forked from pool/openssh
a68d0c642d
- Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
This attempts to preserve the permissions of any existing
known_hosts file when modified by ssh-keygen (for instance,
with -R).
- Add patch from upstream openssh-7.9p1-revert-new-qos-defaults.patch
- Run 'ssh-keygen -A' on startup only if SSHD_AUTO_KEYGEN="yes"
in /etc/sysconfig/ssh. This is set to "yes" by default, but
can be changed by the system administrator (bsc#1139089).
- Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
This attempts to preserve the permissions of any existing
known_hosts file when modified by ssh-keygen (for instance,
with -R).
- Version update to 8.1p1:
* ssh-keygen(1): when acting as a CA and signing certificates with
an RSA key, default to using the rsa-sha2-512 signature algorithm.
Certificates signed by RSA keys will therefore be incompatible
with OpenSSH versions prior to 7.2 unless the default is
overridden (using "ssh-keygen -t ssh-rsa -s ...").
* ssh(1): Allow %n to be expanded in ProxyCommand strings
* ssh(1), sshd(8): Allow prepending a list of algorithms to the
default set by starting the list with the '^' character, E.g.
"HostKeyAlgorithms ^ssh-ed25519"
* ssh-keygen(1): add an experimental lightweight signature and
verification ability. Signatures may be made using regular ssh keys
held on disk or stored in a ssh-agent and verified against an
authorized_keys-like list of allowed keys. Signatures embed a
namespace that prevents confusion and attacks between different
OBS-URL: https://build.opensuse.org/request/show/738544
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=135
|
||
|---|---|---|
| .gitattributes | ||
| .gitignore | ||
| cavs_driver-ssh.pl | ||
| openssh-7.7p1-allow_root_password_login.patch | ||
| openssh-7.7p1-cavstest-ctr.patch | ||
| openssh-7.7p1-cavstest-kdf.patch | ||
| openssh-7.7p1-disable_openssl_abi_check.patch | ||
| openssh-7.7p1-eal3.patch | ||
| openssh-7.7p1-enable_PAM_by_default.patch | ||
| openssh-7.7p1-fips_checks.patch | ||
| openssh-7.7p1-fips.patch | ||
| openssh-7.7p1-host_ident.patch | ||
| openssh-7.7p1-hostname_changes_when_forwarding_X.patch | ||
| openssh-7.7p1-IPv6_X_forwarding.patch | ||
| openssh-7.7p1-ldap.patch | ||
| openssh-7.7p1-no_fork-no_pid_file.patch | ||
| openssh-7.7p1-pam_check_locks.patch | ||
| openssh-7.7p1-pts_names_formatting.patch | ||
| openssh-7.7p1-remove_xauth_cookies_on_exit.patch | ||
| openssh-7.7p1-seccomp_ipc_flock.patch | ||
| openssh-7.7p1-seccomp_stat.patch | ||
| openssh-7.7p1-seed-prng.patch | ||
| openssh-7.7p1-send_locale.patch | ||
| openssh-7.7p1-sftp_force_permissions.patch | ||
| openssh-7.7p1-sftp_print_diagnostic_messages.patch | ||
| openssh-7.7p1-systemd-notify.patch | ||
| openssh-7.7p1-X11_trusted_forwarding.patch | ||
| openssh-7.7p1-X_forward_with_disabled_ipv6.patch | ||
| openssh-7.9p1-keygen-preserve-perms.patch | ||
| openssh-7.9p1-revert-new-qos-defaults.patch | ||
| openssh-8.0p1-gssapi-keyex.patch | ||
| openssh-8.1p1-audit.patch | ||
| openssh-8.1p1.tar.gz | ||
| openssh-8.1p1.tar.gz.asc | ||
| openssh-askpass-gnome.changes | ||
| openssh-askpass-gnome.spec | ||
| openssh.changes | ||
| openssh.spec | ||
| README.FIPS | ||
| README.kerberos | ||
| README.SUSE | ||
| ssh-askpass | ||
| ssh.reg | ||
| sshd-gen-keys-start | ||
| sshd.fw | ||
| sshd.pamd | ||
| sshd.service | ||
| sysconfig.ssh | ||
There are following changes in default settings of ssh client and server: * Accepting and sending of locale environment variables in protocol 2 is enabled. * PAM authentication is enabled and mostly even required, do not turn it off. * root authentiation with password is enabled by default (PermitRootLogin yes). NOTE: this has security implications and is only done in order to not change behaviour of the server in an update. We strongly suggest setting this option either "prohibit-password" or even better to "no" (which disables direct remote root login entirely). * DSA authentication is enabled by default for maximum compatibility. NOTE: do not use DSA authentication since it is being phased out for a reason - the size of DSA keys is limited by the standard to 1024 bits which cannot be considered safe any more. * Accepting all RFC4419 specified DH group parameters. See KexDHMin in ssh_config and sshd_config manual pages. For more information on differences in SUSE OpenSSH package see README.FIPS