Secure Shell (stable) updated to 0.72
11 views
Skip to first unread message
Mike Frysinger
Jan 4, 2026, 8:06:26 PM (6 days ago) Jan 4
to chromium-hterm
there's a lot of internal rework here too to try and modernize the codebase, but the OpenSSH upgrade is def the big change.
# 0.72, 2026-01-05, OpenSSH 9.9 upgrade & lots of internal rework.
* command: Display nassh build info rather than hterm.
* wasi-js-bindings: Use JSPI in Program.run when available.
* Increase standards version to ES2021.
* wassh: vfs: Delay handle closing with duped file descriptors.
* l10n: Update translations.
* command: Use lib.Storage API consistently for sessionStorage.
* nasftp: Pass getFileWriter size via options.
* wassh: vfs: Rename fs_flags to fdflags to match WASI.
* wasi-js-bindings: handle_random_get: Fix typed array type.
* wasi-js-bindings: proc_{exit,raise}: Switch return typing to throw.
* wassh: handle_fd_pwrite: Fix buf/offset naming swap.
* wasi-js-bindings: Fix generator type.
* wasi-js-bindings: clock_{res,time}_get: Drop number return support.
* popup: Restore border after profiles.
* licenses: Include hterm 3rd party code too.
* wasi-js-bindings: Add helper for encoding into SharedArrayBuffers.
* sshagent relay stream: Rewrite as ES6 class.
* sshagent stream: Rewrite as ES6 class.
* sockets: Fix cleanup crash when APIs are unavailable.
* streams: Drop unused path property.
* streams: Rename asyncWrite to plain write.
* streams: Change asyncWrite into async.
* streams: Drop asyncWrite callback.
* streams: Rename asyncOpen to plain open.
* streams: Refactor asyncOpen into async/promises.
* licenses: Rename to include "_main" suffix.
* relay: Rename to include "_main" suffix.
* crosh: Rename to include "_main" suffix.
* popup: Rename to include "_main" suffix.
* wasi-js-bindings: Switch Program.run to async.
* command: Stop exporting CommandInstanceArgv.
* command: Drop unused commandName.
* crosh: Drop unused croshBuiltinId constant.
* contextMenus: Refactor logic into its own class.
* background: Drop app->ext settings migrations.
* background: Drop localStorage migration.
* browserAction: Drop all usage.
* browserAction: Refactor logic into its own class.
* omnibox: Refactor logic into its own class.
* openssh: Update to 9.4, 9.5, 9.6, 9.7, 9.8, and 9.9.
* wasm: Drop beta notice.
* mosh: Initial wasm version of client.
* protobuf: Import 3.8.0 for mosh.
* ssh_client: Increase stacksize significantly.
* connect: Localize the [New Connection] label.
* mosh: Drop NaCl integration.
* wassh-libc-sup: Stub out iface helpers.
* openssl: Update to 1.1.1w.
* wabt: Update to 1.0.37.
* openssh: Switch ssh-agent back to UNIX socket.
* wassh-libc-sup: Add getpwuid_r stub.
* wassh: Handle path-based AF_UNIX requests.
* sockets: Add --field-trial-direct-sockets to force Direct Sockets.
* command: Display nassh build info rather than hterm.
* wasi-js-bindings: Use JSPI in Program.run when available.
* Increase standards version to ES2021.
* wassh: vfs: Delay handle closing with duped file descriptors.
* l10n: Update translations.
* command: Use lib.Storage API consistently for sessionStorage.
* nasftp: Pass getFileWriter size via options.
* wassh: vfs: Rename fs_flags to fdflags to match WASI.
* wasi-js-bindings: handle_random_get: Fix typed array type.
* wasi-js-bindings: proc_{exit,raise}: Switch return typing to throw.
* wassh: handle_fd_pwrite: Fix buf/offset naming swap.
* wasi-js-bindings: Fix generator type.
* wasi-js-bindings: clock_{res,time}_get: Drop number return support.
* popup: Restore border after profiles.
* licenses: Include hterm 3rd party code too.
* wasi-js-bindings: Add helper for encoding into SharedArrayBuffers.
* sshagent relay stream: Rewrite as ES6 class.
* sshagent stream: Rewrite as ES6 class.
* sockets: Fix cleanup crash when APIs are unavailable.
* streams: Drop unused path property.
* streams: Rename asyncWrite to plain write.
* streams: Change asyncWrite into async.
* streams: Drop asyncWrite callback.
* streams: Rename asyncOpen to plain open.
* streams: Refactor asyncOpen into async/promises.
* licenses: Rename to include "_main" suffix.
* relay: Rename to include "_main" suffix.
* crosh: Rename to include "_main" suffix.
* popup: Rename to include "_main" suffix.
* wasi-js-bindings: Switch Program.run to async.
* command: Stop exporting CommandInstanceArgv.
* command: Drop unused commandName.
* crosh: Drop unused croshBuiltinId constant.
* contextMenus: Refactor logic into its own class.
* background: Drop app->ext settings migrations.
* background: Drop localStorage migration.
* browserAction: Drop all usage.
