openssh

SHA256

Go to file

Hans Petter Jansson 74e20db9ed Accepting request 1123220 from home:jsegitz:branches:network - Enhanced SELinux functionality. Added Fedora patches: * openssh-7.8p1-role-mls.patch Proper handling of MLS systems and basis for other SELinux improvements * openssh-6.6p1-privsep-selinux.patch Properly set contexts during privilege separation * openssh-6.6p1-keycat.patch Add ssh-keycat command to allow retrival of authorized_keys on MLS setups with polyinstantiation * openssh-6.6.1p1-selinux-contexts.patch Additional changes to set the proper context during privilege separation * openssh-7.6p1-cleanup-selinux.patch Various changes and putting the pieces together For now we don't ship the ssh-keycat command, but we need the patch for the other SELinux infrastructure This change fixes issues like bsc#1214788, where the ssh daemon needs to act on behalf of a user and needs a proper context for this OBS-URL: https://build.opensuse.org/request/show/1123220 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=252		2023-11-28 16:35:34 +00:00
_multibuild	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
.gitattributes	OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1	2007-01-07 16:26:05 +00:00
.gitignore	OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1	2007-01-07 16:26:05 +00:00
cavs_driver-ssh.pl	Accepting request 642573 from home:scarabeus_iv:branches:network	2018-10-17 08:57:56 +00:00
cb4ed12f.patch	Accepting request 1119952 from home:dimstar:Factory	2023-10-25 07:33:22 +00:00
fix-missing-lz.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
logind_set_tty.patch	Accepting request 1110800 from home:kukuk:no-utmp	2023-09-18 22:02:17 +00:00
openssh-6.6.1p1-selinux-contexts.patch	Accepting request 1123220 from home:jsegitz:branches:network	2023-11-28 16:35:34 +00:00
openssh-6.6p1-keycat.patch	Accepting request 1123220 from home:jsegitz:branches:network	2023-11-28 16:35:34 +00:00
openssh-6.6p1-privsep-selinux.patch	Accepting request 1123220 from home:jsegitz:branches:network	2023-11-28 16:35:34 +00:00
openssh-7.6p1-cleanup-selinux.patch	Accepting request 1123220 from home:jsegitz:branches:network	2023-11-28 16:35:34 +00:00
openssh-7.7p1-cavstest-ctr.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-cavstest-kdf.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-disable_openssl_abi_check.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-eal3.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-enable_PAM_by_default.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-fips_checks.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-7.7p1-fips.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-7.7p1-host_ident.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-hostname_changes_when_forwarding_X.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-IPv6_X_forwarding.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-ldap.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-7.7p1-no_fork-no_pid_file.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-pam_check_locks.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-7.7p1-pts_names_formatting.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-remove_xauth_cookies_on_exit.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-seccomp_ipc_flock.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-7.7p1-seccomp_stat.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-send_locale.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-sftp_force_permissions.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-sftp_print_diagnostic_messages.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-7.7p1-systemd-notify.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-7.7p1-X11_trusted_forwarding.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.7p1-X_forward_with_disabled_ipv6.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.8p1-role-mls.patch	Accepting request 1123220 from home:jsegitz:branches:network	2023-11-28 16:35:34 +00:00
openssh-7.9p1-keygen-preserve-perms.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-7.9p1-revert-new-qos-defaults.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-8.0p1-gssapi-keyex.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-8.1p1-audit.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-8.1p1-ed25519-use-openssl-rng.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-8.1p1-seccomp-clock_gettime64.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-8.1p1-seccomp-clock_nanosleep_time64.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-8.1p1-seccomp-clock_nanosleep.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-8.1p1-use-openssl-kdf.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-8.4p1-pam_motd.patch	Accepting request 1110800 from home:kukuk:no-utmp	2023-09-18 22:02:17 +00:00
openssh-8.4p1-ssh_config_d.patch	Accepting request 997549 from home:adamm:branches:network	2022-08-17 12:48:06 +00:00
openssh-8.4p1-vendordir.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-9.3p2.tar.gz	Accepting request 1099810 from home:simotek:branches:network	2023-07-21 07:35:33 +00:00
openssh-9.3p2.tar.gz.asc	Accepting request 1099810 from home:simotek:branches:network	2023-07-21 07:35:33 +00:00
openssh-askpass-gnome.changes	Accepting request 1099810 from home:simotek:branches:network	2023-07-21 07:35:33 +00:00
openssh-askpass-gnome.spec	Accepting request 1099810 from home:simotek:branches:network	2023-07-21 07:35:33 +00:00
openssh-do-not-send-empty-message.patch	Accepting request 1034974 from home:hpjansson:openssh-tw	2022-11-15 15:28:59 +00:00
openssh-fips-ensure-approved-moduli.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-link-with-sk.patch	Accepting request 922068 from home:hpjansson:branches:network	2021-10-07 08:06:58 +00:00
openssh-openssl-3.patch	Accepting request 1043949 from home:ohollmann:branches:network	2022-12-21 10:48:51 +00:00
openssh-reenable-dh-group14-sha1-default.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh-whitelist-syscalls.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00
openssh.changes	Accepting request 1123220 from home:jsegitz:branches:network	2023-11-28 16:35:34 +00:00
openssh.keyring	- openssh.keyring: rotated to new key from https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc	2021-10-07 15:19:27 +00:00
openssh.spec	Accepting request 1123220 from home:jsegitz:branches:network	2023-11-28 16:35:34 +00:00
README.FIPS	Accepting request 432093 from home:pcerny:factory	2016-09-30 20:34:19 +00:00
README.kerberos	Accepting request 642573 from home:scarabeus_iv:branches:network	2018-10-17 08:57:56 +00:00
README.SUSE	Accepting request 873406 from home:jsegitz:branches:network	2021-04-17 14:22:02 +00:00
ssh-askpass	Accepting request 718210 from home:Vogtinator:branches:network	2019-07-24 12:05:07 +00:00
ssh.reg	OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1	2007-01-07 16:26:05 +00:00
sshd-gen-keys-start	Accepting request 914000 from home:kukuk:tiu	2021-09-01 18:03:45 +00:00
sshd-sle.pamd	Accepting request 1074609 from home:kukuk:branches:network	2023-04-13 21:23:05 +00:00
sshd.fw	OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=7	2007-07-27 00:01:43 +00:00
sshd.pamd	Accepting request 1074609 from home:kukuk:branches:network	2023-04-13 21:23:05 +00:00
sshd.service	- Mention upstream bugs on multiple local patches	2018-10-19 13:24:01 +00:00
sysconfig.ssh	Accepting request 738490 from home:hpjansson:branches:network	2019-10-15 07:47:08 +00:00
sysusers-sshd.conf	Accepting request 866259 from home:hpjansson:branches:network	2021-01-24 18:19:54 +00:00
wtmpdb.patch	Accepting request 1087770 from home:alarrosa:branches:network	2023-05-22 19:32:26 +00:00

README.SUSE

There are following changes in default settings of ssh client and server:

* Accepting and sending of locale environment variables in protocol 2 is
  enabled.

* PAM authentication is enabled and mostly even required, do not turn it off.

* DSA authentication is enabled by default for maximum compatibility.
  NOTE: do not use DSA authentication since it is being phased out for a reason
  - the size of DSA keys is limited by the standard to 1024 bits which cannot
  be considered safe any more.

* Accepting all RFC4419 specified DH group parameters. See KexDHMin in
  ssh_config and sshd_config manual pages.

For more information on differences in SUSE OpenSSH package see README.FIPS