SHA256
1
0
forked from pool/openssh
openssh/README.SUSE
Dirk Mueller f2379e82ce Accepting request 1173783 from home:alarrosa:branches:network:openssh-permit-root-login
- Only for SLE15, restore the patch file removed in
  Thu Feb 18 13:54:44 UTC 2021 to restore the previous behaviour
  from SP5 of having root password login allowed by default
  (fixes bsc#1223486, related to bsc#1173067):
  * openssh-7.7p1-allow_root_password_login.patch
- Since the default value for this config option is now set to
  permit root to use password logins in SLE15, the
  openssh-server-config-rootlogin subpackage isn't useful there so 
  we now create an openssh-server-config-disallow-rootlogin
  subpackage that sets the configuration the other way around
  than openssh-server-config-rootlogin.

OBS-URL: https://build.opensuse.org/request/show/1173783
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=266
2024-05-14 06:52:13 +00:00

24 lines
1.0 KiB
Plaintext

There are following changes in default settings of ssh client and server:
* Accepting and sending of locale environment variables in protocol 2 is
enabled.
* PAM authentication is enabled and mostly even required, do not turn it off.
* In SLE15, root authentiation with password is enabled by default
(PermitRootLogin yes).
NOTE: this has security implications and is only done in order to not change
behaviour of the server in an update. We strongly suggest setting this option
either "prohibit-password" or even better to "no" (which disables direct
remote root login entirely).
* DSA authentication is enabled by default for maximum compatibility.
NOTE: do not use DSA authentication since it is being phased out for a reason
- the size of DSA keys is limited by the standard to 1024 bits which cannot
be considered safe any more.
* Accepting all RFC4419 specified DH group parameters. See KexDHMin in
ssh_config and sshd_config manual pages.
For more information on differences in SUSE OpenSSH package see README.FIPS