* Support for the legacy SSH version 1 protocol is disabled by
default at compile time.
* Support for the 1024-bit diffie-hellman-group1-sha1 key exchange
is disabled by default at run-time. It may be re-enabled using
the instructions at http://www.openssh.com/legacy.
* Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
by default at run-time. These may be re-enabled using the
instructions at http://www.openssh.com/legacy.
* Support for the legacy v00 cert format has been removed.
* The default for the sshd_config(5) PermitRootLogin option has
changed from "yes" to "prohibit-password".
* PermitRootLogin=without-password/prohibit-password now bans all
interactive authentication methods, allowing only public-key,
hostbased and GSSAPI authentication (previously it permitted
keyboard-interactive and password-less authentication if those
Sunday, January 17, 2016
Yesterday, there was a security advisory regarding openssh client vulnerability that have been in the repository for few years back. Most of the focus is on the server side, but this time, the vulnerable part is the client side. Instead of backporting the relevant fixes, Pat decided to upgrade all OpenSSH packages in all supported Slackware releases to 7.1p2. As you may know, OpenSSH 7.0 introduced several changes which might be backward-incompatible changes: