Dirk Mueller
f2379e82ce
- Only for SLE15, restore the patch file removed in Thu Feb 18 13:54:44 UTC 2021 to restore the previous behaviour from SP5 of having root password login allowed by default (fixes bsc#1223486, related to bsc#1173067): * openssh-7.7p1-allow_root_password_login.patch - Since the default value for this config option is now set to permit root to use password logins in SLE15, the openssh-server-config-rootlogin subpackage isn't useful there so we now create an openssh-server-config-disallow-rootlogin subpackage that sets the configuration the other way around than openssh-server-config-rootlogin. OBS-URL: https://build.opensuse.org/request/show/1173783 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=266
24 lines
1.0 KiB
Plaintext
24 lines
1.0 KiB
Plaintext
There are following changes in default settings of ssh client and server:
|
|
|
|
* Accepting and sending of locale environment variables in protocol 2 is
|
|
enabled.
|
|
|
|
* PAM authentication is enabled and mostly even required, do not turn it off.
|
|
|
|
* In SLE15, root authentiation with password is enabled by default
|
|
(PermitRootLogin yes).
|
|
NOTE: this has security implications and is only done in order to not change
|
|
behaviour of the server in an update. We strongly suggest setting this option
|
|
either "prohibit-password" or even better to "no" (which disables direct
|
|
remote root login entirely).
|
|
|
|
* DSA authentication is enabled by default for maximum compatibility.
|
|
NOTE: do not use DSA authentication since it is being phased out for a reason
|
|
- the size of DSA keys is limited by the standard to 1024 bits which cannot
|
|
be considered safe any more.
|
|
|
|
* Accepting all RFC4419 specified DH group parameters. See KexDHMin in
|
|
ssh_config and sshd_config manual pages.
|
|
|
|
For more information on differences in SUSE OpenSSH package see README.FIPS
|