b21be4c6b4
- Version update to 7.9p1 * No actual changes for the askpass * See main package changelog for details - Version update to 7.9p1 * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms option (see below) bans the use of DSA keys as certificate authorities. * sshd(8): the authentication success/failure log message has changed format slightly. It now includes the certificate fingerprint (previously it included only key ID and CA key fingerprint). * ssh(1), sshd(8): allow most port numbers to be specified using service names from getservbyname(3) (typically /etc/services). * sshd(8): support signalling sessions via the SSH protocol. A limited subset of signals is supported and only for login or command sessions (i.e. not subsystems) that were not subject to a forced command via authorized_keys or sshd_config. bz#1424 * ssh(1): support "ssh -Q sig" to list supported signature options. Also "ssh -Q help" to show the full set of supported queries. * ssh(1), sshd(8): add a CASignatureAlgorithms option for the client and server configs to allow control over which signature formats are allowed for CAs to sign certificates. For example, this allows banning CAs that sign certificates using the RSA-SHA1 signature algorithm. * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to revoke keys specified by SHA256 hash. * ssh-keygen(1): allow creation of key revocation lists directly from base64-encoded SHA256 fingerprints. This supports revoking keys using only the information contained in sshd(8) OBS-URL: https://build.opensuse.org/request/show/643660 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=159 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
cavs_driver-ssh.pl | ||
openssh-7.7p1-audit.patch | ||
openssh-7.7p1-cavstest-ctr.patch | ||
openssh-7.7p1-cavstest-kdf.patch | ||
openssh-7.7p1-disable_openssl_abi_check.patch | ||
openssh-7.7p1-disable_short_DH_parameters.patch | ||
openssh-7.7p1-eal3.patch | ||
openssh-7.7p1-enable_PAM_by_default.patch | ||
openssh-7.7p1-fips_checks.patch | ||
openssh-7.7p1-fips.patch | ||
openssh-7.7p1-gssapi_key_exchange.patch | ||
openssh-7.7p1-host_ident.patch | ||
openssh-7.7p1-hostname_changes_when_forwarding_X.patch | ||
openssh-7.7p1-IPv6_X_forwarding.patch | ||
openssh-7.7p1-ldap.patch | ||
openssh-7.7p1-no_fork-no_pid_file.patch | ||
openssh-7.7p1-pam_check_locks.patch | ||
openssh-7.7p1-pts_names_formatting.patch | ||
openssh-7.7p1-remove_xauth_cookies_on_exit.patch | ||
openssh-7.7p1-seccomp_ioctl_s390_EP11.patch | ||
openssh-7.7p1-seccomp_ipc_flock.patch | ||
openssh-7.7p1-seccomp_stat.patch | ||
openssh-7.7p1-seed-prng.patch | ||
openssh-7.7p1-send_locale.patch | ||
openssh-7.7p1-sftp_force_permissions.patch | ||
openssh-7.7p1-sftp_print_diagnostic_messages.patch | ||
openssh-7.7p1-systemd-notify.patch | ||
openssh-7.7p1-X11_trusted_forwarding.patch | ||
openssh-7.7p1-X_forward_with_disabled_ipv6.patch | ||
openssh-7.9p1.tar.gz | ||
openssh-7.9p1.tar.gz.asc | ||
openssh-askpass-gnome.changes | ||
openssh-askpass-gnome.spec | ||
openssh.changes | ||
openssh.spec | ||
README.FIPS | ||
README.kerberos | ||
README.SUSE | ||
ssh-askpass | ||
ssh.reg | ||
sshd-gen-keys-start | ||
sshd.fw | ||
sshd.pamd | ||
sshd.service | ||
sysconfig.ssh |
There are following changes in default settings of ssh client and server: * Accepting and sending of locale environment variables in protocol 2 is enabled. * PAM authentication is enabled and mostly even required, do not turn it off. * DSA authentication is enabled by default for maximum compatibility. NOTE: do not use DSA authentication since it is being phased out for a reason - the size of DSA keys is limited by the standard to 1024 bits which cannot be considered safe any more. * Accepting all RFC4419 specified DH group parameters. See KexDHMin in ssh_config and sshd_config manual pages. For more information on differences in SUSE OpenSSH package see README.FIPS