forked from pool/openssh
6dac324cb7
- enable support for SSHv1 protocol and discourage its usage (bsc#983307) - enable DSA by default for backward compatibility and discourage its usage (bsc#983784) [openssh-7.2p2-allow_DSS_by_default.patch] - upgrade to 7.2p2 upstream package without any SUSE patches Distilled upstream log: - OpenSSH 6.7 Potentially-incompatible changes: * sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options. * sshd(8): Support for tcpwrappers/libwrap has been removed. * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the specification correctly. OpenSSH 6.7 disables this KEX method when speaking to one of the affected versions. New Features: * ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519 key types. OBS-URL: https://build.opensuse.org/request/show/407066 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
27 lines
1.1 KiB
Plaintext
27 lines
1.1 KiB
Plaintext
This is OpenSSH version 7.2p2 for SLE12
|
|
|
|
There are following changes in default settings of ssh client and server:
|
|
|
|
* Accepting and sending of locale environment variables in protocol 2 is
|
|
enabled.
|
|
|
|
* PAM authentication is enabled.
|
|
|
|
* root authentiation with password is enabled by default (PermitRootLogin yes).
|
|
NOTE: this has security implications and is only done in order to not change
|
|
behaviour of the server in an update. We strongly suggest setting this option
|
|
either "prohibit-password" or even better to "no" (which disables direct
|
|
remote root login entirely).
|
|
|
|
* SSH protocol version 1 is enabled for maximum compatibility.
|
|
NOTE: do not use protocol version 1. It is less secure then v2 and should
|
|
generally be phased out.
|
|
|
|
* DSA authentication is enabled by default for maximum compatibility.
|
|
NOTE: do not use DSA authentication since it is being phased out for a reason
|
|
- the size of DSA keys is limited by the standard to 1024 bits which cannot
|
|
be considered safe any more.
|
|
|
|
For more information on differences in SUSE OpenSSH package see README.FIPS
|
|
|