summaryrefslogtreecommitdiff
path: root/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog48
1 files changed, 48 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index ccee48f9d..42450d4d3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,51 @@
1openssh (1:7.0p1-1) UNRELEASED; urgency=medium
2
3 * New upstream release (http://www.openssh.com/txt/release-7.0, closes:
4 #785190):
5 - Support for the legacy SSH version 1 protocol is disabled by default
6 at compile time.
7 - Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is
8 disabled by default at run-time. It may be re-enabled using the
9 instructions at http://www.openssh.com/legacy.html
10 - Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by
11 default at run-time. These may be re-enabled using the instructions
12 at http://www.openssh.com/legacy.html
13 - Support for the legacy v00 cert format has been removed.
14 - The default for the sshd_config(5) PermitRootLogin option has changed
15 from "yes" to "prohibit-password".
16 - PermitRootLogin=without-password/prohibit-password now bans all
17 interactive authentication methods, allowing only public-key,
18 hostbased and GSSAPI authentication (previously it permitted
19 keyboard-interactive and password-less authentication if those were
20 enabled).
21 - ssh_config(5): Add PubkeyAcceptedKeyTypes option to control which
22 public key types are available for user authentication.
23 - sshd_config(5): Add HostKeyAlgorithms option to control which public
24 key types are offered for host authentications.
25 - ssh(1), sshd(8): Extend Ciphers, MACs, KexAlgorithms,
26 HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes
27 options to allow appending to the default set of algorithms instead of
28 replacing it. Options may now be prefixed with a '+' to append to the
29 default, e.g. "HostKeyAlgorithms=+ssh-dss".
30 - sshd_config(5): PermitRootLogin now accepts an argument of
31 'prohibit-password' as a less-ambiguous synonym of 'without-
32 password'.
33 - ssh(1), sshd(8): Add compatability workarounds for Cisco and more
34 PuTTY versions.
35 - Fix some omissions and errors in the PROTOCOL and PROTOCOL.mux
36 documentation relating to Unix domain socket forwarding.
37 - ssh(1): Improve the ssh(1) manual page to include a better description
38 of Unix domain socket forwarding (closes: #779068).
39 - ssh(1), ssh-agent(1): Skip uninitialised PKCS#11 slots, fixing
40 failures to load keys when they are present.
41 - ssh(1), ssh-agent(1): Do not ignore PKCS#11 hosted keys that wth empty
42 CKA_ID.
43 - sshd(8): Clarify documentation for UseDNS option.
44 - Check realpath(3) behaviour matches what sftp-server requires and use
45 a replacement if necessary.
46
47 -- Colin Watson <cjwatson@debian.org> Sun, 29 Nov 2015 17:32:44 +0000
48
1openssh (1:6.9p1-3) unstable; urgency=medium 49openssh (1:6.9p1-3) unstable; urgency=medium
2 50
3 * ssh_config(5): Fix markup errors in description of GSSAPITrustDns 51 * ssh_config(5): Fix markup errors in description of GSSAPITrustDns