14 DAY TRIAL // The OpenBSD Project announced the immediate availability for download of the first point release of the OpenSSH 7 and Portable OpenSSH 7 open-source SSH (Secure Shell) protocol 2.0 implementations.
According to the brief release notes, OpenSSH 7.1 is a bugfix release that fixes a security flow in sshd (the SSH daemon), which could allow access to the root account using a password while preventing other types of authentication.
Moreover, compatibility workarounds for FuTTY have been added to ssh and sshd, the compatibility workarounds for WinScp for ssh and sshd have been refined, and a number of memory blunders have been fixed in ssh and ssh-keygen components.
"OpenSSH 7.1 has just been released. [...] OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time," reads the announcement.
In the upcoming maintenance release of the OpenSSH project, OpenBSD promises to deprecate even more legacy cryptography, including disabling MD5-based HMAC algorithms by default, disabling the cast128-cbc, blowfish-cbc, the rijndael-cbc aliases and all arcfour variants for AES by default, as well as to refuse all RSA keys that are smaller than 1024 bits.
Download OpenSSH 7.1 and Portable OpenSSH 7.1p1 right now from Softpedia, where they're distributed as source archives that need to be compiled. For binary packages, please check the official software repositories of your GNU/Linux operating system.