Category: wolfSSH

Did you know wolfSSH can use X.509 certificates in place of SSH public keys? wolfSSH supports RFC 6187, “X.509v3 Certificates for Secure Shell Authentication”. This uses wolfSSL’s certificate management for TLS, so the certificates may be checked against CRLs and OCSP. wolfSSH has been used in applications as a server where it needed to validate […]

Read MoreMore Tag

Recently, Qualys found an exploit in OpenSSH’s sshd server application that they named regreSSHion. This exploit lets attackers run arbitrary code by exploiting a race condition in a signal handler. wolfSSH is not a port or fork of OpenSSH. It is written from scratch by wolfSSL Inc. While wolfSSHd is using the same alarm signal […]

Read MoreMore Tag

It is Christmas in July! The summer release of wolfSSH is here, version 1.4.18! Version 1.4.18 brings with it bug fixes, new features, and some enhancements as well! New features in this release include new algorithms and a memory configuration option. We also have a nice round of enhancements which range from channel setup callbacks, […]

Read MoreMore Tag

Affected Users: Anyone using wolfSSH server versions prior to release v1.4.17. Summary: It is possible for a malicious client to bypass user authentication when logging into a wolfSSH server. The wolfSSH server was not rigorous about checking the current state of the key exchange when handling channel open messages. wolfSSH’s example echoserver and the wolfSSHd […]

Read MoreMore Tag

wolfSSH is following the industry common practice of removing SHA-1 as a default configuration option. SHA-1 has been considered broken for a while now and shouldn’t be used for security purposes. [RFC 8332](https://datatracker.ietf.org/doc/html/rfc8332) recognizes this for the SSH protocol and offers new RSA-based algorithms for signing authentication messages. In the wolfSSH v1.4.15 release, we were […]

Read MoreMore Tag

wolfSSH has several useful features that were introduced in this most recent release. We have made wolfSSH builds for various systems better and easier. This includes changes to configuration scripts and modifying code to work with various compiler quirks. We’ve made building wolfSSH for Nucleus, QNX, Windows, and ESP32 builds better. And we’ve fixed an […]

Read MoreMore Tag

wolfSSH now has Curve25519 support as of version 1.4.17! Go ahead and download it today. You’ll need both wolfSSL and wolfSSH. Here are instructions to get this up and running to try out yourself. Compile wolfSSL with support for wolfSSH and Curve25519. $ cd wolfssl $ ./configure –enable-wolfssh –enable-curve25519 $ make all $ sudo make […]

Read MoreMore Tag

The wolfSSH 1.4.15 release includes brand new support for the Zephyr RTOS. wolfSSH is a lightweight SSH library designed for embedded systems. It is a performant and low footprint solution, making it an ideal choice for IoT devices. The Zephyr RTOS is an open-source, scalable, and flexible real-time operating system tailored for resource-constrained devices. Its […]

Read MoreMore Tag

Not long ago, we announced preview support for new Espressif Managed Components. This is in addition to the core wolfssl managed component. Today you can add SSH capabilities to your toolbox by visiting this link: https://components.espressif.com/components/wolfssl/wolfssh If the ESP Registry page does not fully load with all the text, try holding down the “ctrl” key […]

Read MoreMore Tag