Re: [HEADS UP]: OpenSSH 7.2 to Fedora 23
On Mar 3 09:53, Jakub Jelen wrote: > On 03/03/2016 09:31 AM, Corinna Vinschen wrote: > >Hi Jakub, > > > >On Mar 2 17:48, Jakub Jelen wrote: > >>Hi there, > >>I just pushed openssh-7.2 update [1] into Fedora 23 testing. There are no > >>incompatible changes except these: > >As I reported to the openssh-unix-dev list, as well as in > >https://bodhi.fedoraproject.org/updates/openssh-7.2p1-1.fc23, > >this release silently removes the /usr/bin/slogin symlink pointing to > >/usr/bin/ssh, because upstream removed the Makefile commands creating > >it at install time. Same for slogin.1 -> ssh.1. > > > >This will break lots of installations (scripts, keyboard shortcuts, etc). > > > >For the Cygwin distro I now added the missing rules to the spec file, > >along the lines of > > > > cd ${DESTDIR}/usr/bin > > ln -s ./ssh.exe slogin > > cd ${DESTDIR}/usr/share/man/man1 > > ln -s ./ssh.1 slogin.1 > > > >Please create slogin in the rpm spec file as well. > Thanks for the notice. My bad that I thought that symlink is just ancient > stuff from old times. I will respin update with restored symlink for Fedora > 23. > > Do you think that we need to carry this symlink even to Fedora 24? Do you > have some examples of scripts using slogin? They should probably also get > fixed. I'm not aware of scripts in the distro using slogin. But I'm aware of user installations using slogin. The slogin symlink exists for 20 years now. Just removing it is bound to break local configurations for no good reason. If upstream can't be bothered to keep up with slogin it's bad, but from my POV a distro should not break user configurations if it's not a big problem to keep them running. So, yes, I think the symlinks should be maintained by the distros in future. Corinna signature.asc Description: PGP signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [HEADS UP]: OpenSSH 7.2 to Fedora 23
On 03/03/2016 09:31 AM, Corinna Vinschen wrote: Hi Jakub, On Mar 2 17:48, Jakub Jelen wrote: Hi there, I just pushed openssh-7.2 update [1] into Fedora 23 testing. There are no incompatible changes except these: As I reported to the openssh-unix-dev list, as well as in https://bodhi.fedoraproject.org/updates/openssh-7.2p1-1.fc23, this release silently removes the /usr/bin/slogin symlink pointing to /usr/bin/ssh, because upstream removed the Makefile commands creating it at install time. Same for slogin.1 -> ssh.1. This will break lots of installations (scripts, keyboard shortcuts, etc). For the Cygwin distro I now added the missing rules to the spec file, along the lines of cd ${DESTDIR}/usr/bin ln -s ./ssh.exe slogin cd ${DESTDIR}/usr/share/man/man1 ln -s ./ssh.1 slogin.1 Please create slogin in the rpm spec file as well. Thanks for the notice. My bad that I thought that symlink is just ancient stuff from old times. I will respin update with restored symlink for Fedora 23. Do you think that we need to carry this symlink even to Fedora 24? Do you have some examples of scripts using slogin? They should probably also get fixed. Upstream also probably didn't see it as a big deal: https://anongit.mindrot.org/openssh.git/commit/?id=69fead5d7cdaa73bdece9fcba80f8e8e70b90346 -- Jakub Jelen Associate Software Engineer Security Technologies Red Hat -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
[HEADS UP]: OpenSSH 7.2 to Fedora 23
Hi there, I just pushed openssh-7.2 update [1] into Fedora 23 testing. There are no incompatible changes except these: * the minimum modulus size supported for diffie-hellman-group-exchange was increased to 2048 bits, * several legacy cryptographic algorithms and MD5-based and truncated HMAC algorithms were disabled on client side. which might be some trouble when connecting to old systems. If you need to use some of these fancy ciphers or HMACs, you need to configure your client to use them explicitly, for example: ssh -o Ciphers=+blowfish-cbc -o MACs=+hmac-md5-96 your_host or store appropriate values to the ~/.ssh/config. SSH should now also yield reasonable messages when it was not able to negotiate particular algorithms. My tests passed and the package is already for few days in rawhide and f24, but another testing would be appreciated, especially quick check if some of your common use cases are not disturbed. And there are also some fancy features you might want to give a try such ad-hoc adding keys to ssh-agent or new keyword restrict to use in authorized_keys file [2]. Thanks for attention and have a great day, [1] https://bodhi.fedoraproject.org/updates/openssh-7.2p1-1.fc23 [2] http://www.openssh.com/txt/release-7.2 -- Jakub Jelen Security Technologies Red Hat -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org