Go to file
Antonio Larrosa fef1b16e66 - Drop most of openssh-6.6p1-keycat.patch (actually, it was just
commented out). The keycat binary isn't really installed nor
  supported, so we can drop it, except for the code that is used
  by other SELinux patches, which is what I kept from that patch
  (boo#1229072).
- Add patch submitted to upstream to fix RFC4256 implementation
  so that keyboard-interactive authentication method can send
  instructions and sshd shows them to users even before a prompt
  is requested. This fixes MFA push notifications (boo#1229010).
  * 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=274
2024-09-12 10:24:41 +00:00
_multibuild - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
.gitattributes - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
.gitignore - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
cavs_driver-ssh.pl - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
fix-audit-fail-attempt.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
fix-CVE-2024-6387.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
fix-memleak-in-process_server_config_line_depth.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
fix-missing-lz.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
logind_set_tty.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-6.6.1p1-selinux-contexts.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-6.6p1-keycat.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-6.6p1-privsep-selinux.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.6p1-cleanup-selinux.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-allow_root_password_login.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-cavstest-ctr.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-cavstest-kdf.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-disable_openssl_abi_check.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-eal3.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-enable_PAM_by_default.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-fips_checks.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-fips.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-host_ident.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-hostname_changes_when_forwarding_X.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-IPv6_X_forwarding.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-ldap.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-no_fork-no_pid_file.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-pam_check_locks.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-pts_names_formatting.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-remove_xauth_cookies_on_exit.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-seccomp_ipc_flock.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-seccomp_stat.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-send_locale.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-sftp_force_permissions.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-sftp_print_diagnostic_messages.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-systemd-notify.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-X11_trusted_forwarding.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.7p1-X_forward_with_disabled_ipv6.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.8p1-role-mls.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.9p1-keygen-preserve-perms.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-7.9p1-revert-new-qos-defaults.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.0p1-gssapi-keyex.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-audit.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-ed25519-use-openssl-rng.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-seccomp-clock_gettime64.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-seccomp-clock_nanosleep_time64.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-seccomp-clock_nanosleep.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.1p1-use-openssl-kdf.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.4p1-pam_motd.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.4p1-ssh_config_d.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-8.4p1-vendordir.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-9.6p1-crypto-policies-man.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-9.6p1-crypto-policies.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-9.6p1.tar.gz - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-9.6p1.tar.gz.asc - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-9.8p1.tar.gz - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-9.8p1.tar.gz.asc - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-askpass-gnome.changes - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-askpass-gnome.spec - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-do-not-send-empty-message.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-fips-ensure-approved-moduli.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-link-with-sk.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-mitigate-lingering-secrets.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-openssl-3.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-reenable-dh-group14-sha1-default.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh-whitelist-syscalls.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh.changes - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh.keyring - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
openssh.spec - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
README.FIPS - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
README.kerberos - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
README.SUSE - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
ssh-askpass - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
ssh.reg - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd-gen-keys-start - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd-sle.pamd - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd.fw - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd.pamd - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd.service - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd.socket - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sshd@.service - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sysconfig.ssh - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
sysusers-sshd.conf - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00
wtmpdb.patch - Drop most of openssh-6.6p1-keycat.patch (actually, it was just 2024-09-12 10:24:41 +00:00

There are following changes in default settings of ssh client and server:

* Accepting and sending of locale environment variables in protocol 2 is
  enabled.

* PAM authentication is enabled and mostly even required, do not turn it off.

* In SLE15, root authentiation with password is enabled by default
  (PermitRootLogin yes).
  NOTE: this has security implications and is only done in order to not change
  behaviour of the server in an update. We strongly suggest setting this option
  either "prohibit-password" or even better to "no" (which disables direct
  remote root login entirely).

* DSA authentication is enabled by default for maximum compatibility.
  NOTE: do not use DSA authentication since it is being phased out for a reason
  - the size of DSA keys is limited by the standard to 1024 bits which cannot
  be considered safe any more.

* Accepting all RFC4419 specified DH group parameters. See KexDHMin in
  ssh_config and sshd_config manual pages.

For more information on differences in SUSE OpenSSH package see README.FIPS