[PATCH 5/7] openssh: sync local ssh_config + sshd_config files with upstream 7.7p1

Openembedded Core Discussions
 help / color / mirror / Atom feed

From: Andre McCurdy <armccurdy@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 5/7] openssh: sync local ssh_config + sshd_config files with upstream 7.7p1
Date: Thu,  7 Jun 2018 11:48:38 -0700	[thread overview]
Message-ID: <1528397320-32269-5-git-send-email-armccurdy@gmail.com> (raw)
In-Reply-To: <1528397320-32269-1-git-send-email-armccurdy@gmail.com>

Changes are mostly related to the removal of support for SSH v.1
protocol, which was dropped from openssh sshd in 7.4p1:

  https://www.openssh.com/txt/release-7.4

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
---
 .../openssh/openssh/ssh_config                     | 12 ++++-----
 .../openssh/openssh/sshd_config                    | 29 ++++++----------------
 2 files changed, 14 insertions(+), 27 deletions(-)

diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
index 9e91915..e0d0238 100644
--- a/meta/recipes-connectivity/openssh/openssh/ssh_config
+++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
+#	$OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -31,14 +31,14 @@ Host *
 #   AddressFamily any
 #   ConnectTimeout 0
 #   StrictHostKeyChecking ask
-#   IdentityFile ~/.ssh/identity
 #   IdentityFile ~/.ssh/id_rsa
 #   IdentityFile ~/.ssh/id_dsa
+#   IdentityFile ~/.ssh/id_ecdsa
+#   IdentityFile ~/.ssh/id_ed25519
 #   Port 22
-#   Protocol 2,1
-#   Cipher 3des
-#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
-#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+#   Protocol 2
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
 #   EscapeChar ~
 #   Tunnel no
 #   TunnelDevice any:any
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index b7c3ccd..15f061b 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+#	$OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -7,7 +7,7 @@
 
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
-# possible, but leave them commented.  Uncommented options change a
+# possible, but leave them commented.  Uncommented options override the
 # default value.
 
 #Port 22
@@ -15,42 +15,30 @@
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
-# The default requires explicit activation of protocol 1
-Protocol 2
-
-# HostKey for protocol version 1
-#HostKey /etc/ssh/ssh_host_key
-# HostKeys for protocol version 2
 #HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key
 
-# Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 1h
-#ServerKeyBits 1024
-
 # Ciphers and keying
 #RekeyLimit default none
 
 # Logging
-# obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH
 #LogLevel INFO
 
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin yes
+#PermitRootLogin prohibit-password
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
 
-#RSAAuthentication yes
 #PubkeyAuthentication yes
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
 
 #AuthorizedPrincipalsFile none
 
@@ -58,11 +46,9 @@ AuthorizedKeysFile .ssh/authorized_keys
 #AuthorizedKeysCommandUser nobody
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
-# similar for protocol version 2
 #HostbasedAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
-# RhostsRSAAuthentication and HostbasedAuthentication
+# HostbasedAuthentication
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
@@ -71,7 +57,8 @@ AuthorizedKeysFile .ssh/authorized_keys
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 
-# Change to no to disable s/key passwords
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
 ChallengeResponseAuthentication no
 
 # Kerberos options
@@ -110,7 +97,7 @@ ChallengeResponseAuthentication no
 Compression no
 ClientAliveInterval 15
 ClientAliveCountMax 4
-#UseDNS yes
+#UseDNS no
 #PidFile /var/run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
-- 
1.9.1

next prev parent reply	other threads:[~2018-06-07 18:48 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-07 18:48 [PATCH 1/7] openssh: stop adding -D__FILE_OFFSET_BITS=64 to CFLAGS Andre McCurdy
2018-06-07 18:48 ` [PATCH 2/7] openssh: stop manually hiding libutil etc headers from configure Andre McCurdy
2018-06-15 10:15   ` Richard Purdie
2018-06-22 19:56     ` Andre McCurdy
2018-06-07 18:48 ` [PATCH 3/7] openssh: drop RCONFLICTS for openssh-keygen Andre McCurdy
2018-06-07 18:48 ` [PATCH 4/7] openssh: minor indent cleanup for sshd init script Andre McCurdy
2018-06-07 18:48 ` Andre McCurdy [this message]
2018-06-07 18:48 ` [PATCH 6/7] openssh: only create sshd host keys which have been enabled Andre McCurdy
2018-06-07 18:48 ` [PATCH 7/7] rootfs-postcommands.bbclass: drop obsolete sshd UseDNS rootfs postprocessing Andre McCurdy
2018-06-12 17:38 ` [PATCH 1/7] openssh: stop adding -D__FILE_OFFSET_BITS=64 to CFLAGS Andre McCurdy
2018-06-13 11:59   ` Burton, Ross

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9e91915 dfblob:e0d0238 dfblob:b7c3ccd dfblob:15f061b )
 OR (
bs:"[PATCH 5/7] openssh: sync local ssh_config + sshd_config files with upstream 7.7p1" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1528397320-32269-5-git-send-email-armccurdy@gmail.com \
    --to=armccurdy@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox