Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at Wed Mar 31 19:31:49 CEST 2010. -------- --- openssh/openssh.changes 2010-03-23 18:59:32.000000000 +0100 +++ /mounts/work_src_done/STABLE/openssh/openssh.changes 2010-03-25 11:07:20.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Mar 25 11:00:00 CET 2010 - meissner@suse.de + +- Enable VisualHostKey (ascii art of the hostkey fingerprint) and + HashHostKeys (hardening measure to make them unusable for worms/malicious + users for further host hopping). + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- openssh-5.4p1-sshconfig-knownhostschanges.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh-askpass-gnome.spec ++++++ --- /var/tmp/diff_new_pack.mqnibC/_old 2010-03-31 19:30:29.000000000 +0200 +++ /var/tmp/diff_new_pack.mqnibC/_new 2010-03-31 19:30:29.000000000 +0200 @@ -23,7 +23,7 @@ License: BSD3c(or similar) Group: Productivity/Networking/SSH Version: 5.4p1 -Release: 1 +Release: 2 Requires: openssh = %{version} openssh-askpass = %{version} AutoReqProv: on Summary: A GNOME-Based Passphrase Dialog for OpenSSH ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.mqnibC/_old 2010-03-31 19:30:29.000000000 +0200 +++ /var/tmp/diff_new_pack.mqnibC/_new 2010-03-31 19:30:30.000000000 +0200 @@ -36,7 +36,7 @@ Conflicts: nonfreessh AutoReqProv: on Version: 5.4p1 -Release: 1 +Release: 2 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) Url: http://www.openssh.com/ @@ -68,6 +68,7 @@ Patch16: %{name}-%{version}-pts.diff Patch17: %{name}-%{version}-forwards.diff Patch18: %{name}-%{version}-homechroot.patch +Patch19: %{name}-%{version}-sshconfig-knownhostschanges.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %package askpass @@ -112,6 +113,7 @@ %patch16 %patch17 %patch18 +%patch19 cp -v %{SOURCE4} . cp -v %{SOURCE6} . cd ../x11-ssh-askpass-%{xversion} ++++++ openssh-5.4p1-sshconfig-knownhostschanges.diff ++++++ Index: ssh_config =================================================================== --- ssh_config.orig +++ ssh_config @@ -67,5 +67,14 @@ ForwardX11Trusted yes SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL -# VisualHostKey no +# This will print the fingerprint of the host key in "visual" form +# this should make it easier to also recognize bad things +# (enabled for openSUSE Factory before 11.3, if too much people are against, +# we can disable it again. meissner@novell.com) +VisualHostKey yes + +# This will hash new host keys and make them so unusable for malicious +# people or software trying to use known_hosts to find further hops. +HashKnownHosts yes + # ProxyCommand ssh -q -W %h:%p gateway.example.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org