Go to file
Petr Cerny 6c861e0b33 Accepting request 433779 from home:pcerny:factory
- remaining patches that were still missing
  since the update to 7.2p2 (FATE#319675):
  [openssh-7.2p2-disable_openssl_abi_check.patch]
- fix forwarding with IPv6 addresses in DISPLAY (bnc#847710)
  [openssh-7.2p2-IPv6_X_forwarding.patch]
- ignore PAM environment when using login
  (bsc#975865, CVE-2015-8325)
  [openssh-7.2p2-ignore_PAM_with_UseLogin.patch]
- limit accepted password length (prevents possible DoS)
  (bsc#992533, CVE-2016-6515)
  [openssh-7.2p2-limit_password_length.patch]
- Prevent user enumeration through the timing of password
  processing (bsc#989363, CVE-2016-6210)
  [openssh-7.2p2-prevent_timing_user_enumeration.patch]
- Add auditing for PRNG re-seeding
  [openssh-7.2p2-audit_seed_prng.patch]

OBS-URL: https://build.opensuse.org/request/show/433779
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=113
2016-10-07 15:57:29 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
cavs_driver-ssh.pl Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
openssh-7.2p2-additional_seccomp_archs.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-allow_DSS_by_default.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-allow_root_password_login.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-audit_seed_prng.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-audit.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-blocksigalrm.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-disable_openssl_abi_check.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-disable_short_DH_parameters.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-dont_use_pthreads_in_PAM.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-eal3.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-enable_PAM_by_default.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-fips.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-gssapi_key_exchange.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-host_ident.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-hostname_changes_when_forwarding_X.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-ignore_PAM_with_UseLogin.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-IPv6_X_forwarding.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-lastlog.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-ldap.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-limit_password_length.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-login_options.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-no_fork-no_pid_file.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-pam_check_locks.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-prevent_timing_user_enumeration.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-pts_names_formatting.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-remove_xauth_cookies_on_exit.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-seccomp_getuid.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-seccomp_stat.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-seed-prng.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-send_locale.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-sftp_force_permissions.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-sftp_homechroot.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-X11_trusted_forwarding.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-X_forward_with_disabled_ipv6.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2.tar.gz Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
openssh-7.2p2.tar.gz.asc - fixed url, added gpg signature 2016-07-25 13:47:29 +00:00
openssh-askpass-gnome.changes - fixed url, added gpg signature 2016-07-25 13:47:29 +00:00
openssh-askpass-gnome.spec Accepting request 428544 from home:pcerny:factory 2016-09-18 23:04:18 +00:00
openssh.changes Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh.spec Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
README.FIPS Accepting request 432093 from home:pcerny:factory 2016-09-30 20:34:19 +00:00
README.kerberos OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
README.SUSE Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
ssh-askpass Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
ssh.reg OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
sshd-gen-keys-start Accepting request 199679 from home:pcerny:factory 2013-09-19 04:09:33 +00:00
sshd.fw OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=7 2007-07-27 00:01:43 +00:00
sshd.init Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
sshd.pamd Accepting request 199679 from home:pcerny:factory 2013-09-19 04:09:33 +00:00
sshd.service Accepting request 222365 from home:pcerny:factory 2014-02-14 14:54:10 +00:00
sysconfig.ssh Accepting request 88642 from home:pcerny:factory 2011-10-19 02:18:13 +00:00

This is OpenSSH version 7.2p2 for SLE12

There are following changes in default settings of ssh client and server:

* Accepting and sending of locale environment variables in protocol 2 is
  enabled.

* PAM authentication is enabled.

* root authentiation with password is enabled by default (PermitRootLogin yes).
  NOTE: this has security implications and is only done in order to not change
  behaviour of the server in an update. We strongly suggest setting this option
  either "prohibit-password" or even better to "no" (which disables direct
  remote root login entirely).

* SSH protocol version 1 is enabled for maximum compatibility.
  NOTE: do not use protocol version 1. It is less secure then v2 and should
  generally be phased out.

* DSA authentication is enabled by default for maximum compatibility.
  NOTE: do not use DSA authentication since it is being phased out for a reason
  - the size of DSA keys is limited by the standard to 1024 bits which cannot
  be considered safe any more.

For more information on differences in SUSE OpenSSH package see README.FIPS