6dac324cb7
- enable support for SSHv1 protocol and discourage its usage (bsc#983307) - enable DSA by default for backward compatibility and discourage its usage (bsc#983784) [openssh-7.2p2-allow_DSS_by_default.patch] - upgrade to 7.2p2 upstream package without any SUSE patches Distilled upstream log: - OpenSSH 6.7 Potentially-incompatible changes: * sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options. * sshd(8): Support for tcpwrappers/libwrap has been removed. * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the specification correctly. OpenSSH 6.7 disables this KEX method when speaking to one of the affected versions. New Features: * ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519 key types. OBS-URL: https://build.opensuse.org/request/show/407066 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
54 lines
1.9 KiB
Diff
54 lines
1.9 KiB
Diff
# HG changeset patch
|
|
# Parent 505927e61d1a7848f0003adb3619cc726b8e5d15
|
|
send locales in default configuration
|
|
bnc#65747
|
|
|
|
diff --git a/openssh-7.2p2/ssh_config b/openssh-7.2p2/ssh_config
|
|
--- a/openssh-7.2p2/ssh_config
|
|
+++ b/openssh-7.2p2/ssh_config
|
|
@@ -26,16 +26,21 @@ Host *
|
|
# security reasons: Someone stealing the authentification data on the
|
|
# remote side (the "spoofed" X-server by the remote sshd) can read your
|
|
# keystrokes as you type, just like any other X11 client could do.
|
|
# Set this to "no" here for global effect or in your own ~/.ssh/config
|
|
# file if you want to have the remote X11 authentification data to
|
|
# expire after twenty minutes after remote login.
|
|
ForwardX11Trusted yes
|
|
|
|
+# This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
|
|
+ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
+ SendEnv LC_IDENTIFICATION LC_ALL
|
|
+
|
|
# RhostsRSAAuthentication no
|
|
# RSAAuthentication yes
|
|
# PasswordAuthentication yes
|
|
# HostbasedAuthentication no
|
|
# GSSAPIAuthentication no
|
|
# GSSAPIDelegateCredentials no
|
|
# BatchMode no
|
|
# CheckHostIP yes
|
|
diff --git a/openssh-7.2p2/sshd_config b/openssh-7.2p2/sshd_config
|
|
--- a/openssh-7.2p2/sshd_config
|
|
+++ b/openssh-7.2p2/sshd_config
|
|
@@ -120,14 +120,19 @@ X11Forwarding yes
|
|
#VersionAddendum none
|
|
|
|
# no default banner path
|
|
#Banner none
|
|
|
|
# override default of no subsystems
|
|
Subsystem sftp /usr/libexec/sftp-server
|
|
|
|
+# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
|
|
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
+AcceptEnv LC_IDENTIFICATION LC_ALL
|
|
+
|
|
# Example of overriding settings on a per-user basis
|
|
#Match User anoncvs
|
|
# X11Forwarding no
|
|
# AllowTcpForwarding no
|
|
# PermitTTY no
|
|
# ForceCommand cvs server
|