SHA256
1
0
forked from pool/openssh
openssh/README.SUSE
Petr Cerny 6dac324cb7 Accepting request 407066 from home:pcerny:factory
- enable support for SSHv1 protocol and discourage its usage
  (bsc#983307)
- enable DSA by default for backward compatibility and discourage
  its usage (bsc#983784)
  [openssh-7.2p2-allow_DSS_by_default.patch]

- upgrade to 7.2p2
  upstream package without any SUSE patches
  Distilled upstream log:
- OpenSSH 6.7
  Potentially-incompatible changes:
  * sshd(8): The default set of ciphers and MACs has been
    altered to remove unsafe algorithms. In particular, CBC
    ciphers and arcfour* are disabled by default.
    The full set of algorithms remains available if configured
    explicitly via the Ciphers and MACs sshd_config options.
  * sshd(8): Support for tcpwrappers/libwrap has been removed.
  * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of
    connections using the curve25519-sha256@libssh.org KEX
    exchange method to fail when connecting with something that
    implements the specification correctly. OpenSSH 6.7 disables
    this KEX method when speaking to one of the affected
    versions.
  New Features:
  * ssh(1), sshd(8): Add support for Unix domain socket
    forwarding. A remote TCP port may be forwarded to a local
    Unix domain socket and vice versa or both ends may be a Unix
    domain socket.
  * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
    ED25519 key types.

OBS-URL: https://build.opensuse.org/request/show/407066
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
2016-07-07 07:07:23 +00:00

27 lines
1.1 KiB
Plaintext

This is OpenSSH version 7.2p2 for SLE12
There are following changes in default settings of ssh client and server:
* Accepting and sending of locale environment variables in protocol 2 is
enabled.
* PAM authentication is enabled.
* root authentiation with password is enabled by default (PermitRootLogin yes).
NOTE: this has security implications and is only done in order to not change
behaviour of the server in an update. We strongly suggest setting this option
either "prohibit-password" or even better to "no" (which disables direct
remote root login entirely).
* SSH protocol version 1 is enabled for maximum compatibility.
NOTE: do not use protocol version 1. It is less secure then v2 and should
generally be phased out.
* DSA authentication is enabled by default for maximum compatibility.
NOTE: do not use DSA authentication since it is being phased out for a reason
- the size of DSA keys is limited by the standard to 1024 bits which cannot
be considered safe any more.
For more information on differences in SUSE OpenSSH package see README.FIPS