* browserAction: Refactor logic into its own class.
* omnibox: Refactor logic into its own class.
* openssh: Update to 9.4, 9.5, 9.6, 9.7, 9.8, and 9.9.
* wasm: Drop beta notice.
* mosh: Initial wasm version of client.
* protobuf: Import 3.8.0 for mosh.
* ssh_client: Increase stacksize significantly.
* connect: Localize the [New Connection] label.
* mosh: Drop NaCl integration.
* wassh-libc-sup: Stub out iface helpers.
* openssl: Update to 1.1.1w.
* wabt: Update to 1.0.37.
* openssh: Switch ssh-agent back to UNIX socket.
* wassh-libc-sup: Add getpwuid_r stub.
* wassh: Handle path-based AF_UNIX requests.
* sockets: Add --field-trial-direct-sockets to force Direct Sockets.
-mike
Maciej Żenczykowski
Jan 5, 2026, 3:49:07 AM (6 days ago) Jan 5
to Mike Frysinger, chromium-hterm
I have some old/ancient openwrt devices that require
-oHostKeyAlgorithms=+ssh-dss,ssh-rsa
-oKexAlgorithms=+diffie-hellman-group1-sha1 -oCiphers=+aes256-cbc -A
these now fail with:
Connecting to root@router....
command-line line 0: Bad key types '+ssh-dss,ssh-rsa'.
> --
> You received this message because you are subscribed to the Google Groups "chromium-hterm" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to chromium-hter...@chromium.org.
> To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/CAAbOSckAhUHWFt7LotpfBa7Rc7OQS%3D1Jh_oMD%3D0EfHwp7pd-4g%40mail.gmail.com.
--
Maciej Żenczykowski, Kernel Networking Developer @ Google
-oHostKeyAlgorithms=+ssh-dss,ssh-rsa
-oKexAlgorithms=+diffie-hellman-group1-sha1 -oCiphers=+aes256-cbc -A
these now fail with:
Connecting to root@router....
command-line line 0: Bad key types '+ssh-dss,ssh-rsa'.
> You received this message because you are subscribed to the Google Groups "chromium-hterm" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to chromium-hter...@chromium.org.
> To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/CAAbOSckAhUHWFt7LotpfBa7Rc7OQS%3D1Jh_oMD%3D0EfHwp7pd-4g%40mail.gmail.com.
--
Maciej Żenczykowski, Kernel Networking Developer @ Google
Mike Frysinger
Jan 5, 2026, 9:11:57 AM (5 days ago) Jan 5
to Maciej Żenczykowski, chromium-hterm
this is to be expected. OpenSSH is removing them on all platforms. we won't be reverting such changes. see the Future deprecation notice section:
since it's currently a compile time option, I don't mind enabling it. but we'll be upgrading to OpenSSH 10 in the next extension build, so that wouldn't really help you.
we've been quietly shipping an 8.6 version in every release that you could try.
--ssh-client-version=wasm-openssh-8.6
-mike
Maciej Żenczykowski
Jan 5, 2026, 9:37:08 AM (5 days ago) Jan 5
to Mike Frysinger, chromium-hterm
On Mon, Jan 5, 2026 at 3:11 PM Mike Frysinger <vap...@chromium.org> wrote:
>
> this is to be expected. OpenSSH is removing them on all platforms. we won't be reverting such changes. see the Future deprecation notice section:
> https://www.openssh.org/txt/release-9.9
>
> since it's currently a compile time option, I don't mind enabling it. but we'll be upgrading to OpenSSH 10 in the next extension build, so that wouldn't really help you.
>
> we've been quietly shipping an 8.6 version in every release that you could try.
> --ssh-client-version=wasm-openssh-8.6
Well, that works, or at least it doesn't throw an error, I don't have
>
> this is to be expected. OpenSSH is removing them on all platforms. we won't be reverting such changes. see the Future deprecation notice section:
> https://www.openssh.org/txt/release-9.9
>
> since it's currently a compile time option, I don't mind enabling it. but we'll be upgrading to OpenSSH 10 in the next extension build, so that wouldn't really help you.
>
> we've been quietly shipping an 8.6 version in every release that you could try.
> --ssh-client-version=wasm-openssh-8.6
the actual device to test against here with me.
Perhaps compile enable it in 9.9, and then leave a
--ssh-client-version=wasm-openssh-9.9 around for when 10 (or whatever)
kills the code entirely?
I'm just asking that there is *some* way to keep these old
(non-internet accessible) devices usable. They'll probably still be
around for another good few years to a decade.
Mike Frysinger
Jan 7, 2026, 9:08:34 PM (3 days ago) Jan 7
to Maciej Żenczykowski, chromium-hterm
i ended up enabling the compile-time option for 9.8 & 9.9. it should be in tomorrow's dev channel build, and i'll prob kick 0.73 out next week.
-mike
Maciej Żenczykowski
Jan 8, 2026, 2:38:08 AM (3 days ago) Jan 8
to Mike Frysinger, chromium-hterm
Thanks for doing this!
Reply all
Reply to author
Forward
0 new messages