Ubuntu
openssh package

openssh 1:7.2p1-1 source package in Ubuntu

Changelog

openssh (1:7.2p1-1) unstable; urgency=medium

  * New upstream release (http://www.openssh.com/txt/release-7.2):
    - This release disables a number of legacy cryptographic algorithms by
      default in ssh:
      + Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and
        the rijndael-cbc aliases for AES.
      + MD5-based and truncated HMAC algorithms.
      These algorithms are already disabled by default in sshd.
    - ssh(1), sshd(8): Remove unfinished and unused roaming code (was
      already forcibly disabled in OpenSSH 7.1p2).
    - ssh(1): Eliminate fallback from untrusted X11 forwarding to trusted
      forwarding when the X server disables the SECURITY extension.
    - ssh(1), sshd(8): Increase the minimum modulus size supported for
      diffie-hellman-group-exchange to 2048 bits.
    - sshd(8): Pre-auth sandboxing is now enabled by default (previous
      releases enabled it for new installations via sshd_config).
    - all: Add support for RSA signatures using SHA-256/512 hash algorithms
      based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt.
    - ssh(1): Add an AddKeysToAgent client option which can be set to 'yes',
      'no', 'ask', or 'confirm', and defaults to 'no'.  When enabled, a
      private key that is used during authentication will be added to
      ssh-agent if it is running (with confirmation enabled if set to
      'confirm').
    - sshd(8): Add a new authorized_keys option "restrict" that includes all
      current and future key restrictions (no-*-forwarding, etc.).  Also add
      permissive versions of the existing restrictions, e.g.  "no-pty" ->
      "pty".  This simplifies the task of setting up restricted keys and
      ensures they are maximally-restricted, regardless of any permissions
      we might implement in the future.
    - ssh(1): Add ssh_config CertificateFile option to explicitly list
      certificates.
    - ssh-keygen(1): Allow ssh-keygen to change the key comment for all
      supported formats (closes: #811125).
    - ssh-keygen(1): Allow fingerprinting from standard input, e.g.
      "ssh-keygen -lf -" (closes: #509058).
    - ssh-keygen(1): Allow fingerprinting multiple public keys in a file,
      e.g. "ssh-keygen -lf ~/.ssh/authorized_keys".
    - sshd(8): Support "none" as an argument for sshd_config Foreground and
      ChrootDirectory.  Useful inside Match blocks to override a global
      default.
    - ssh-keygen(1): Support multiple certificates (one per line) and
      reading from standard input (using "-f -") for "ssh-keygen -L"
    - ssh-keyscan(1): Add "ssh-keyscan -c ..." flag to allow fetching
      certificates instead of plain keys.
    - ssh(1): Better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
      hostname canonicalisation - treat them as already canonical and remove
      the trailing '.' before matching ssh_config.
    - sftp(1): Existing destination directories should not terminate
      recursive uploads (regression in OpenSSH 6.8; LP: #1553378).
  * Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.
  * Restore slogin symlinks for compatibility, although they were removed
    upstream.

 -- Colin Watson <email address hidden>  Tue, 08 Mar 2016 11:47:20 +0000

Upload details

Uploaded by:
Debian OpenSSH Maintainers
Uploaded to:
Sid
Original maintainer:
Debian OpenSSH Maintainers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openssh_7.2p1-1.dsc 2.8 KiB bf48023b9dc6ef343deceb641075ceb9d3c883dc2310f9c793355bdd8732692e
openssh_7.2p1.orig.tar.gz 1.4 MiB 973cc37b2f3597e4cf599b09e604e79c0fe5d9b6f595a24e91ed0662860b4ac3
openssh_7.2p1-1.debian.tar.xz 145.6 KiB 126f2caf91d9137e4b0a5d665ffa2d3c1a3ca2d8e91337bba92522ea103d2d00

Available diffs

No changes file available.

