sshd(8): Add a ssh_config "Match final" predicate. The connection 4-tuple available to PAM modules that wish to use it in sshd(8): Expose $SSH_CONNECTION in the PAM environment. sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request they Replicates the functionality of the existing SSH2_FXP_SETSTAT sftp-server(8): Add a protocol extension that ssh-add(1): Add a "-T" option to allowing testing whether keys in anĪgent are usable by performing a signature and a verification. ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v"Ĭommand-line flags to increase the verbosity of output pass verboseįlags though to subprocesses, such as ssh-pkcs11-helper started from scp(1), sftp(1): Accept -J option as an alias to ProxyJump on the scp ssh-keygen(1): When signing multiple certificates on a singleĬommand-line invocation, allow automatically incrementing the This allows the user to pasteĪ fingerprint obtained out of band at the prompt and have the client ssh(1): When prompting whether to record a new host key, accept the sshd(8): Add a log message for situations where a connection isĭropped for attempting to run a command but a sshd_configįorceCommand=internal-sftp restriction is in effect. ssh(1): Allow "PKCS11Provider=none" to override later instances of the ssh-keygen(1): Increase the default RSA key size to 3072 bits,įollowing NIST Special Publication 800-57's guidance for a 128-bitĮquivalent symmetric security level (LP: #1445625). ssh(1), sshd(8): Add experimental quantum-computing resistant keyĮxchange method, based on a combination of Streamlined NTRU Prime ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in Openssh (1:8.0p1-1) experimental urgency=medium * Fix interop tests for recent regress changes. Openssh (1:8.0p1-2) experimental urgency=medium Openssh (1:8.0p1-3) unstable urgency=medium * Run regression tests against the Python 3 version of Twisted Conch. * Use debhelper-compat instead of debian/compat. Openssh (1:8.0p1-4) unstable urgency=medium * Add a runscript for runit (closes: #933999). Openssh (1:8.0p1-5) unstable urgency=medium * Only run dh_runit on openssh-server (closes: #935936). Openssh (1:8.0p1-6) unstable urgency=medium * No-change rebuild to drop runit dependency Well, sir, you have to convince me then that these changes below are not necessaryĬode: openssh (1:8.0p1-6build1) eoan urgency=medium I don't think you're fully appreciating the 'risk' of your 'attempted solution' and potentially much-larger-holes you're introducing on yourself that currently aren't there which to me are worse than the 'minor' issues already not deemed security risks thus not being back-ported - that you believe will be solved. You'll also find security changes will be required as you may stop receiving packages when 19.10/eoan goes EOL thus your servers will need a lot more manual maintenance that they don't now. Also these may change, so you'll have to monitor those into the future - so what you're asking isn't as simple as you want. Then you'll have to check other packages/programs on your system(s) that will be impacted by those changes etc. If you install `openssh-client` from eoan ( ) you'll have to check all dependencies are also met, or they'll need upgrading too. Openssh is a security 'high-priority' package maintained by Canonical - and is treated as such. Firefox is not a good comparison it's packaging is maintained by Mozilla themselves, the openssh team do not package openssh for Ubuntu so your comparison is flawed in my opinion.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |