Go to file
Petr Cerny 6dac324cb7 Accepting request 407066 from home:pcerny:factory
- enable support for SSHv1 protocol and discourage its usage
  (bsc#983307)
- enable DSA by default for backward compatibility and discourage
  its usage (bsc#983784)
  [openssh-7.2p2-allow_DSS_by_default.patch]

- upgrade to 7.2p2
  upstream package without any SUSE patches
  Distilled upstream log:
- OpenSSH 6.7
  Potentially-incompatible changes:
  * sshd(8): The default set of ciphers and MACs has been
    altered to remove unsafe algorithms. In particular, CBC
    ciphers and arcfour* are disabled by default.
    The full set of algorithms remains available if configured
    explicitly via the Ciphers and MACs sshd_config options.
  * sshd(8): Support for tcpwrappers/libwrap has been removed.
  * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of
    connections using the curve25519-sha256@libssh.org KEX
    exchange method to fail when connecting with something that
    implements the specification correctly. OpenSSH 6.7 disables
    this KEX method when speaking to one of the affected
    versions.
  New Features:
  * ssh(1), sshd(8): Add support for Unix domain socket
    forwarding. A remote TCP port may be forwarded to a local
    Unix domain socket and vice versa or both ends may be a Unix
    domain socket.
  * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
    ED25519 key types.

OBS-URL: https://build.opensuse.org/request/show/407066
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
2016-07-07 07:07:23 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
cavs_driver-ssh.pl Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
openssh-7.2p2-allow_DSS_by_default.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-allow_root_password_login.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-blocksigalrm.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-disable_short_DH_parameters.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-dont_use_pthreads_in_PAM.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-eal3.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-enable_PAM_by_default.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-hostname_changes_when_forwarding_X.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-lastlog.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-pam_check_locks.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-pts_names_formatting.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-remove_xauth_cookies_on_exit.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-seccomp_getuid.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-seccomp_stat.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-send_locale.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2-X11_trusted_forwarding.patch Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh-7.2p2.tar.gz Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
openssh-askpass-gnome.changes Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
openssh-askpass-gnome.spec Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
openssh.changes Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
openssh.spec Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
README.FIPS Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
README.kerberos OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
README.SUSE Accepting request 407066 from home:pcerny:factory 2016-07-07 07:07:23 +00:00
ssh-askpass Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
ssh.reg OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
sshd-gen-keys-start Accepting request 199679 from home:pcerny:factory 2013-09-19 04:09:33 +00:00
sshd.fw OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=7 2007-07-27 00:01:43 +00:00
sshd.init Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
sshd.pamd Accepting request 199679 from home:pcerny:factory 2013-09-19 04:09:33 +00:00
sshd.service Accepting request 222365 from home:pcerny:factory 2014-02-14 14:54:10 +00:00
sysconfig.ssh Accepting request 88642 from home:pcerny:factory 2011-10-19 02:18:13 +00:00

This is OpenSSH version 7.2p2 for SLE12

There are following changes in default settings of ssh client and server:

* Accepting and sending of locale environment variables in protocol 2 is
  enabled.

* PAM authentication is enabled.

* root authentiation with password is enabled by default (PermitRootLogin yes).
  NOTE: this has security implications and is only done in order to not change
  behaviour of the server in an update. We strongly suggest setting this option
  either "prohibit-password" or even better to "no" (which disables direct
  remote root login entirely).

* SSH protocol version 1 is enabled for maximum compatibility.
  NOTE: do not use protocol version 1. It is less secure then v2 and should
  generally be phased out.

* DSA authentication is enabled by default for maximum compatibility.
  NOTE: do not use DSA authentication since it is being phased out for a reason
  - the size of DSA keys is limited by the standard to 1024 bits which cannot
  be considered safe any more.

For more information on differences in SUSE OpenSSH package see README.FIPS