Go to file
Petr Cerny e8b9919265 Accepting request 500279 from home:pcerny:factory
- Fix preauth seccomp separation on mainframes (bsc#1016709)
  [openssh-7.2p2-s390_hw_crypto_syscalls.patch]
  [openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch]
- enable case-insensitive hostname matching (bsc#1017099)
  [openssh-7.2p2-ssh_case_insensitive_host_matching.patch]
- add CAVS tests 
  [openssh-7.2p2-cavstest-ctr.patch]
  [openssh-7.2p2-cavstest-kdf.patch]
- Adding missing pieces for user matching (bsc#1021626)
- Properly verify CIDR masks in configuration
  (bsc#1005893)
  [openssh-7.2p2-verify_CIDR_address_ranges.patch]
- Remove pre-auth compression support from the server to prevent
  possible cryptographic attacks.
  (CVE-2016-10012, bsc#1016370)
  [openssh-7.2p2-disable_preauth_compression.patch]
- limit directories for loading PKCS11 modules
  (CVE-2016-10009, bsc#1016366)
  [openssh-7.2p2-restrict_pkcs11-modules.patch]
- Prevent possible leaks of host private keys to low-privilege
  process handling authentication
  (CVE-2016-10011, bsc#1016369)
  [openssh-7.2p2-prevent_private_key_leakage.patch]
- Do not allow unix socket forwarding when running without
  privilege separation
  (CVE-2016-10010, bsc#1016368)
  [openssh-7.2p2-secure_unix_sockets_forwarding.patch]
- prevent resource depletion during key exchange
  (bsc#1005480, CVE-2016-8858)
  [openssh-7.2p2-kex_resource_depletion.patch]

OBS-URL: https://build.opensuse.org/request/show/500279
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=117
2017-05-31 23:09:14 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
cavs_driver-ssh.pl Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
openssh-7.2p2-additional_seccomp_archs.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-allow_DSS_by_default.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-allow_root_password_login.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-audit_fixes.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-audit_seed_prng.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-audit.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-blocksigalrm.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-cavstest-ctr.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-cavstest-kdf.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-disable_openssl_abi_check.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-disable_preauth_compression.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-disable_short_DH_parameters.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-dont_use_pthreads_in_PAM.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-eal3.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-enable_PAM_by_default.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-fips.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-gssapi_key_exchange.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-host_ident.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-hostname_changes_when_forwarding_X.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-ignore_PAM_with_UseLogin.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-IPv6_X_forwarding.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-keep_slogin.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-kex_resource_depletion.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-lastlog.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-ldap.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-limit_password_length.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-login_options.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-no_fork-no_pid_file.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-pam_check_locks.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-prevent_private_key_leakage.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-prevent_timing_user_enumeration.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-pts_names_formatting.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-remove_xauth_cookies_on_exit.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-restrict_pkcs11-modules.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-s390_hw_crypto_syscalls.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-seccomp_geteuid.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-seccomp_getuid.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-seccomp_stat.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-secure_unix_sockets_forwarding.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-seed-prng.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-send_locale.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-sftp_force_permissions.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-sftp_homechroot.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-ssh_case_insensitive_host_matching.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-verify_CIDR_address_ranges.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2-X11_trusted_forwarding.patch Accepting request 433779 from home:pcerny:factory 2016-10-07 15:57:29 +00:00
openssh-7.2p2-X_forward_with_disabled_ipv6.patch Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh-7.2p2.tar.gz Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
openssh-7.2p2.tar.gz.asc - fixed url, added gpg signature 2016-07-25 13:47:29 +00:00
openssh-askpass-gnome.changes - fixed url, added gpg signature 2016-07-25 13:47:29 +00:00
openssh-askpass-gnome.spec Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh.changes Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
openssh.spec Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
README.FIPS Accepting request 432093 from home:pcerny:factory 2016-09-30 20:34:19 +00:00
README.kerberos Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
README.SUSE Accepting request 500279 from home:pcerny:factory 2017-05-31 23:09:14 +00:00
ssh-askpass Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
ssh.reg OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
sshd-gen-keys-start Accepting request 199679 from home:pcerny:factory 2013-09-19 04:09:33 +00:00
sshd.fw OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=7 2007-07-27 00:01:43 +00:00
sshd.init Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
sshd.pamd Accepting request 199679 from home:pcerny:factory 2013-09-19 04:09:33 +00:00
sshd.service Accepting request 459897 from home:elvigia:branches:network 2017-03-01 11:01:26 +00:00
sysconfig.ssh Accepting request 88642 from home:pcerny:factory 2011-10-19 02:18:13 +00:00

This is OpenSSH version 7.2p2 for SLE12

There are following changes in default settings of ssh client and server:

* Accepting and sending of locale environment variables in protocol 2 is
  enabled.

* PAM authentication is enabled.

* root authentiation with password is enabled by default (PermitRootLogin yes).
  NOTE: this has security implications and is only done in order to not change
  behaviour of the server in an update. We strongly suggest setting this option
  either "prohibit-password" or even better to "no" (which disables direct
  remote root login entirely).

* SSH protocol version 1 is enabled for maximum compatibility.
  NOTE: do not use protocol version 1. It is less secure then v2 and should
  generally be phased out.

* DSA authentication is enabled by default for maximum compatibility.
  NOTE: do not use DSA authentication since it is being phased out for a reason
  - the size of DSA keys is limited by the standard to 1024 bits which cannot
  be considered safe any more.

* Accepting all RFC4419 specified DH group parameters. See KexDHMin in
  ssh_config and sshd_config manual pages.

For more information on differences in SUSE OpenSSH package see README.FIPS