Dirk Mueller
d13558019e
- Drop openssh-7.7p1-allow_root_password_login.patch to prevent login as root via password by default (is also upstream default). Comment indicates that this was a temporary meassure that we now had for five years, time to get rid of it (bsc#1173067) OBS-URL: https://build.opensuse.org/request/show/873406 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=229
17 lines
690 B
Plaintext
17 lines
690 B
Plaintext
There are following changes in default settings of ssh client and server:
|
|
|
|
* Accepting and sending of locale environment variables in protocol 2 is
|
|
enabled.
|
|
|
|
* PAM authentication is enabled and mostly even required, do not turn it off.
|
|
|
|
* DSA authentication is enabled by default for maximum compatibility.
|
|
NOTE: do not use DSA authentication since it is being phased out for a reason
|
|
- the size of DSA keys is limited by the standard to 1024 bits which cannot
|
|
be considered safe any more.
|
|
|
|
* Accepting all RFC4419 specified DH group parameters. See KexDHMin in
|
|
ssh_config and sshd_config manual pages.
|
|
|
|
For more information on differences in SUSE OpenSSH package see README.FIPS
|