diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2021-09-08 01:05:51 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2022-02-09 19:53:11 +0000 |
| commit | 317a38ab65334cbd24bd020b20b11041423d142f (patch) | |
| tree | 4589b448f2eb7a5fd1a77c073e24060d8fdc0451 /crypto/openssh/ssh.h | |
| parent | bbe50accc9ee80dd6b2636d8648c9748a3bfb30c (diff) | |
openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes:
- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.
Additional integration work is needed to support FIDO/U2F in the base
system.
Deprecation Notice
------------------
OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.
Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985
(cherry picked from commit 19261079b74319502c6ffa1249920079f0f69a72)
(cherry picked from commit f448c3ed4ae1281861913a56377f9d93d49f8e8e)
(cherry picked from commit 1f290c707a19d1695c303e6c8ead9cc414ccc6dc)
(cherry picked from commit 0f9bafdfc325779e4ecc5154d5bb06c752297138)
(cherry picked from commit adb56e58e8db84d8087ebe3d3e7def0074cb5a90)
(cherry picked from commit 576b58108c1723c85e4dd00355e29bfe301dab11)
(cherry picked from commit 1c99af1ebe61cbaf633792941640dcd254acf921)
(cherry picked from commit 87152f34054921632016bc5eb4ab9f836fbaa522)
(cherry picked from commit 172fa4aa7577915bf5ace5783251821d3774dc05)
Diffstat (limited to 'crypto/openssh/ssh.h')
| -rw-r--r-- | crypto/openssh/ssh.h | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/crypto/openssh/ssh.h b/crypto/openssh/ssh.h index 5abfd7a688fe..8110c060287f 100644 --- a/crypto/openssh/ssh.h +++ b/crypto/openssh/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.88 2018/06/06 18:29:18 markus Exp $ */ +/* $OpenBSD: ssh.h,v 1.90 2020/07/14 23:57:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -68,6 +68,11 @@ #define SSH_ASKPASS_ENV "SSH_ASKPASS" /* + * Environment variable to control whether or not askpass is used. + */ +#define SSH_ASKPASS_REQUIRE_ENV "SSH_ASKPASS_REQUIRE" + +/* * Force host key length and server key length to differ by at least this * many bits. This is to make double encryption with rsaref work. */ @@ -93,3 +98,7 @@ /* Listen backlog for sshd, ssh-agent and forwarding sockets */ #define SSH_LISTEN_BACKLOG 128 + +/* Limits for banner exchange */ +#define SSH_MAX_BANNER_LEN 8192 +#define SSH_MAX_PRE_BANNER_LINES 1024 |