1 files changed, 179 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 000000000..518294b5c
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,179 @@
+openssh (1:7.5p1-1) experimental; urgency=medium
+  OpenSSH 7.5 includes a number of changes that may affect existing
+  configurations:
+   * This release deprecates the sshd_config UsePrivilegeSeparation option,
+     thereby making privilege separation mandatory.
+   * The format of several log messages emitted by the packet code has
+     changed to include additional information about the user and their
+     authentication state. Software that monitors ssh/sshd logs may need to
+     account for these changes. For example:
+       Connection closed by user x 1.1.1.1 port 1234 [preauth]
+       Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
+       Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]
+     Affected messages include connection closure, timeout, remote
+     disconnection, negotiation failure and some other fatal messages
+     generated by the packet code.
+ -- Colin Watson <cjwatson@debian.org>  Sun, 02 Apr 2017 02:58:01 +0100
+openssh (1:7.4p1-7) unstable; urgency=medium
+  This version restores the default for AuthorizedKeysFile to search both
+  ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2, as was the case in
+  Debian configurations before 1:7.4p1-1.  Upstream intends to phase out
+  searching ~/.ssh/authorized_keys2 by default, so you should ensure that
+  you are only using ~/.ssh/authorized_keys, at least for critical
+  administrative access; do not assume that the current default will remain
+  in place forever.
+ -- Colin Watson <cjwatson@debian.org>  Sun, 05 Mar 2017 02:12:42 +0000
+openssh (1:7.4p1-1) unstable; urgency=medium
+  OpenSSH 7.4 includes a number of changes that may affect existing
+  configurations:
+   * ssh(1): Remove 3des-cbc from the client's default proposal.  64-bit
+     block ciphers are not safe in 2016 and we don't want to wait until
+     attacks like SWEET32 are extended to SSH.  As 3des-cbc was the only
+     mandatory cipher in the SSH RFCs, this may cause problems connecting to
+     older devices using the default configuration, but it's highly likely
+     that such devices already need explicit configuration for key exchange
+     and hostkey algorithms already anyway.
+   * sshd(8): Remove support for pre-authentication compression.  Doing
+     compression early in the protocol probably seemed reasonable in the
+     1990s, but today it's clearly a bad idea in terms of both cryptography
+     (cf. multiple compression oracle attacks in TLS) and attack surface.
+     Pre-auth compression support has been disabled by default for >10
+     years.  Support remains in the client.
+   * ssh-agent will refuse to load PKCS#11 modules outside a whitelist of
+     trusted paths by default.  The path whitelist may be specified at
+     run-time.
+   * sshd(8): When a forced-command appears in both a certificate and an
+     authorized keys/principals command= restriction, sshd will now refuse
+     to accept the certificate unless they are identical.  The previous
+     (documented) behaviour of having the certificate forced-command
+     override the other could be a bit confusing and error-prone.
+   * sshd(8): Remove the UseLogin configuration directive and support for
+     having /bin/login manage login sessions.
+  The unprivileged sshd process that deals with pre-authentication network
+  traffic is now subject to additional sandboxing restrictions by default:
+  that is, the default sshd_config now sets UsePrivilegeSeparation to
+  "sandbox" rather than "yes".  This has been the case upstream for a while,
+  but until now the Debian configuration diverged unnecessarily.
+ -- Colin Watson <cjwatson@debian.org>  Tue, 27 Dec 2016 18:01:46 +0000
+openssh (1:7.2p1-1) unstable; urgency=medium
+  OpenSSH 7.2 disables a number of legacy cryptographic algorithms by
+  default in ssh:
+   * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and the
+     rijndael-cbc aliases for AES.
+   * MD5-based and truncated HMAC algorithms.
+  These algorithms are already disabled by default in sshd.
+ -- Colin Watson <cjwatson@debian.org>  Tue, 08 Mar 2016 11:47:20 +0000
+openssh (1:7.1p1-2) unstable; urgency=medium
+  OpenSSH 7.0 disables several pieces of weak, legacy, and/or unsafe
+  cryptography.
+   * Support for the legacy SSH version 1 protocol is disabled by default at
+     compile time.  Note that this also means that the Cipher keyword in
+     ssh_config(5) is effectively no longer usable; use Ciphers instead for
+     protocol 2.  The openssh-client-ssh1 package includes "ssh1", "scp1",
+     and "ssh-keygen1" binaries which you can use if you have no alternative
+     way to connect to an outdated SSH1-only server; please contact the
+     server administrator or system vendor in such cases and ask them to
+     upgrade.
