rpm/openssh
SHA256
1
0
Fork 0
forked from pool/openssh
Code Pull Requests Activity
b0cebdb7b8
openssh/openssh-8.4p1.tar.gz.asc

15 lines
683 B
Plaintext
Raw Normal View History

Accepting request 863944 from home:dirkmueller:branches:network - update to 8.4p1: Security ======== * ssh-agent(1): restrict ssh-agent from signing web challenges for FIDO/U2F keys. * ssh-keygen(1): Enable FIDO 2.1 credProtect extension when generating a FIDO resident key. * ssh(1), ssh-keygen(1): support for FIDO keys that require a PIN for each use. These keys may be generated using ssh-keygen using a new "verify-required" option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. New Features ------------ * sshd(8): authorized_keys now supports a new "verify-required" option to require FIDO signatures assert that the token verified that the user was present before making the signature. The FIDO protocol supports multiple methods for user-verification, but currently OpenSSH only supports PIN verification. * sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn signatures. Webauthn is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and thus require explicit support. * ssh(1): allow some keywords to expand shell-style ${ENV} environment variables. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. bz#3140 * ssh(1), ssh-agent(1): allow some additional control over the use of ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable, including forcibly enabling and disabling its use. bz#69 * ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time OBS-URL: https://build.opensuse.org/request/show/863944 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=222
2021-01-18 02:12:55 +01:00
-----BEGIN PGP SIGNATURE-----
iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAl9wQnwACgkQ0+X1a22S
DTAR6wyAjRcvW7Jg9v73AR7TUO4WAD085sYi4ZLsECMZqhVZUBVv0Ofmcz2ISg3I
NU1nr9Kiqf1/i05OUIR64kJEd4wTSwv+4HhyP5MPJqyCkKcFJ9TyRy6pASZtyH6D
hKezJ79iGUg1U46bI6yyxchcAKrz0if97fKd0/1h5yE7T5lcbo+zQPsAg9dDXHBJ
nL5mpBQXU3xbU8bC+E+vZ7VAyxEm6kzuY7MRW2wOhpPQ5DJgEjAUjtvzvd9SJhKl
u/hgKXqIJBQB1pHlAFI1knfTrGUGrzob8QphukrvmbMJC3dO/o3Dplvx6lZkes0c
6hP66rhTRp5Tmw9ae3iUmoDf6SyStlo/4QomCuw0NxHrSOng16VjCR+NRWHvZbXC
JckIqparyOJ2jtHz0+e52sRZCZKauFBDMZboNj7f+htwQRUFOVfeSecpJiYut4bM
YALdayOQwL96J6aMdoMKfMGZUevCPN6OM96E6cMC1fmanBenZQ/vatmskIvvvO/P
rwECYTpGVRezhAvXMEy9x+EVdV6ctA==
=PW3D
-----END PGP SIGNATURE-----
Copy Permalink