[HEADS UP] openssh-7.0 is heading to Fedora 23

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi folks,
this is announcement, that the-new-hotness version of openssh is baked and ready to reach Fedora 23. As some of you noticed, upstream is pushing few important changes in this version:

1) Disable SSHv1 in compile time. Yes. It is time to say hello to this protocol and move on. I heard your voices, that some people needs to use the clients to connect to old hardware so after discussion we came with solution, that we will ship these clients with enabled SSHv1 in sub-package called openssh-clients-ssh1, which contains only two binaries, ssh1, ssh-keygen1 and scp1, just for the people in need. With default tools you should not be able to connect to SSHv1 only servers.

2) PermitRootLogin=prohibit-password is upstream default. I am not going to revert this change as I did in openssh-6.9, which landed in Fedora 22, after all the discussion about this topic and with bz89216. I changed only default value in sshd_config. This means two things: 1) You are still able to log in as root with clean Fedora 23 install. 2) If you will do update from previous versions and you have modified this file, you need to take care about this on your own!

3) Disabling at run-time key exchange algorithm diffie-hellman-group1-sha1 and key/cert algorithms ssh-dss, ssh-dss-cert-* . This can be also problem when connecting to older systems/with older keys, but upstream prepared new feature that will help with this issue and special page [1] describing how to simply enable these algorithms if you really need to for specific connection or host.

4) And of course there are packaged some security fixes that were found since last release. You can find description in release notes and in CVE-2015-5600.

You can find whole release notes on upstream website [2] and update for Fedora 23 is in bodhi [3].

I hope everything will work for you with the new version and if not, feel free to fill a bug or discuss issues in this thread.

[1] http://www.openssh.com/legacy.html
[2] http://www.openssh.com/txt/release-7.0
[3] https://admin.fedoraproject.org/updates/openssh-7.0p1-1.fc23

Best regards,

--
Jakub Jelen
Security Technologies
Red Hat

--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux