6dac324cb7
- enable support for SSHv1 protocol and discourage its usage
(bsc#983307)
- enable DSA by default for backward compatibility and discourage
its usage (bsc#983784)
[openssh-7.2p2-allow_DSS_by_default.patch]
- upgrade to 7.2p2
upstream package without any SUSE patches
Distilled upstream log:
- OpenSSH 6.7
Potentially-incompatible changes:
* sshd(8): The default set of ciphers and MACs has been
altered to remove unsafe algorithms. In particular, CBC
ciphers and arcfour* are disabled by default.
The full set of algorithms remains available if configured
explicitly via the Ciphers and MACs sshd_config options.
* sshd(8): Support for tcpwrappers/libwrap has been removed.
* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of
connections using the curve25519-sha256@libssh.org KEX
exchange method to fail when connecting with something that
implements the specification correctly. OpenSSH 6.7 disables
this KEX method when speaking to one of the affected
versions.
New Features:
* ssh(1), sshd(8): Add support for Unix domain socket
forwarding. A remote TCP port may be forwarded to a local
Unix domain socket and vice versa or both ends may be a Unix
domain socket.
* ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
ED25519 key types.
OBS-URL: https://build.opensuse.org/request/show/407066
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
88 lines
2.3 KiB
Diff
88 lines
2.3 KiB
Diff
# HG changeset patch
|
|
# Parent bbb49b3f344cf24e9bbd7eb7a7c40fea21be77eb
|
|
fix paths and references in sshd man pages
|
|
|
|
diff --git a/openssh-7.2p2/sshd.8 b/openssh-7.2p2/sshd.8
|
|
--- a/openssh-7.2p2/sshd.8
|
|
+++ b/openssh-7.2p2/sshd.8
|
|
@@ -901,17 +901,17 @@ See
|
|
If this file exists,
|
|
.Nm
|
|
refuses to let anyone except root log in.
|
|
The contents of the file
|
|
are displayed to anyone trying to log in, and non-root connections are
|
|
refused.
|
|
The file should be world-readable.
|
|
.Pp
|
|
-.It Pa /etc/shosts.equiv
|
|
+.It Pa /etc/ssh/shosts.equiv
|
|
This file is used in exactly the same way as
|
|
.Pa hosts.equiv ,
|
|
but allows host-based authentication without permitting login with
|
|
rlogin/rsh.
|
|
.Pp
|
|
.It Pa /etc/ssh/ssh_host_key
|
|
.It Pa /etc/ssh/ssh_host_dsa_key
|
|
.It Pa /etc/ssh/ssh_host_ecdsa_key
|
|
@@ -981,17 +981,17 @@ The content of this file is not sensitiv
|
|
.Xr scp 1 ,
|
|
.Xr sftp 1 ,
|
|
.Xr ssh 1 ,
|
|
.Xr ssh-add 1 ,
|
|
.Xr ssh-agent 1 ,
|
|
.Xr ssh-keygen 1 ,
|
|
.Xr ssh-keyscan 1 ,
|
|
.Xr chroot 2 ,
|
|
-.Xr login.conf 5 ,
|
|
+.Xr login.defs 5 ,
|
|
.Xr moduli 5 ,
|
|
.Xr sshd_config 5 ,
|
|
.Xr inetd 8 ,
|
|
.Xr sftp-server 8
|
|
.Sh AUTHORS
|
|
OpenSSH is a derivative of the original and free
|
|
ssh 1.2.12 release by Tatu Ylonen.
|
|
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
|
|
diff --git a/openssh-7.2p2/sshd_config.5 b/openssh-7.2p2/sshd_config.5
|
|
--- a/openssh-7.2p2/sshd_config.5
|
|
+++ b/openssh-7.2p2/sshd_config.5
|
|
@@ -370,18 +370,17 @@ for details).
|
|
The contents of the specified file are sent to the remote user before
|
|
authentication is allowed.
|
|
If the argument is
|
|
.Dq none
|
|
then no banner is displayed.
|
|
By default, no banner is displayed.
|
|
.It Cm ChallengeResponseAuthentication
|
|
Specifies whether challenge-response authentication is allowed (e.g. via
|
|
-PAM or through authentication styles supported in
|
|
-.Xr login.conf 5 )
|
|
+PAM)
|
|
The default is
|
|
.Dq yes .
|
|
.It Cm ChrootDirectory
|
|
Specifies the pathname of a directory to
|
|
.Xr chroot 2
|
|
to after authentication.
|
|
At session startup
|
|
.Xr sshd 8
|
|
@@ -766,17 +765,17 @@ and
|
|
.Pa .shosts
|
|
files will not be used in
|
|
.Cm RhostsRSAAuthentication
|
|
or
|
|
.Cm HostbasedAuthentication .
|
|
.Pp
|
|
.Pa /etc/hosts.equiv
|
|
and
|
|
-.Pa /etc/shosts.equiv
|
|
+.Pa /etc/ssh/shosts.equiv
|
|
are still used.
|
|
The default is
|
|
.Dq yes .
|
|
.It Cm IgnoreUserKnownHosts
|
|
Specifies whether
|
|
.Xr sshd 8
|
|
should ignore the user's
|
|
.Pa ~/.ssh/known_hosts
|