #180
• e81db83: Make winapi dep windows only (Lucas Kent) #195
• a904a08: Fix handling of key constraints (George Hopkins) #203
• 72afa2b: Reduce busywaiting in ChannelStream components (Milo Mirate) #197
• 9c25fa2: Support hashed hostnames in known_hosts file (George Hopkins) #200
• c66f4b0: fixed #198 - agent server - ed25519 key parsing

Breaking changes

• The behaviour or server::Handler::auth_publickey method has been changed.
  • Previously, this method was called before the public key's signature was verified and if you didn't pay attention to the documentation, your application might interpret this call as a successful public key authentication. In reality, it's only meant to decide whether to accept the public key offer from the client or not.
  • Now, the method is called after the signature is verified and the return value is used to decide whether to accept the authentication or not.
  • The old method has been renamed to auth_publickey_offer and will accept all offers by default.
  • If you have not relied on the incorrect interpretation of auth_publickey method, no action is needed.
  • If you explicitly want to control whether public key offers are accepted or not, additionally implement auth_publickey_offer.
  • N.B.: In OpenSSH, the difference in user experience between rejecting a public key offer and rejecting a public key authentication is whether the key passphrase prompt has been shown.

Breaking changes

• d97cfcc: #158 - removed unsafe key exchanges from default algorithm list when the openssl feature is disabled
• ae95df8: #171 - removed unsafe none HMAC from the default algorithm list
• 6606e28: #141 - renamed Config::connection_timeout to Config::inactivity_timeout to better reflect its purpose
• eb6fee2: support RFC8731 name of curve25519-sha256 kex (Jan Christian Grünhage) #158
• CURVE25519 is now curve25519-sha256 instead of [email protected]
• [email protected] is still available as CURVE25519_PRE_RFC_8731
• 531fe30: Error::UnsupportedKeyType now holds a String (Lucas Kent) #161

Changes

• 359fa3c: fixed #100 - allow overriding Handler methods without losing Channel functionality
• 87245b5: Support ssh clients without RFC 8308 extension negotation mechanism (Mateusz Kondej) #153
• 576c691: Trait method to add conditions for SSH agent server when accepting requests for operations (Saksham Mittal) #166
• 84264b3: Use negotiated kex instead of prefered (Raphael Druon) #174
• 973dee5: only send enabled key algos in server-sig-algs
• 5d82dcb: Update dependencies (Lucas Kent) #169
• 8c8b064: removed EXTENSION_SUPPORT_AS_x from explicit kex list
• 43edc32: fixed #172 - update ed25519-dalek #173

Security fixes

CVE-2023-28113 [45d2d82]

A malicious client/server could negotiate insecure Diffie-Hellman key exchange parameters in way that leads to an insecure shared secret and breaks confidentiality of the connection traffic.

Breaking changes

• 2ce4334: removed the Session::id method
• bd4113d: unsafe Diffie-Hellman key exchange algorithms are now disabled by default - you can reenable them in your Config struct.

Changes

• 6748879: Keyboard-interactive auth support as client (Joshua Benz) #147
• 56c8ff6: initial client support for UNIX socket forwarding (direct-streamlocal) (mllken)

Fixes

• 424e88e: fix #143: handle CHANNEL_OPEN_FAILURE on server side (Swelio) #144