Hi there,
I just pushed openssh-7.2 update [1] into Fedora 23 testing. There are
no incompatible changes except these:
* the minimum modulus size supported for diffie-hellman-group-exchange
was increased to 2048 bits,
* several legacy cryptographic algorithms and MD5-based and truncated
HMAC algorithms were disabled on client side.
which might be some trouble when connecting to old systems. If you need
to use some of these fancy ciphers or HMACs, you need to configure your
client to use them explicitly, for example:
ssh -o Ciphers=+blowfish-cbc -o MACs=+hmac-md5-96 your_host
or store appropriate values to the ~/.ssh/config. SSH should now also
yield reasonable messages when it was not able to negotiate particular
algorithms.
My tests passed and the package is already for few days in rawhide and
f24, but another testing would be appreciated, especially quick check if
some of your common use cases are not disturbed. And there are also some
fancy features you might want to give a try such ad-hoc adding keys to
ssh-agent or new keyword restrict to use in authorized_keys file [2].
Thanks for attention and have a great day,
[1] https://bodhi.fedoraproject.org/updates/openssh-7.2p1-1.fc23
[2] http://www.openssh.com/txt/release-7.2
--
Jakub Jelen
Security Technologies
Red Hat
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
