Re: [HEADS UP]: OpenSSH 7.2 to Fedora 23
On 03/03/2016 09:31 AM, Corinna Vinschen wrote:
Hi Jakub,
On Mar 2 17:48, Jakub Jelen wrote:
Hi there,
I just pushed openssh-7.2 update [1] into Fedora 23 testing. There are no
incompatible changes except these:
As I reported to the openssh-unix-dev list, as well as in
https://bodhi.fedoraproject.org/updates/openssh-7.2p1-1.fc23,
this release silently removes the /usr/bin/slogin symlink pointing to
/usr/bin/ssh, because upstream removed the Makefile commands creating
it at install time. Same for slogin.1 -> ssh.1.
This will break lots of installations (scripts, keyboard shortcuts, etc).
For the Cygwin distro I now added the missing rules to the spec file,
along the lines of
cd ${DESTDIR}/usr/bin
ln -s ./ssh.exe slogin
cd ${DESTDIR}/usr/share/man/man1
ln -s ./ssh.1 slogin.1
Please create slogin in the rpm spec file as well.
Thanks for the notice. My bad that I thought that symlink is just
ancient stuff from old times. I will respin update with restored symlink
for Fedora 23.
Do you think that we need to carry this symlink even to Fedora 24? Do
you have some examples of scripts using slogin? They should probably
also get fixed.
Upstream also probably didn't see it as a big deal:
https://anongit.mindrot.org/openssh.git/commit/?id=69fead5d7cdaa73bdece9fcba80f8e8e70b90346
--
Jakub Jelen
Associate Software Engineer
Security Technologies
Red Hat
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
[HEADS UP]: OpenSSH 7.2 to Fedora 23
Hi there, I just pushed openssh-7.2 update [1] into Fedora 23 testing. There are no incompatible changes except these: * the minimum modulus size supported for diffie-hellman-group-exchange was increased to 2048 bits, * several legacy cryptographic algorithms and MD5-based and truncated HMAC algorithms were disabled on client side. which might be some trouble when connecting to old systems. If you need to use some of these fancy ciphers or HMACs, you need to configure your client to use them explicitly, for example: ssh -o Ciphers=+blowfish-cbc -o MACs=+hmac-md5-96 your_host or store appropriate values to the ~/.ssh/config. SSH should now also yield reasonable messages when it was not able to negotiate particular algorithms. My tests passed and the package is already for few days in rawhide and f24, but another testing would be appreciated, especially quick check if some of your common use cases are not disturbed. And there are also some fancy features you might want to give a try such ad-hoc adding keys to ssh-agent or new keyword restrict to use in authorized_keys file [2]. Thanks for attention and have a great day, [1] https://bodhi.fedoraproject.org/updates/openssh-7.2p1-1.fc23 [2] http://www.openssh.com/txt/release-7.2 -- Jakub Jelen Security Technologies Red Hat -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
