d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
80999dcd5b
freebsd-dev/crypto/openssh/contrib
History
Ed Maste 38a52bd3b5 ssh: update to OpenSSH 9.1p1 
Release notes are available at https://www.openssh.com/txt/release-9.1

9.1 contains fixes for three minor memory safety problems; these have
lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base
system.

Some highlights copied from the release notes:

Potentially-incompatible changes
--------------------------------

 * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
   are now first-match-wins to match other directives. Previously
   if an environment variable was multiply specified the last set
   value would have been used. bz3438

 * ssh-keygen(8): ssh-keygen -A (generate all default host key types)
   will no longer generate DSA keys, as these are insecure and have
   not been used by default for some years.

New features
------------

 * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
   RSA key length. Keys below this length will be ignored for user
   authentication and for host authentication in sshd(8).

 * sftp-server(8): add a "users-groups-by-id@openssh.com" extension
   request that allows the client to obtain user/group names that
   correspond to a set of uids/gids.

 * sftp(1): use "users-groups-by-id@openssh.com" sftp-server
   extension (when available) to fill in user/group names for
   directory listings.

 * sftp-server(8): support the "home-directory" extension request
   defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
   a bit with the existing "expand-path@openssh.com", but some other
   clients support it.

 * ssh-keygen(1), sshd(8): allow certificate validity intervals,
   sshsig verification times and authorized_keys expiry-time options
   to accept dates in the UTC time zone in addition to the default
   of interpreting them in the system time zone. YYYYMMDD and
   YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
   with a 'Z' character.

   Also allow certificate validity intervals to be specified in raw
   seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
   is intended for use by regress tests and other tools that call
   ssh-keygen as part of a CA workflow. bz3468

 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
   "/usr/libexec/sftp-server -el debug3"

 * ssh-keygen(1): allow the existing -U (use agent) flag to work
   with "-Y sign" operations, where it will be interpreted to require
   that the private keys is hosted in an agent; bz3429

MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2022-10-19 10:27:11 -04:00
..
aix Upgrade to OpenSSH 7.8p1. 2018-09-10 16:20:12 +00:00
cygwin openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
hpux
redhat ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
solaris openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
suse ssh: update to OpenSSH 9.1p1 2022-10-19 10:27:11 -04:00
findssl.sh openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
gnome-ssh-askpass1.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
gnome-ssh-askpass2.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
gnome-ssh-askpass3.c openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
Makefile openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
README Upgrade to OpenSSH 7.1p2. 2016-01-21 11:54:34 +00:00
ssh-copy-id openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
ssh-copy-id.1 openssh: update to OpenSSH v8.7p1 2021-09-07 21:05:51 -04:00
sshd.pam.freebsd
sshd.pam.generic

README 

Other patches and addons for OpenSSH. Please send submissions to
djm@mindrot.org

Externally maintained
---------------------

SSH Proxy Command -- connect.c

Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand
which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
https CONNECT style proxy server. His page for connect.c has extensive
documentation on its use as well as compiled versions for Win32.

https://bitbucket.org/gotoh/connect/wiki/Home


X11 SSH Askpass:

Jim Knoble <jmknoble@pobox.com> has written an excellent X11
passphrase requester. This is highly recommended:

http://www.jmknoble.net/software/x11-ssh-askpass/


In this directory
-----------------

ssh-copy-id:

Phil Hands' <phil@hands.com> shell script to automate the process of adding
your public key to a remote machine's ~/.ssh/authorized_keys file.

gnome-ssh-askpass[12]:

A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or
"make gnome-ssh-askpass2" to build.

sshd.pam.generic:

A generic PAM config file which may be useful on your system. YMMV

sshd.pam.freebsd:

A PAM config file which works with FreeBSD's PAM port. Contributed by
Dominik Brettnacher <domi@saargate.de>

findssl.sh:

Search for all instances of OpenSSL headers and libraries and print their 
versions.  This is intended to help diagnose OpenSSH's "OpenSSL headers do not
match your library" errors. 

aix:
    Files to build an AIX native (installp or SMIT installable) package.

caldera:
    RPM spec file and scripts for building Caldera OpenLinuix packages

cygwin:
    Support files for Cygwin

hpux:
    Support files for HP-UX

redhat:
    RPM spec file and scripts for building Redhat packages

suse:
    RPM spec file and scripts for building SuSE packages