+   * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is
+     disabled by default at run-time.  It may be re-enabled using the
+     instructions at http://www.openssh.com/legacy.html
+   * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by
+     default at run-time.  These may be re-enabled using the instructions at
+     http://www.openssh.com/legacy.html
+   * Support for the legacy v00 cert format has been removed.
+  Future releases will retire more legacy cryptography, including:
+   * Refusing all RSA keys smaller than 1024 bits (the current minimum is
+     768 bits).
+   * Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc,
+     all arcfour variants, and the rijndael-cbc aliases for AES.
+   * MD5-based HMAC algorithms will be disabled by default.
+ -- Colin Watson <cjwatson@debian.org>  Tue, 08 Dec 2015 15:33:08 +0000
+openssh (1:6.9p1-1) unstable; urgency=medium
+  UseDNS now defaults to 'no'.  Configurations that match against the client
+  host name (via sshd_config or authorized_keys) may need to re-enable it or
+  convert to matching against addresses.
+ -- Colin Watson <cjwatson@debian.org>  Thu, 20 Aug 2015 10:38:58 +0100
+openssh (1:6.7p1-5) unstable; urgency=medium
+  openssh-server 1:6.7p1-4 changed the default setting of AcceptEnv to list
+  a number of specific LC_FOO variables rather than the wildcard LC_*.  I
+  have since been persuaded that this was a bad idea and have reverted it,
+  but it is difficult to automatically undo the change to
+  /etc/ssh/sshd_config without compounding the problem (that of modifying
+  configuration that some users did not want to be modified) further.  Most
+  users who upgraded via version 1:6.7p1-4 should restore the previous value
+  of "AcceptEnv LANG LC_*" in /etc/ssh/sshd_config.
+ -- Colin Watson <cjwatson@debian.org>  Sun, 22 Mar 2015 23:09:32 +0000
+openssh (1:5.4p1-2) unstable; urgency=low
+  Smartcard support is now available using PKCS#11 tokens.  If you were
+  previously using an unofficial build of Debian's OpenSSH package with
+  OpenSC-based smartcard support added, then note that commands like
+  'ssh-add -s 0' will no longer work; you need to use 'ssh-add -s
+  /usr/lib/opensc-pkcs11.so' instead.
+ -- Colin Watson <cjwatson@debian.org>  Sat, 10 Apr 2010 01:08:59 +0100
+openssh (1:3.8.1p1-9) experimental; urgency=low
+  The ssh package has been split into openssh-client and openssh-server. If
+  you had previously requested that the sshd server should not be run, then
+  that request will still be honoured. However, the recommended approach is
+  now to remove the openssh-server package if you do not want to run sshd.
+  You can remove the old /etc/ssh/sshd_not_to_be_run marker file after doing
+  that.
+ -- Colin Watson <cjwatson@debian.org>  Mon,  2 Aug 2004 20:48:54 +0100
+openssh (1:3.5p1-1) unstable; urgency=low
+  This version of OpenSSH disables the environment option for public keys by
+  default, in order to avoid certain attacks (for example, LD_PRELOAD). If
+  you are using this option in an authorized_keys file, beware that the keys
+  in question will no longer work until the option is removed.
+  To re-enable this option, set "PermitUserEnvironment yes" in
+  /etc/ssh/sshd_config after the upgrade is complete, taking note of the
+  warning in the sshd_config(5) manual page.
+ -- Colin Watson <cjwatson@debian.org>  Sat, 26 Oct 2002 19:41:51 +0100
+openssh (1:3.0.1p1-1) unstable; urgency=high
+  As of version 3, OpenSSH no longer uses separate files for ssh1 and ssh2
+  keys. This means the authorized_keys2 and known_hosts2 files are no longer
+  needed. They will still be read in order to maintain backward
+  compatibility.
+ -- Matthew Vernon <matthew@debian.org>  Thu, 28 Nov 2001 17:43:01 +0000

diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 000000000..518294b5c --- /dev/null +++ b/debian/NEWS
@@ -0,0 +1,179 @@
	1	openssh (1:7.5p1-1) experimental; urgency=medium
	2
	3	OpenSSH 7.5 includes a number of changes that may affect existing
	4	configurations:
	5
	6	* This release deprecates the sshd_config UsePrivilegeSeparation option,
	7	thereby making privilege separation mandatory.
	8
	9	* The format of several log messages emitted by the packet code has
	10	changed to include additional information about the user and their
	11	authentication state. Software that monitors ssh/sshd logs may need to
	12	account for these changes. For example:
	13
	14	Connection closed by user x 1.1.1.1 port 1234 [preauth]
	15	Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
	16	Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]
	17
	18	Affected messages include connection closure, timeout, remote
	19	disconnection, negotiation failure and some other fatal messages
	20	generated by the packet code.
	21
	22	-- Colin Watson <cjwatson@debian.org> Sun, 02 Apr 2017 02:58:01 +0100
	23
	24	openssh (1:7.4p1-7) unstable; urgency=medium
	25
	26	This version restores the default for AuthorizedKeysFile to search both
	27	~/.ssh/authorized_keys and ~/.ssh/authorized_keys2, as was the case in
	28	Debian configurations before 1:7.4p1-1. Upstream intends to phase out
	29	searching ~/.ssh/authorized_keys2 by default, so you should ensure that
	30	you are only using ~/.ssh/authorized_keys, at least for critical
	31	administrative access; do not assume that the current default will remain
	32	in place forever.
	33
	34	-- Colin Watson <cjwatson@debian.org> Sun, 05 Mar 2017 02:12:42 +0000
	35
	36	openssh (1:7.4p1-1) unstable; urgency=medium
	37
	38	OpenSSH 7.4 includes a number of changes that may affect existing
	39	configurations:
	40
	41	* ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
	42	block ciphers are not safe in 2016 and we don't want to wait until
	43	attacks like SWEET32 are extended to SSH. As 3des-cbc was the only
	44	mandatory cipher in the SSH RFCs, this may cause problems connecting to
	45	older devices using the default configuration, but it's highly likely
	46	that such devices already need explicit configuration for key exchange
	47	and hostkey algorithms already anyway.
	48	* sshd(8): Remove support for pre-authentication compression. Doing
	49	compression early in the protocol probably seemed reasonable in the
	50	1990s, but today it's clearly a bad idea in terms of both cryptography
	51	(cf. multiple compression oracle attacks in TLS) and attack surface.
	52	Pre-auth compression support has been disabled by default for >10
	53	years. Support remains in the client.
	54	* ssh-agent will refuse to load PKCS#11 modules outside a whitelist of
	55	trusted paths by default. The path whitelist may be specified at
	56	run-time.
	57	* sshd(8): When a forced-command appears in both a certificate and an
	58	authorized keys/principals command= restriction, sshd will now refuse
	59	to accept the certificate unless they are identical. The previous
	60	(documented) behaviour of having the certificate forced-command
	61	override the other could be a bit confusing and error-prone.
	62	* sshd(8): Remove the UseLogin configuration directive and support for
	63	having /bin/login manage login sessions.
	64
	65	The unprivileged sshd process that deals with pre-authentication network
	66	traffic is now subject to additional sandboxing restrictions by default:
	67	that is, the default sshd_config now sets UsePrivilegeSeparation to
	68	"sandbox" rather than "yes". This has been the case upstream for a while,
	69	but until now the Debian configuration diverged unnecessarily.
	70
	71	-- Colin Watson <cjwatson@debian.org> Tue, 27 Dec 2016 18:01:46 +0000
	72
	73	openssh (1:7.2p1-1) unstable; urgency=medium
	74
	75	OpenSSH 7.2 disables a number of legacy cryptographic algorithms by
	76	default in ssh:
	77
	78	* Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and the
	79	rijndael-cbc aliases for AES.
	80	* MD5-based and truncated HMAC algorithms.
	81
	82	These algorithms are already disabled by default in sshd.
	83
	84	-- Colin Watson <cjwatson@debian.org> Tue, 08 Mar 2016 11:47:20 +0000
	85
	86	openssh (1:7.1p1-2) unstable; urgency=medium
	87
	88	OpenSSH 7.0 disables several pieces of weak, legacy, and/or unsafe
	89	cryptography.
	90
	91	* Support for the legacy SSH version 1 protocol is disabled by default at
	92	compile time. Note that this also means that the Cipher keyword in
	93	ssh_config(5) is effectively no longer usable; use Ciphers instead for
	94	protocol 2. The openssh-client-ssh1 package includes "ssh1", "scp1",
	95	and "ssh-keygen1" binaries which you can use if you have no alternative
	96	way to connect to an outdated SSH1-only server; please contact the
	97	server administrator or system vendor in such cases and ask them to
	98	upgrade.
