openssh

No description

Find a file

zyppe 96bbab7210 Initialize for openssh		2024-02-05 14:43:08 +08:00
.gitignore	Initialize for openssh	2024-02-05 14:43:08 +08:00
.openssh.metadata	Initialize for openssh	2024-02-05 14:43:08 +08:00
cavs_driver-ssh.pl	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-6.6.1p1-selinux-contexts.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-6.6p1-keycat.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-6.6p1-privsep-selinux.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.6p1-audit_race_condition.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.6p1-cleanup-selinux.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-allow_root_password_login.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-cavstest-ctr.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-cavstest-kdf.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-disable_openssl_abi_check.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-eal3.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-enable_PAM_by_default.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-fips.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-fips_checks.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-host_ident.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-hostname_changes_when_forwarding_X.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-IPv6_X_forwarding.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-ldap.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-no_fork-no_pid_file.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-pam_check_locks.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-pts_names_formatting.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-remove_xauth_cookies_on_exit.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-seccomp_ipc_flock.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-seccomp_stat.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-send_locale.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-sftp_force_permissions.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-sftp_print_diagnostic_messages.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-systemd-notify.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-X11_trusted_forwarding.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.7p1-X_forward_with_disabled_ipv6.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.8p1-role-mls.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.9p1-keygen-preserve-perms.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-7.9p1-revert-new-qos-defaults.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-8.0p1-gssapi-keyex.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-8.1p1-audit.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-8.1p1-ed25519-use-openssl-rng.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-8.1p1-seccomp-clock_gettime64.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-8.1p1-seccomp-clock_nanosleep.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-8.1p1-seccomp-clock_nanosleep_time64.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-8.1p1-use-openssl-kdf.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-8.4p1.tar.gz.asc	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-CVE-2021-28041-agent-double-free.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-CVE-2023-38408-PKCS11-execution.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-cve-2023-48795.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-do-not-send-empty-message.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-fips-ensure-approved-moduli.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-fix-ssh-copy-id.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-link-with-sk.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-mitigate-lingering-secrets.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh-reenable-dh-group14-sha1-default.patch	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh.changes	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh.keyring	Initialize for openssh	2024-02-05 14:43:08 +08:00
openssh.spec	Initialize for openssh	2024-02-05 14:43:08 +08:00
README.FIPS	Initialize for openssh	2024-02-05 14:43:08 +08:00
README.kerberos	Initialize for openssh	2024-02-05 14:43:08 +08:00
README.SUSE	Initialize for openssh	2024-02-05 14:43:08 +08:00
ssh-askpass	Initialize for openssh	2024-02-05 14:43:08 +08:00
ssh.reg	Initialize for openssh	2024-02-05 14:43:08 +08:00
sshd-gen-keys-start	Initialize for openssh	2024-02-05 14:43:08 +08:00
sshd.fw	Initialize for openssh	2024-02-05 14:43:08 +08:00
sshd.pamd	Initialize for openssh	2024-02-05 14:43:08 +08:00
sshd.service	Initialize for openssh	2024-02-05 14:43:08 +08:00
sysconfig.ssh	Initialize for openssh	2024-02-05 14:43:08 +08:00
sysusers-sshd.conf	Initialize for openssh	2024-02-05 14:43:08 +08:00

README.SUSE

There are following changes in default settings of ssh client and server:

* Accepting and sending of locale environment variables in protocol 2 is
  enabled.

* PAM authentication is enabled and mostly even required, do not turn it off.

* root authentiation with password is enabled by default (PermitRootLogin yes).
  NOTE: this has security implications and is only done in order to not change
  behaviour of the server in an update. We strongly suggest setting this option
  either "prohibit-password" or even better to "no" (which disables direct
  remote root login entirely).

* DSA authentication is enabled by default for maximum compatibility.
  NOTE: do not use DSA authentication since it is being phased out for a reason
  - the size of DSA keys is limited by the standard to 1024 bits which cannot
  be considered safe any more.

* Accepting all RFC4419 specified DH group parameters. See KexDHMin in
  ssh_config and sshd_config manual pages.

For more information on differences in SUSE OpenSSH package see README.FIPS