rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity
1,230 Commits 9 Branches 61 Tags 11 MiB
c10s
Commit Graph

30 Commits

Author SHA1 Message Date
Dmitry Belyavskiy
0802365f07 Use FIPS KEX defaults in FIPS mode 
Resolves: RHEL-58986
 2024-10-11 14:15:51 +02:00
Dmitry Belyavskiy
07172f36c4 Update to OpenSSH 9.9p1 
Resolves: RHEL-60564
 2024-10-10 12:30:39 +02:00
Dmitry Belyavskiy
1c01acf847 Change ssh-keygen defaults in FIPS mode 
Resolves: RHEL-37324
 2024-07-26 13:18:20 +02:00
Dmitry Belyavskiy
089d798931 Rebase OpenSSH to 9.8p1 
Resolves: RHEL-42635
 2024-07-25 15:30:04 +02:00
Norbert Pocs
fb40f0afda Merge evp related patches 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-06-08 13:57:23 +02:00
Dmitry Belyavskiy
f561c68bdb Rebasing OpenSSH from 9.0 to 9.3 2023-06-02 15:38:27 +02:00
Dmitry Belyavskiy
c9904c7c8a Fix build against updated OpenSSL 
Resolves: rhbz#2158966
 2023-01-09 12:48:20 +01:00
Dmitry Belyavskiy
03150f6281 OpenSSH Rebase to 9.0p1 
Related: rhbz#2057466
 2022-08-15 09:28:25 +02:00
Dmitry Belyavskiy
9fd6981674 Add patches from CentOS/RHEL9.1 
Related: rhbz#2117264
 2022-08-10 19:58:47 +02:00
Dmitry Belyavskiy
7b76af5292 OpenSSH 8.8p1 rebase 
Related: rhbz#2007967
 2021-11-29 14:37:28 +01:00
Dmitry Belyavskiy
f32b842272 OpenSSH release update 
Resolves: rhbz#1950819
8.5p1 => 8.6p1
 2021-04-29 16:37:35 +02:00
Jakub Jelen
25c16c68f5 openssh-8.5p1-1 + 0.10.4-2 2021-03-03 11:08:52 +01:00
Jakub Jelen
bd35168662 8.4p1-1 + 0.10.4-1 2020-09-29 14:53:14 +02:00
Jakub Jelen
5cd9552fc4 8.3p1-1 + 0.10.3-10 2020-05-27 09:57:29 +02:00
Jakub Jelen
eb546ec1a7 Drop fipscheck dependency and non-standard fips checks 2020-03-30 16:38:36 +02:00
Jakub Jelen
fbd5f1bee2 Print FIPS mode initialized in debug mode after the configuration is processed 
Amends ee9cb00
 2020-03-30 16:38:36 +02:00
Jakub Jelen
57ba1bd853 Restore gssapi-canohost.patch (#1749862) 
This is useful when connecting through proxyjump in combination with
GSSAPITrustDNS yes, because we can not get remote address of such socket.

https://src.fedoraproject.org/rpms/openssh/blob/f29/f/openssh-6.1p1-gssapi-canohost.patch
 2020-03-30 16:38:36 +02:00
Jakub Jelen
51f5c1c99f openssh-8.2p1-1 + 0.10.3-9 2020-02-17 14:34:41 +01:00
Jakub Jelen
ee9cb005b3 Do not write information about FIPS mode to stderr (#1778224) 2020-02-17 14:34:04 +01:00
Jakub Jelen
36fef5669a openssh-8.1p1-1 + 0.10.3-8 2019-10-09 10:24:21 +02:00
Jakub Jelen
5eb2d51328 Add missing hostkey certificate algorithms to the FIPS list 2019-07-26 09:27:52 +02:00
Jakub Jelen
d19ba936f2 Do not attempt to generate DSA and ED25519 keys in FIPS mode 2019-07-26 09:27:52 +02:00
Jakub Jelen
f660e11adc FIPS: Do not fail if FIPS-unsupported algorithm is provided in configuration or on command line 
This effectively allows to use some previously denied algorithms
in FIPS mode, but they are not enabled in default hardcoded configuration
and disabled by FIPS crypto policy.

Additionally, there is no guarantee they will work in underlying OpenSSL.

Resolves: rhbz#1625318
 2019-05-07 11:57:30 +02:00
Jakub Jelen
def1debf2e openssh-8.0p1-1 + 0.10.3-7 
Resolves rhbz#1701072
 2019-04-29 14:12:13 +02:00
Jakub Jelen
cb35953bec The FIPS_mode() is in different header file 2019-03-21 17:02:28 +01:00
Jakub Jelen
81a703d751 Do not allow negotiation of unknown primes with DG GEX in FIPS mode 2019-03-12 15:16:35 +01:00
Jakub Jelen
e8876f1b1f Honor GSSAPIServerIdentity for GSSAPI Key Exchange (#1637167) 2018-10-19 11:41:34 +02:00
Jakub Jelen
eaa7af2e41 rebase patches to openssh-7.9p1 2018-10-19 11:41:07 +02:00
Jakub Jelen
bbf61daf97 openssh-7.8p1-1 + 0.10.3-5 
New upstream release including:
 * Dropping entropy patch
 * Remove default support for MD5 fingerprints
 * Porting all the downstream patches and pam_ssh_agent_auth
   to new sshbuf and sshkey API
 * pam_ssh_agent_auth is no longer using MD5 fingerprints
 2018-08-24 23:16:24 +02:00
Jakub Jelen
44e2032a0a fips: Show real list of kex algoritms in FIPS 2018-08-08 10:18:27 +02:00