Secure Shell Client and Server (Remote Login Program)
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It is intended to replace rsh (rlogin and rsh) and
provides openssl (secure encrypted communication) between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
- Developed at network
- Sources inherited from project openSUSE:Factory
-
16
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:ARM/openssh && cd $_
- Create Badge
Refresh
Refresh
Source Files
Revision 154 (latest revision is 177)
Dominique Leuenberger (dimstar_suse)
accepted
request 923951
from
Marcus Meissner (msmeissn)
(revision 154)
- Version upgrade to 8.8p1 * No changes for askpass, see main package changelog for details - Version update to 8.8p1: = Security * sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with. Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privilege. Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5). = Potentially-incompatible changes * This release disables RSA signatures using the SHA-1 hash algorithm by default. This change has been made as the SHA-1 hash algorithm is cryptographically broken, and it is possible to create chosen-prefix hash collisions for <USD$50K. For most users, this change should be invisible and there is no need to replace ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys will automatically use the stronger algorithm where possible. Incompatibility is more likely when connecting to older SSH implementations that have not been upgraded or have not closely tracked improvements in the SSH protocol. For these cases, it may be necessary to selectively re-enable RSA/SHA1 to allow connection and/or user
Comments 4
Is it possible to upgrade to a more recent version, please?
openSSH-7.8 is available
OpenSSH 7.8p1 is available: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.8p1.tar.gz
Hello, is it possible to adhere to the new guidance regarding systemd ( https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines#Requirements )? That is, dropping %{?systemd_requires} and using %{?systemd_ordering} instead. This is interesting for containers, git-core requires openssh which in turn requires systemd which requires many other things. Thanks in advance.