Quest OpenSSH Change Summary
http://rc.quest.com/topics/openssh/
Configuration defaults changed:
* sshd_config:
GSSAPIAuthentication no -> yes
GSSAPIKeyExchange no -> yes
GSSAPIStrictAcceptorCheck yes -> no
HostKeys - yes
UsePAM no -> yes
X11Forwarding no -> yes
* ssh_config:
GSSAPIAuthentication no -> yes
GSSAPIKeyExchange no -> yes
GSSAPIDelegateCredentials no -> yes
HashKnownHosts no -> yes
ServicePrincipalName - NULL
Protocol 2,1 -> 2
Change History:
5.2p1_q8
-------
- Bug 745: Back port openSSH upstream fix for bug 1528:
https://bugzilla.mindrot.org/show_bug.cgi?id=1528
5.2p1_q7
-------
- Bug 724: No /etc/rc?.d/*sshd-quest files made using response file for install
- Bug 481: /etc/pam.d/sshd layed down is only RH4+ compatable, fails on RH3
5.2p1_q6
-------
- Update copyright year on auth-lam.c
5.2p1_q5
-------
- sshd-quest service no longer optional on Solaris
5.2p1_q4
--------
- Fix Quest revision missing from version number on AIX
5.2p1_q3
--------
- Deny root if PermitRootLogin is not "yes" during LAM authentication
(bug #712).
5.2p1_q2
--------
- Fix double-free bug in AIX LAM authentication code (bug #679)
- Don't explicitly link to libgcc_s, despite what krb5-config might say
(bug #703)
5.0p1_q1
--------
- bug 564: Enabled IPv6 in tcp_wrappers
- bug 514: specifying -h hostkey option to sshd caused corruption
- bug 405: improve build checks
- bug 451: on Solaris 2.6, put PID files in /tmp instead of /var/run
- use openssl-0.9.8g
- bug 409: don't print "Killed by signal 15"
- bug 11: don't use /var/log/btmp on Debian
- show all host fingerprints in HP-UX SAM module
- merge with sxw's openssh-5.0p1-gsskex-20080404.patch
4.7p1_q1
--------
- bug 368: merge with OpenSSH 4.7p1
- bug 185: double stop init script messages
- bug 346: install PAM files
- moved manual pages into the main package
- upstream bug 1368: added -R option to scp
4.6p1_q1
--------
- bug 222: merge with OpenSSH 4.6p1 release
- bug 281: merge with HPN 12v17 patch
- merge with sxw's openssh-4.6p1-gsskex-20070312
- bug 207: 64bit support on Linux/s390x
- OS X build support
- bug 280: NIS+/pam_dhkeys credentials were not established (upstream 1339)
- bug 253: put pid files in /var/run instead of /var/opt/quest/run
- bug 110: add /opt/quest/bin into default PATH for AIX systems (for scp)
- bug 186: correct missing summary information in packages
- KbdInteractiveAuthentication defaults to enabled when UsePAM is enabled
- correct documentation for GSSAPIKeyExchange default
- improved tests for Debian; and aliased host/
- use openssl-0.9.8e; s/390 supoprt + patch from upstream bug 1291
4.5p1_q1.116
-------------
- merge with OpenSSH 4.5p1 release
- bug 123: local account logins failed on hpux11.11 with vas3.1
- bugs 127 128 174: install missing directories
- bug 173: correct problem where ssh*_config not installed
- package name changes
- bug 134: source dist improvements; add build-2.6 make target for VAS2.6
4.4p1q89
--------
- merge with OpenSSH 4.4p1 release
- vintela bug 4150: check VAS version during install
- vintela bug 4319: sshd option GSSAPIStrictAcceptorCheck yes->no
- vintela bug 5428: don't ship ssh-keysign as setuid
- vintela bug 7747: look in VAS2.6 sysconfdir for old host keys first
- vintela bug 8249: revert GSSAPICleanupCredentials to default to yes
- bug 31: home directory creation failed on aix
- bug 49: ssh option HashKnownHosts no->yes
- bug 74: keyboard-interactive for AIX when PAM unavailable
- bug 90: merge with sxw's openssh-4.4p1-gsskex-20061002.patch
- bug 92: sshd option GSSAPIKeyExchange default no->yes
- bug 95: ssh option Protocol default 2,1->2
- bug 99: maintain /etc/pam.d/sshd when suse openssh is uninstalled
- using polypkg for package generation
- bug 54: build with tcp_wrappers
4.3p2q1
-------
- New version numbering scheme.
- use root:bin to own executable files; not root:sys.
- Add RC licence text which shows up under AIX installs.
- allow config.local to specifiy the SRC name
- VAS3 test support
- Merge with OpenSSH 4.3p2 release.
vrc1.9.3
--------
- Merge with OpenSSH 4.3p1 release
- bug 5895: try gssapi before public-key
- bug 6042: empty usernames mapped using GSSAPI
(requires 'UsePrivilegeSeparation no', for now)
- bug 6594: RSA (publickey) failures on Solaris
vrc1.9.2 (unreleased)
--------
- bug 5934: unnecessary initgroup calls delayed
login on systems with many VAS-enabled groups
- bug 6068: user credential cache was lost when using
pam_vas with keyboard-interactive and privsep
- merge with openssh-4.2p1-gsskex-20050926-2.patch
(http://www.sxw.org.uk/computing/patches/openssh.html)
- bug 6379: detect gss gex bugs in vintela putty versions and disable
- bug 6115 (upstream bug 1087): show PAM password expiry messages
vrc1.9.1
--------
- bug 5899: cross-realm authentication workarounds
vrc1.9.0
--------
- Merge with OpenSSH 4.2p1 release
- Change GSSAPIServiceName to ServicePrincipalName
vrc1.8.0
--------
- bug 5651: Add GSSAPIServiceName option
- Add HostKeys and GSSAPIKexExchange options to server
- improve diagnostics for aix credentials
- bugfix: gsskex rekey no longer fails with privsep
- bugfix: occasional superfluous chars after realm
vrc1.7.2
--------
* Merge with OpenSSH 4.1p1 release
vrc1.7.1
--------
- Include gsskex (GSSAPI key exchange) (enhancement bug 3943)
See <http://www.sxw.org.uk/computing/patches/openssh.html>
- bugfix: core dump in AIX on LAM pw expire (bug 4918; mindrot.org bug 1006)
- bugfix: missing pam messages on auth fail (bug 4618; mindrot.org bug 1028)
vrc1.6
------
* Merge with OpenSSH 4.0p1 release
vrc1.5
------
* Do not use a GSSAPI service name constructed from gethostname();
instead let GSSAPI (VAS) choose the service name.
<http://bugzilla.mindrot.org/show_bug.cgi?id=918>
vrc1.4
------
Changes configuration defaults. The rationale behind this was to ease
migration from existing SSH installtions, and to enable by default
features provided by VAS.
sshd_config:
UsePAM no -> yes
- Use VAS (via PAM) to set up user context, mount home etc
GSSAPIAuthentication no -> yes
- prefer use of VAS (via GSSAPI)
GSSAPICleanupCredentials yes -> no
- rely on VAS to remove credentials on session close
X11Forwarding no -> yes
- required for VMX
ssh_config:
GSSAPIAuthentication no->yes
- prefer use of VAS (via GSSAPI)
GSSDelegateCredentials no->yes
- allow credentials to be copied to remote host (improves SSO)
Source: http://rc.quest.com/gitweb/gitweb.cgi?p=openssh.git;a=blob_plain;hb=HEAD;f=ChangeLog.Quest