summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorAndre McCurdy <armccurdy@gmail.com>2018-06-07 11:48:38 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-06-15 17:56:25 +0100
commit958fd9e6f9bad7f071973c942707b2573183db06 (patch)
treeee357b5d3576b48a97e9c7ef0ea26af3b9a771e7 /meta
parent6c13d5d8d04b83498ef522abe1c3b595005d60cd (diff)
downloadpoky-958fd9e6f9bad7f071973c942707b2573183db06.tar.gz
openssh: sync local ssh_config + sshd_config files with upstream 7.7p1
Changes are mostly related to the removal of support for SSH v.1 protocol, which was dropped from openssh sshd in 7.4p1: https://www.openssh.com/txt/release-7.4 (From OE-Core rev: b81389c50e0d191e31f71af82d86bfbb37b83acc) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/ssh_config12
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_config29
2 files changed, 14 insertions, 27 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
index 9e919156d3..e0d023803e 100644
--- a/meta/recipes-connectivity/openssh/openssh/ssh_config
+++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ 1# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $
2 2
3# This is the ssh client system-wide configuration file. See 3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for 4# ssh_config(5) for more information. This file provides defaults for
@@ -31,14 +31,14 @@ Host *
31# AddressFamily any 31# AddressFamily any
32# ConnectTimeout 0 32# ConnectTimeout 0
33# StrictHostKeyChecking ask 33# StrictHostKeyChecking ask
34# IdentityFile ~/.ssh/identity
35# IdentityFile ~/.ssh/id_rsa 34# IdentityFile ~/.ssh/id_rsa
36# IdentityFile ~/.ssh/id_dsa 35# IdentityFile ~/.ssh/id_dsa
36# IdentityFile ~/.ssh/id_ecdsa
37# IdentityFile ~/.ssh/id_ed25519
37# Port 22 38# Port 22
38# Protocol 2,1 39# Protocol 2
39# Cipher 3des 40# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
40# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc 41# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
41# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
42# EscapeChar ~ 42# EscapeChar ~
43# Tunnel no 43# Tunnel no
44# TunnelDevice any:any 44# TunnelDevice any:any
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index b7c3ccd984..15f061b570 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -1,4 +1,4 @@
1# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ 1# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
2 2
3# This is the sshd server system-wide configuration file. See 3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information. 4# sshd_config(5) for more information.
@@ -7,7 +7,7 @@
7 7
8# The strategy used for options in the default sshd_config shipped with 8# The strategy used for options in the default sshd_config shipped with
9# OpenSSH is to specify options with their default value where 9# OpenSSH is to specify options with their default value where
10# possible, but leave them commented. Uncommented options change a 10# possible, but leave them commented. Uncommented options override the
11# default value. 11# default value.
12 12
13#Port 22 13#Port 22
@@ -15,42 +15,30 @@
15#ListenAddress 0.0.0.0 15#ListenAddress 0.0.0.0
16#ListenAddress :: 16#ListenAddress ::
17 17
18# The default requires explicit activation of protocol 1
19Protocol 2
20
21# HostKey for protocol version 1
22#HostKey /etc/ssh/ssh_host_key
23# HostKeys for protocol version 2
24#HostKey /etc/ssh/ssh_host_rsa_key 18#HostKey /etc/ssh/ssh_host_rsa_key
25#HostKey /etc/ssh/ssh_host_ecdsa_key 19#HostKey /etc/ssh/ssh_host_ecdsa_key
26#HostKey /etc/ssh/ssh_host_ed25519_key 20#HostKey /etc/ssh/ssh_host_ed25519_key
27 21
28# Lifetime and size of ephemeral version 1 server key
29#KeyRegenerationInterval 1h
30#ServerKeyBits 1024
31
32# Ciphers and keying 22# Ciphers and keying
33#RekeyLimit default none 23#RekeyLimit default none
34 24
35# Logging 25# Logging
36# obsoletes QuietMode and FascistLogging
37#SyslogFacility AUTH 26#SyslogFacility AUTH
38#LogLevel INFO 27#LogLevel INFO
39 28
40# Authentication: 29# Authentication:
41 30
42#LoginGraceTime 2m 31#LoginGraceTime 2m
43#PermitRootLogin yes 32#PermitRootLogin prohibit-password
44#StrictModes yes 33#StrictModes yes
45#MaxAuthTries 6 34#MaxAuthTries 6
46#MaxSessions 10 35#MaxSessions 10
47 36
48#RSAAuthentication yes
49#PubkeyAuthentication yes 37#PubkeyAuthentication yes
50 38
51# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 39# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
52# but this is overridden so installations will only check .ssh/authorized_keys 40# but this is overridden so installations will only check .ssh/authorized_keys
53AuthorizedKeysFile .ssh/authorized_keys 41AuthorizedKeysFile .ssh/authorized_keys
54 42
55#AuthorizedPrincipalsFile none 43#AuthorizedPrincipalsFile none
56 44
@@ -58,11 +46,9 @@ AuthorizedKeysFile .ssh/authorized_keys
58#AuthorizedKeysCommandUser nobody 46#AuthorizedKeysCommandUser nobody
59 47
60# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 48# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
61#RhostsRSAAuthentication no
62# similar for protocol version 2
63#HostbasedAuthentication no 49#HostbasedAuthentication no
64# Change to yes if you don't trust ~/.ssh/known_hosts for 50# Change to yes if you don't trust ~/.ssh/known_hosts for
65# RhostsRSAAuthentication and HostbasedAuthentication 51# HostbasedAuthentication
66#IgnoreUserKnownHosts no 52#IgnoreUserKnownHosts no
67# Don't read the user's ~/.rhosts and ~/.shosts files 53# Don't read the user's ~/.rhosts and ~/.shosts files
68#IgnoreRhosts yes 54#IgnoreRhosts yes
@@ -71,7 +57,8 @@ AuthorizedKeysFile .ssh/authorized_keys
71#PasswordAuthentication yes 57#PasswordAuthentication yes
72#PermitEmptyPasswords no 58#PermitEmptyPasswords no
73 59
74# Change to no to disable s/key passwords 60# Change to yes to enable challenge-response passwords (beware issues with
61# some PAM modules and threads)
75ChallengeResponseAuthentication no 62ChallengeResponseAuthentication no
76 63
77# Kerberos options 64# Kerberos options
@@ -110,7 +97,7 @@ ChallengeResponseAuthentication no
110Compression no 97Compression no
111ClientAliveInterval 15 98ClientAliveInterval 15
112ClientAliveCountMax 4 99ClientAliveCountMax 4
113#UseDNS yes 100#UseDNS no
114#PidFile /var/run/sshd.pid 101#PidFile /var/run/sshd.pid
115#MaxStartups 10:30:100 102#MaxStartups 10:30:100
116#PermitTunnel no 103#PermitTunnel no