forked from pool/openssh
6dac324cb7
- enable support for SSHv1 protocol and discourage its usage (bsc#983307) - enable DSA by default for backward compatibility and discourage its usage (bsc#983784) [openssh-7.2p2-allow_DSS_by_default.patch] - upgrade to 7.2p2 upstream package without any SUSE patches Distilled upstream log: - OpenSSH 6.7 Potentially-incompatible changes: * sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options. * sshd(8): Support for tcpwrappers/libwrap has been removed. * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the specification correctly. OpenSSH 6.7 disables this KEX method when speaking to one of the affected versions. New Features: * ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519 key types. OBS-URL: https://build.opensuse.org/request/show/407066 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
88 lines
2.3 KiB
Diff
88 lines
2.3 KiB
Diff
# HG changeset patch
|
|
# Parent bbb49b3f344cf24e9bbd7eb7a7c40fea21be77eb
|
|
fix paths and references in sshd man pages
|
|
|
|
diff --git a/openssh-7.2p2/sshd.8 b/openssh-7.2p2/sshd.8
|
|
--- a/openssh-7.2p2/sshd.8
|
|
+++ b/openssh-7.2p2/sshd.8
|
|
@@ -901,17 +901,17 @@ See
|
|
If this file exists,
|
|
.Nm
|
|
refuses to let anyone except root log in.
|
|
The contents of the file
|
|
are displayed to anyone trying to log in, and non-root connections are
|
|
refused.
|
|
The file should be world-readable.
|
|
.Pp
|
|
-.It Pa /etc/shosts.equiv
|
|
+.It Pa /etc/ssh/shosts.equiv
|
|
This file is used in exactly the same way as
|
|
.Pa hosts.equiv ,
|
|
but allows host-based authentication without permitting login with
|
|
rlogin/rsh.
|
|
.Pp
|
|
.It Pa /etc/ssh/ssh_host_key
|
|
.It Pa /etc/ssh/ssh_host_dsa_key
|
|
.It Pa /etc/ssh/ssh_host_ecdsa_key
|
|
@@ -981,17 +981,17 @@ The content of this file is not sensitiv
|
|
.Xr scp 1 ,
|
|
.Xr sftp 1 ,
|
|
.Xr ssh 1 ,
|
|
.Xr ssh-add 1 ,
|
|
.Xr ssh-agent 1 ,
|
|
.Xr ssh-keygen 1 ,
|
|
.Xr ssh-keyscan 1 ,
|
|
.Xr chroot 2 ,
|
|
-.Xr login.conf 5 ,
|
|
+.Xr login.defs 5 ,
|
|
.Xr moduli 5 ,
|
|
.Xr sshd_config 5 ,
|
|
.Xr inetd 8 ,
|
|
.Xr sftp-server 8
|
|
.Sh AUTHORS
|
|
OpenSSH is a derivative of the original and free
|
|
ssh 1.2.12 release by Tatu Ylonen.
|
|
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
|
|
diff --git a/openssh-7.2p2/sshd_config.5 b/openssh-7.2p2/sshd_config.5
|
|
--- a/openssh-7.2p2/sshd_config.5
|
|
+++ b/openssh-7.2p2/sshd_config.5
|
|
@@ -370,18 +370,17 @@ for details).
|
|
The contents of the specified file are sent to the remote user before
|
|
authentication is allowed.
|
|
If the argument is
|
|
.Dq none
|
|
then no banner is displayed.
|
|
By default, no banner is displayed.
|
|
.It Cm ChallengeResponseAuthentication
|
|
Specifies whether challenge-response authentication is allowed (e.g. via
|
|
-PAM or through authentication styles supported in
|
|
-.Xr login.conf 5 )
|
|
+PAM)
|
|
The default is
|
|
.Dq yes .
|
|
.It Cm ChrootDirectory
|
|
Specifies the pathname of a directory to
|
|
.Xr chroot 2
|
|
to after authentication.
|
|
At session startup
|
|
.Xr sshd 8
|
|
@@ -766,17 +765,17 @@ and
|
|
.Pa .shosts
|
|
files will not be used in
|
|
.Cm RhostsRSAAuthentication
|
|
or
|
|
.Cm HostbasedAuthentication .
|
|
.Pp
|
|
.Pa /etc/hosts.equiv
|
|
and
|
|
-.Pa /etc/shosts.equiv
|
|
+.Pa /etc/ssh/shosts.equiv
|
|
are still used.
|
|
The default is
|
|
.Dq yes .
|
|
.It Cm IgnoreUserKnownHosts
|
|
Specifies whether
|
|
.Xr sshd 8
|
|
should ignore the user's
|
|
.Pa ~/.ssh/known_hosts
|