Binary packages built by this source

openssh-client: secure shell (SSH) client, for secure access to remote machines

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the ssh, scp and sftp clients, the ssh-agent
 and ssh-add programs to make public key authentication more convenient,
 and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.
 .
 ssh replaces the insecure rsh, rcp and rlogin programs, which are
 obsolete for most purposes.

openssh-client-dbgsym: debug symbols for package openssh-client

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the ssh, scp and sftp clients, the ssh-agent
 and ssh-add programs to make public key authentication more convenient,
 and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.
 .
 ssh replaces the insecure rsh, rcp and rlogin programs, which are
 obsolete for most purposes.

openssh-client-ssh1: secure shell (SSH) client for legacy SSH1 protocol

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the ssh1 and scp1 clients and the ssh-keygen1
 utility, all built with support for the legacy SSH1 protocol. This
 protocol is obsolete and should not normally be used, but in some cases
 there may be no alternative way to connect to outdated servers.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.
 .
 ssh replaces the insecure rsh, rcp and rlogin programs, which are
 obsolete for most purposes.

openssh-client-ssh1-dbgsym: debug symbols for package openssh-client-ssh1

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the ssh1 and scp1 clients and the ssh-keygen1
 utility, all built with support for the legacy SSH1 protocol. This
 protocol is obsolete and should not normally be used, but in some cases
 there may be no alternative way to connect to outdated servers.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.
 .
 ssh replaces the insecure rsh, rcp and rlogin programs, which are
 obsolete for most purposes.

openssh-client-udeb: secure shell client for the Debian installer

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 This package provides the ssh client for use in debian-installer.

openssh-client-udeb-dbgsym: debug symbols for package openssh-client-udeb

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 This package provides the ssh client for use in debian-installer.

openssh-server: secure shell (SSH) server, for secure access from remote machines

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the sshd server.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.
 .
 sshd replaces the insecure rshd program, which is obsolete for most
 purposes.

openssh-server-dbgsym: debug symbols for package openssh-server

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the sshd server.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.
 .
 sshd replaces the insecure rshd program, which is obsolete for most
 purposes.

openssh-server-udeb: secure shell server for the Debian installer

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 This package provides the sshd server for use in debian-installer.
 Since it is expected to be used in specialized situations (e.g. S/390
 installs with no console), it does not provide any configuration.

openssh-server-udeb-dbgsym: debug symbols for package openssh-server-udeb

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 This package provides the sshd server for use in debian-installer.
 Since it is expected to be used in specialized situations (e.g. S/390
 installs with no console), it does not provide any configuration.

openssh-sftp-server: secure shell (SSH) sftp server module, for SFTP access from remote machines

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the SFTP server module for the SSH server. It
 is needed if you want to access your SSH server with SFTP. The SFTP
 server module also works with other SSH daemons like dropbear.

openssh-sftp-server-dbgsym: debug symbols for package openssh-sftp-server

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the SFTP server module for the SSH server. It
 is needed if you want to access your SSH server with SFTP. The SFTP
 server module also works with other SSH daemons like dropbear.

ssh: secure shell client and server (metapackage)

 This metapackage is a convenient way to install both the OpenSSH client
 and the OpenSSH server. It provides nothing in and of itself, so you
 may remove it if nothing depends on it.

ssh-askpass-gnome: interactive X program to prompt users for a passphrase for ssh-add

 This has been split out of the main openssh-client package so that
 openssh-client does not need to depend on GTK+.
 .
 You probably want the ssh-askpass package instead, but this is
 provided to add to your choice and/or confusion.

ssh-askpass-gnome-dbgsym: debug symbols for package ssh-askpass-gnome

 This has been split out of the main openssh-client package so that
 openssh-client does not need to depend on GTK+.
 .
 You probably want the ssh-askpass package instead, but this is
 provided to add to your choice and/or confusion.

ssh-krb5: secure shell client and server (transitional package)

 This is a transitional package depending on the regular Debian OpenSSH
 client and server, which now support GSSAPI natively. It will add the
 necessary GSSAPI options to the server configuration file. You can
 remove it once the upgrade is complete and nothing depends on it.