openssh: sync local ssh_config + sshd_config files with upstream 7.7p1

Changes are mostly related to the removal of support for SSH v.1 protocol, which was dropped from openssh sshd in 7.4p1: https://www.openssh.com/txt/release-7.4 (From OE-Core rev: b81389c50e0d191e31f71af82d86bfbb37b83acc) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andre McCurdy <armccurdy@gmail.com> 2018-06-07 11:48:38 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-06-15 17:56:25 +0100
commit: 958fd9e6f9bad7f071973c942707b2573183db06 (patch)
tree: ee357b5d3576b48a97e9c7ef0ea26af3b9a771e7 /meta
parent: 6c13d5d8d04b83498ef522abe1c3b595005d60cd (diff)
download: poky-958fd9e6f9bad7f071973c942707b2573183db06.tar.gz
2 files changed, 14 insertions, 27 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
index 9e919156d3..e0d023803e 100644
--- a/meta/recipes-connectivity/openssh/openssh/ssh_config
+++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
+#       $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -31,14 +31,14 @@ Host *
 #   AddressFamily any
 #   ConnectTimeout 0
 #   StrictHostKeyChecking ask
-#   IdentityFile ~/.ssh/identity
 #   IdentityFile ~/.ssh/id_rsa
 #   IdentityFile ~/.ssh/id_dsa
+#   IdentityFile ~/.ssh/id_ecdsa
+#   IdentityFile ~/.ssh/id_ed25519
 #   Port 22
-#   Protocol 2,1
+#   Protocol 2
-#   Cipher 3des
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
-#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
-#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
 #   EscapeChar ~
 #   Tunnel no
 #   TunnelDevice any:any
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index b7c3ccd984..15f061b570 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+#       $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -7,7 +7,7 @@
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
-# possible, but leave them commented.  Uncommented options change a
+# possible, but leave them commented.  Uncommented options override the
 # default value.
 #Port 22
@@ -15,42 +15,30 @@
 #ListenAddress 0.0.0.0
 #ListenAddress ::
-# The default requires explicit activation of protocol 1
-Protocol 2
-# HostKey for protocol version 1
-#HostKey /etc/ssh/ssh_host_key
-# HostKeys for protocol version 2
 #HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key
-# Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 1h
-#ServerKeyBits 1024
 # Ciphers and keying
 #RekeyLimit default none
 # Logging
-# obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH
 #LogLevel INFO
 # Authentication:
 #LoginGraceTime 2m
-#PermitRootLogin yes
+#PermitRootLogin prohibit-password
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
-#RSAAuthentication yes
 #PubkeyAuthentication yes
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedKeysFile      .ssh/authorized_keys
 #AuthorizedPrincipalsFile none
@@ -58,11 +46,9 @@ AuthorizedKeysFile .ssh/authorized_keys
 #AuthorizedKeysCommandUser nobody
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
-# similar for protocol version 2
 #HostbasedAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
-# RhostsRSAAuthentication and HostbasedAuthentication
+# HostbasedAuthentication
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
@@ -71,7 +57,8 @@ AuthorizedKeysFile .ssh/authorized_keys
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
-# Change to no to disable s/key passwords
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
 ChallengeResponseAuthentication no
 # Kerberos options
@@ -110,7 +97,7 @@ ChallengeResponseAuthentication no
 Compression no
 ClientAliveInterval 15
 ClientAliveCountMax 4
-#UseDNS yes
+#UseDNS no
 #PidFile /var/run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
author	Andre McCurdy <armccurdy@gmail.com>	2018-06-07 11:48:38 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-06-15 17:56:25 +0100
commit	958fd9e6f9bad7f071973c942707b2573183db06 (patch)
tree	ee357b5d3576b48a97e9c7ef0ea26af3b9a771e7 /meta
parent	6c13d5d8d04b83498ef522abe1c3b595005d60cd (diff)
download	poky-958fd9e6f9bad7f071973c942707b2573183db06.tar.gz