pool/openssh
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a1a66bf54b
openssh/openssh-7.2p2-host_ident.patch
Petr Cerny e8b9919265 Accepting request 500279 from home:pcerny:factory 
- Fix preauth seccomp separation on mainframes (bsc#1016709)
  [openssh-7.2p2-s390_hw_crypto_syscalls.patch]
  [openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch]
- enable case-insensitive hostname matching (bsc#1017099)
  [openssh-7.2p2-ssh_case_insensitive_host_matching.patch]
- add CAVS tests 
  [openssh-7.2p2-cavstest-ctr.patch]
  [openssh-7.2p2-cavstest-kdf.patch]
- Adding missing pieces for user matching (bsc#1021626)
- Properly verify CIDR masks in configuration
  (bsc#1005893)
  [openssh-7.2p2-verify_CIDR_address_ranges.patch]
- Remove pre-auth compression support from the server to prevent
  possible cryptographic attacks.
  (CVE-2016-10012, bsc#1016370)
  [openssh-7.2p2-disable_preauth_compression.patch]
- limit directories for loading PKCS11 modules
  (CVE-2016-10009, bsc#1016366)
  [openssh-7.2p2-restrict_pkcs11-modules.patch]
- Prevent possible leaks of host private keys to low-privilege
  process handling authentication
  (CVE-2016-10011, bsc#1016369)
  [openssh-7.2p2-prevent_private_key_leakage.patch]
- Do not allow unix socket forwarding when running without
  privilege separation
  (CVE-2016-10010, bsc#1016368)
  [openssh-7.2p2-secure_unix_sockets_forwarding.patch]
- prevent resource depletion during key exchange
  (bsc#1005480, CVE-2016-8858)
  [openssh-7.2p2-kex_resource_depletion.patch]

OBS-URL: https://build.opensuse.org/request/show/500279
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=117
2017-05-31 23:09:14 +00:00

30 lines
1.1 KiB
Diff
Raw Blame History

# HG changeset patch
# Parent e2f9b3303b4a4ed5d0e5f01009dd1ebea166890d
Suggest command line for removal of offending keys from known_hosts file
diff --git a/openssh-7.2p2/sshconnect.c b/openssh-7.2p2/sshconnect.c
--- a/openssh-7.2p2/sshconnect.c
+++ b/openssh-7.2p2/sshconnect.c
@@ -1086,16 +1086,21 @@ check_host_key(char *hostname, struct so
ip_found->file, ip_found->line);
}
/* The host key has changed. */
warn_changed_key(host_key);
error("Add correct host key in %.100s to get rid of this message.",
user_hostfiles[0]);
error("Offending %s key in %s:%lu", key_type(host_found->key),
host_found->file, host_found->line);
+ error("You can use following command to remove the offending key:");
+ if (host_found->file)
+ error("ssh-keygen -R %s -f %s", host, host_found->file);
+ else
+ error("ssh-keygen -R %s", host);
/*
* If strict host key checking is in use, the user will have
* to edit the key manually and we can only abort.
*/
if (options.strict_host_key_checking) {
error("%s host key for %.200s has changed and you have "
"requested strict checking.", type, host);
Reference in New Issue View Git Blame Copy Permalink