diff --git a/openssh-6.0p1-entropy.patch b/openssh-6.0p1-entropy.patch index e54d7e2..79f05f4 100644 --- a/openssh-6.0p1-entropy.patch +++ b/openssh-6.0p1-entropy.patch @@ -113,13 +113,33 @@ diff -up openssh-6.0p1/ssh.1.entropy openssh-6.0p1/ssh.1 .Sh FILES .Bl -tag -width Ds -compact .It Pa ~/.rhosts -diff -up openssh-6.0p1/ssh-add.1.entropy openssh-6.0p1/ssh-add.1 ---- openssh-6.0p1/ssh-add.1.entropy 2011-10-18 07:06:33.000000000 +0200 -+++ openssh-6.0p1/ssh-add.1 2012-08-06 20:51:59.172033253 +0200 -@@ -161,6 +161,20 @@ Identifies the path of a +diff -up openssh-6.1p1/ssh-add.0.entropy openssh-6.1p1/ssh-add.0 +--- openssh-6.1p1/ssh-add.0.entropy 2012-11-12 13:11:42.717393364 +0100 ++++ openssh-6.1p1/ssh-add.0 2012-11-12 13:12:46.288108790 +0100 +@@ -81,6 +81,16 @@ ENVIRONMENT + Identifies the path of a UNIX-domain socket used to communicate + with the agent. + ++ SSH_USE_STRONG_RNG ++ The reseeding of the OpenSSL random generator is usually done ++ from /dev/urandom. If the SSH_USE_STRONG_RNG environment vari- ++ able is set to value other than 0 the OpenSSL random generator is ++ reseeded from /dev/random. The number of bytes read is defined ++ by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. This set- ++ ting is not recommended on the computers without the hardware ++ random generator because insufficient entropy causes the connec- ++ tion to be blocked until enough entropy is available. ++ + FILES + ~/.ssh/identity + Contains the protocol version 1 RSA authentication identity of +diff -up openssh-6.1p1/ssh-add.1.entropy openssh-6.1p1/ssh-add.1 +--- openssh-6.1p1/ssh-add.1.entropy 2011-10-18 07:06:33.000000000 +0200 ++++ openssh-6.1p1/ssh-add.1 2012-11-12 13:11:24.711476108 +0100 +@@ -160,6 +160,20 @@ to make this work.) + Identifies the path of a .Ux Ns -domain socket used to communicate with the agent. - .El +.It Ev SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from +.Cm /dev/urandom . @@ -134,6 +154,7 @@ diff -up openssh-6.0p1/ssh-add.1.entropy openssh-6.0p1/ssh-add.1 +This setting is not recommended on the computers without the hardware +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. + .El .Sh FILES .Bl -tag -width Ds .It Pa ~/.ssh/identity diff --git a/openssh-6.1p1-required-authentications.patch b/openssh-6.1p1-required-authentications.patch index 203eab9..6901708 100644 --- a/openssh-6.1p1-required-authentications.patch +++ b/openssh-6.1p1-required-authentications.patch @@ -825,25 +825,36 @@ diff -up openssh-6.1p1/sshd_config.5.required-authentication openssh-6.1p1/sshd_ .Cm PubkeyAuthentication , .Cm RhostsRSAAuthentication , .Cm RSAAuthentication , -@@ -931,6 +933,21 @@ Specifies a list of revoked public keys. +@@ -931,6 +933,32 @@ Specifies a list of revoked public keys. Keys listed in this file will be refused for public key authentication. Note that if this file is not readable, then public key authentication will be refused for all users. +.It Cm RequiredAuthentications[12] -+ Specifies required methods of authentications that has to succeed before authorizing the connection. -+ (RequiredAuthentication1 for Protocol version 1, and RequiredAuthentication2 for v2) -+ -+ RequiredAuthentications1 method[,method...] -+ RequiredAuthentications2 method[,method...] -+ ++Specifies required methods of authentications that has to succeed before ++authorizing the connection. (RequiredAuthentication1 for Protocol version 1, ++and RequiredAuthentication2 for v2) ++.Pp ++.Bl -item -offset indent -compact ++.It ++RequiredAuthentications1 method[,method...] ++.It ++RequiredAuthentications2 method[,method...] ++.El +.Pp +Example 1: -+ -+ RequiredAuthentications2 password,hostbased -+ ++.Bl -item -offset indent -compact ++RequiredAuthentications2 password,hostbased ++.El +Example 2: -+ RequiredAuthentications2 publickey,password -+ ++.Bl -item -offset indent -compact ++RequiredAuthentications2 publickey,password ++.El ++.Pp ++Available methods: ++.Bl -item -offset indent -compact ++.It ++password, keyboard-interactive, publickey, hostbased, gssapi-keyex, gssapi-with-mic ++.El .It Cm RhostsRSAAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful RSA host authentication is allowed.