	99	* Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is
	100	disabled by default at run-time. It may be re-enabled using the
	101	instructions at http://www.openssh.com/legacy.html
	102	* Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by
	103	default at run-time. These may be re-enabled using the instructions at
	104	http://www.openssh.com/legacy.html
	105	* Support for the legacy v00 cert format has been removed.
	106
	107	Future releases will retire more legacy cryptography, including:
	108
	109	* Refusing all RSA keys smaller than 1024 bits (the current minimum is
	110	768 bits).
	111	* Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc,
	112	all arcfour variants, and the rijndael-cbc aliases for AES.
	113	* MD5-based HMAC algorithms will be disabled by default.
	114
	115	-- Colin Watson <cjwatson@debian.org> Tue, 08 Dec 2015 15:33:08 +0000
	116
	117	openssh (1:6.9p1-1) unstable; urgency=medium
	118
	119	UseDNS now defaults to 'no'. Configurations that match against the client
	120	host name (via sshd_config or authorized_keys) may need to re-enable it or
	121	convert to matching against addresses.
	122
	123	-- Colin Watson <cjwatson@debian.org> Thu, 20 Aug 2015 10:38:58 +0100
	124
	125	openssh (1:6.7p1-5) unstable; urgency=medium
	126
	127	openssh-server 1:6.7p1-4 changed the default setting of AcceptEnv to list
	128	a number of specific LC_FOO variables rather than the wildcard LC_*. I
	129	have since been persuaded that this was a bad idea and have reverted it,
	130	but it is difficult to automatically undo the change to
	131	/etc/ssh/sshd_config without compounding the problem (that of modifying
	132	configuration that some users did not want to be modified) further. Most
	133	users who upgraded via version 1:6.7p1-4 should restore the previous value
	134	of "AcceptEnv LANG LC_*" in /etc/ssh/sshd_config.
	135
	136	-- Colin Watson <cjwatson@debian.org> Sun, 22 Mar 2015 23:09:32 +0000
	137
	138	openssh (1:5.4p1-2) unstable; urgency=low
	139
	140	Smartcard support is now available using PKCS#11 tokens. If you were
	141	previously using an unofficial build of Debian's OpenSSH package with
	142	OpenSC-based smartcard support added, then note that commands like
	143	'ssh-add -s 0' will no longer work; you need to use 'ssh-add -s
	144	/usr/lib/opensc-pkcs11.so' instead.
	145
	146	-- Colin Watson <cjwatson@debian.org> Sat, 10 Apr 2010 01:08:59 +0100
	147
	148	openssh (1:3.8.1p1-9) experimental; urgency=low
	149
	150	The ssh package has been split into openssh-client and openssh-server. If
	151	you had previously requested that the sshd server should not be run, then
	152	that request will still be honoured. However, the recommended approach is
	153	now to remove the openssh-server package if you do not want to run sshd.
	154	You can remove the old /etc/ssh/sshd_not_to_be_run marker file after doing
	155	that.
	156
	157	-- Colin Watson <cjwatson@debian.org> Mon, 2 Aug 2004 20:48:54 +0100
	158
	159	openssh (1:3.5p1-1) unstable; urgency=low
	160
	161	This version of OpenSSH disables the environment option for public keys by
	162	default, in order to avoid certain attacks (for example, LD_PRELOAD). If
	163	you are using this option in an authorized_keys file, beware that the keys
	164	in question will no longer work until the option is removed.
	165
	166	To re-enable this option, set "PermitUserEnvironment yes" in
	167	/etc/ssh/sshd_config after the upgrade is complete, taking note of the
	168	warning in the sshd_config(5) manual page.
	169
	170	-- Colin Watson <cjwatson@debian.org> Sat, 26 Oct 2002 19:41:51 +0100
	171
	172	openssh (1:3.0.1p1-1) unstable; urgency=high
	173
	174	As of version 3, OpenSSH no longer uses separate files for ssh1 and ssh2
	175	keys. This means the authorized_keys2 and known_hosts2 files are no longer
	176	needed. They will still be read in order to maintain backward
	177	compatibility.
	178
	179	-- Matthew Vernon <matthew@debian.org> Thu, 28 Nov 2001 17:43:01 +0000