d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
952d18a214
freebsd-dev/crypto/openssh
History
Ed Maste 952d18a214 ssh: Remove AES-CBC ciphers from default server and client lists 
A base system OpenSSH update in 2016 or so removed a number of ciphers
from the default lists offered by the server/client, due to known
weaknesses.  This caused POLA issues for some users and prompted
PR207679; the ciphers were restored to the default lists in r296634.

When upstream removed these ciphers from the default server list, they
moved them to the client-only default list.  They were subsequently
removed from the client default, in OpenSSH 7.9p1.

The change has persisted long enough.  Remove these extra ciphers from
both the server and client default lists, in advance of FreeBSD 13.

Reviewed by:	markm, rgrimes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D25833
2020-07-28 00:24:12 +00:00
..
contrib Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
openbsd-compat Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
regress Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
.depend Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
.gitignore
.skipped-commit-ids Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
aclocal.m4
addrmatch.c
atomicio.c
atomicio.h
audit-bsm.c
audit-linux.c
audit.c
audit.h
auth2-chall.c
auth2-gss.c
auth2-hostbased.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
auth2-kbdint.c
auth2-none.c
auth2-passwd.c
auth2-pubkey.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
auth2.c Don't log normal login_getpwclass(3) result. 2020-06-26 04:46:45 +00:00
auth-bsdauth.c
auth-krb5.c
auth-options.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
auth-options.h
auth-pam.c
auth-pam.h
auth-passwd.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
auth-rhosts.c
auth-shadow.c
auth-sia.c
auth-sia.h
auth-skey.c
auth.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
auth.h
authfd.c
authfd.h
authfile.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
authfile.h
bitmap.c
bitmap.h
blacklist_client.h
blacklist.c
buildpkg.sh.in
canohost.c
canohost.h
chacha.c
chacha.h
ChangeLog Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
channels.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
channels.h Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
cipher-aes.c
cipher-aesctr.c
cipher-aesctr.h
cipher-chachapoly.c
cipher-chachapoly.h
cipher-ctr.c
cipher.c
cipher.h
cleanup.c
clientloop.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
clientloop.h
compat.c
compat.h
config.guess
config.h
config.sub
configure.ac Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
crc32.c
crc32.h
CREDITS
crypto_api.h
defines.h
dh.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
dh.h
digest-libc.c
digest-openssl.c
digest.h
dispatch.c
dispatch.h
dns.c
dns.h
ed25519.c
entropy.c
entropy.h
fatal.c
fe25519.c
fe25519.h
fixalgorithms
fixpaths
freebsd-configure.sh
freebsd-namespace.sh
freebsd-post-merge.sh
freebsd-pre-merge.sh
FREEBSD-upgrade ssh: Remove AES-CBC ciphers from default server and client lists 2020-07-28 00:24:12 +00:00
FREEBSD-vendor Update version in openssh FREEBSD-vendor metadata 2020-02-14 22:32:33 +00:00
ge25519_base.data
ge25519.c
ge25519.h
groupaccess.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
groupaccess.h
gss-genr.c
gss-serv-krb5.c
gss-serv.c
hash.c
hmac.c
hmac.h
hostfile.c
hostfile.h
includes.h
INSTALL
install-sh
kex.c
kex.h
kexc25519.c
kexc25519c.c
kexc25519s.c
kexdh.c
kexdhc.c
kexdhs.c
kexecdh.c
kexecdhc.c
kexecdhs.c
kexgex.c
kexgexc.c
kexgexs.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
krb5_config.h
krl.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
krl.h Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
LICENCE
log.c
log.h
loginrec.c
loginrec.h
logintest.c
mac.c
mac.h
Makefile.in Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
match.c
match.h
md5crypt.c
md5crypt.h
mdoc2man.awk
misc.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
misc.h Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
mkinstalldirs
moduli Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
moduli.5
moduli.c
monitor_fdpass.c
monitor_fdpass.h
monitor_wrap.c
monitor_wrap.h
monitor.c
monitor.h
msg.c
msg.h
mux.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
myproposal.h ssh: Remove AES-CBC ciphers from default server and client lists 2020-07-28 00:24:12 +00:00
nchan2.ms
nchan.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
nchan.ms
opacket.c
opacket.h
openssh.xml.in
opensshd.init.in
OVERVIEW
packet.c
packet.h
pathnames.h
pkcs11.h
platform-misc.c
platform-pledge.c
platform-tracing.c
platform.c
platform.h
poly1305.c
poly1305.h
progressmeter.c
progressmeter.h
PROTOCOL Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
PROTOCOL.agent
PROTOCOL.certkeys
PROTOCOL.chacha20poly1305
PROTOCOL.key
PROTOCOL.krl Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
PROTOCOL.mux Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
readconf.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
readconf.h Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
README Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
README.dns
README.platform
README.privsep
README.tun
readpass.c
rijndael.c
rijndael.h
sandbox-capsicum.c
sandbox-darwin.c
sandbox-null.c
sandbox-pledge.c
sandbox-rlimit.c
sandbox-seccomp-filter.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
sandbox-solaris.c
sandbox-systrace.c
sc25519.c
sc25519.h
scp.1 Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
scp.c
servconf.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
servconf.h Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
serverloop.c
serverloop.h
session.c openssh: -fno-common fix from upstream f47d72ddad 2020-03-29 19:14:27 +00:00
session.h Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
sftp-client.c
sftp-client.h
sftp-common.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
sftp-common.h
sftp-glob.c
sftp-server-main.c
sftp-server.8
sftp-server.c
sftp.1 Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
sftp.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
sftp.h
smult_curve25519_ref.c
ssh2.h
ssh_api.c
ssh_api.h
ssh_config Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
ssh_config.5 Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
ssh_namespace.h Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
ssh-add.1
ssh-add.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
ssh-agent.1
ssh-agent.c
ssh-dss.c
ssh-ecdsa.c
ssh-ed25519.c
ssh-gss.h
ssh-keygen.1 Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
ssh-keygen.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
ssh-keyscan.1
ssh-keyscan.c
ssh-keysign.8
ssh-keysign.c
ssh-pkcs11-client.c
ssh-pkcs11-helper.8
ssh-pkcs11-helper.c
ssh-pkcs11.c
ssh-pkcs11.h
ssh-rsa.c
ssh-sandbox.h
ssh-xmss.c
ssh.1 Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
ssh.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
ssh.h
sshbuf-getput-basic.c
sshbuf-getput-crypto.c
sshbuf-misc.c
sshbuf.c
sshbuf.h
sshconnect2.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
sshconnect.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
sshconnect.h
sshd_config Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
sshd_config.5 ssh: Remove AES-CBC ciphers from default server and client lists 2020-07-28 00:24:12 +00:00
sshd.8
sshd.c openssh: refer to OpenSSL not SSLeay, part 2 2020-07-15 18:49:00 +00:00
ssherr.c
ssherr.h
sshkey-xmss.c
sshkey-xmss.h
sshkey.c Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
sshkey.h Upgrade to OpenSSH 7.9p1. 2020-02-14 19:06:59 +00:00
sshlogin.c
sshlogin.h
sshpty.c
sshpty.h
sshtty.c
survey.sh.in
TODO
ttymodes.c
ttymodes.h
uidswap.c
uidswap.h
umac128.c
umac.c
umac.h
utf8.c
utf8.h
uuencode.c
uuencode.h
verify.c
version.h openssh: refer to OpenSSL not SSLeay, part 2 2020-07-15 18:49:00 +00:00
xmalloc.c
xmalloc.h
xmss_commons.c
xmss_commons.h
xmss_fast.c
xmss_fast.h
xmss_hash_address.c
xmss_hash_address.h
xmss_hash.c
xmss_hash.h
xmss_wots.c
xmss_wots.h

