diff --git a/README.SUSE b/README.SUSE index d52608c..cd33733 100644 --- a/README.SUSE +++ b/README.SUSE @@ -11,10 +11,6 @@ There are following changes in default settings of ssh client and server: either "prohibit-password" or even better to "no" (which disables direct remote root login entirely). -* SSH protocol version 1 is enabled for maximum compatibility. - NOTE: do not use protocol version 1. It is less secure then v2 and should - generally be phased out. - * DSA authentication is enabled by default for maximum compatibility. NOTE: do not use DSA authentication since it is being phased out for a reason - the size of DSA keys is limited by the standard to 1024 bits which cannot diff --git a/openssh.changes b/openssh.changes index 366ef78..3eafc4d 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Oct 17 09:22:36 UTC 2018 - Tomáš Chvátal + +- Disable ssh1 protocol support as neither RH or Debian enable + this protocol by default anymore either. + ------------------------------------------------------------------- Wed Oct 17 08:42:12 UTC 2018 - Tomáš Chvátal diff --git a/openssh.spec b/openssh.spec index 354e64f..a531eaf 100644 --- a/openssh.spec +++ b/openssh.spec @@ -27,8 +27,7 @@ %bcond_without susefirewall %bcond_with tirpc %endif -%define _fwdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d -%define _fwdefdir %{_fwdir}/services +%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %define _appdefdir %( grep "configdirspec=" $( which xmkmf ) | sed -r 's,^[^=]+=.*-I(.*)/config.*$,\\1/app-defaults,' ) %define CHECKSUM_SUFFIX .hmac %define CHECKSUM_HMAC_KEY "HMAC_KEY:OpenSSH-FIPS@SLE" @@ -197,10 +196,8 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS --with-ldap \ --with-xauth=%{_bindir}/xauth \ --with-libedit \ - --with-ssh1 \ - --target=%{_target_cpu}-suse-linux \ + --target=%{_target_cpu}-suse-linux -### configure end make %{?_smp_mflags} %install