Secure Shell Client and Server (Remote Login Program)
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It is intended to replace rsh (rlogin and rsh) and
provides openssl (secure encrypted communication) between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
- Developed at network
- Sources inherited from project openSUSE:Factory
-
16
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:ARM/openssh && cd $_ - Create Badge
Refresh
Refresh
Source Files
Revision 154 (latest revision is 177)
Dominique Leuenberger (dimstar_suse)
accepted
request 923951
from
Marcus Meissner (msmeissn)
(revision 154)
- Version upgrade to 8.8p1
* No changes for askpass, see main package changelog for
details
- Version update to 8.8p1:
= Security
* sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise
supplemental groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the
command as a different user. Instead these commands would inherit
the groups that sshd(8) was started with.
Depending on system configuration, inherited groups may allow
AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
gain unintended privilege.
Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
enabled by default in sshd_config(5).
= Potentially-incompatible changes
* This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K.
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
Comments 4
Is it possible to upgrade to a more recent version, please?
openSSH-7.8 is available
OpenSSH 7.8p1 is available: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.8p1.tar.gz
Hello, is it possible to adhere to the new guidance regarding systemd ( https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines#Requirements )? That is, dropping %{?systemd_requires} and using %{?systemd_ordering} instead. This is interesting for containers, git-core requires openssh which in turn requires systemd which requires many other things. Thanks in advance.