README 

See https://www.openssh.com/releasenotes.html#7.9p1 for the release notes.

Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
patch/pull-request management.

This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
Unices.

OpenSSH is based on the last free version of Tatu Ylonen's sample
implementation with all patent-encumbered algorithms removed (to
external libraries), all known security bugs fixed, new features
reintroduced and many other clean-ups.  OpenSSH has been created by
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at https://www.openssh.com/

This port consists of the re-introduction of autoconf support, PAM
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
functions that are (regrettably) absent from other unices. This port
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
FreeBSD, NetBSD, OpenBSD, OpenServer, Solaris and UnixWare.

This version actively tracks changes in the OpenBSD CVS repository.

The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication.

OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and
libedit[6]

There is now several mailing lists for this port of OpenSSH. Please
refer to https://www.openssh.com/list.html for details on how to join.

Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed
users.  Code contribution are welcomed, but please follow the OpenBSD
style guidelines[7].

Please refer to the INSTALL document for information on how to install
OpenSSH on your system.

Damien Miller <djm@mindrot.org>

Miscellania -

This version of OpenSSH is based upon code retrieved from the OpenBSD
CVS repository which in turn was based on the last free sample
implementation released by Tatu Ylonen.

References -

[0] https://www.openssh.com/
[1] http://www.lothar.com/tech/crypto/
[2] http://prngd.sourceforge.net/
[3] https://www.zlib.net/
[4] https://www.openssl.org/
[5] https://www.openpam.org
    https://www.kernel.org/pub/linux/libs/pam/
    (PAM also is standard on Solaris and HP-UX 11)
[6] https://thrysoee.dk/editline/ (portable version)
[7] https://man.openbsd.org/style.9