PSARC/2015/395 OpenSSH 7.1p1
PSARC 2014/390 OpenSSH GSSKEY
21696247 upgrade OpenSSH to 7.1p1
22031540 problem in UTILITY/OPENSSH
22022180 problem in UTILITY/OPENSSH
22048638 problem in UTILITY/OPENSSH
19775805 OpenSSH contains a redundant call to do_pam_setcred()
21379157 OpenSSH shouldn't call setproject(3PROJECT) when configured to use PAM
20919294 upgrade OpenSSH to 6.8p1
19130869 migrate the Xforwarding bug fix (15350344) from SunSSH to OpenSSH
21861322 OpenSSH client hangs on broken pipe
22018764 remove cast128-cbc from OpenSSH
21919790 add GSSKeyEx as an alias to GSSAPIKeyExchange in OpenSSH
19941148 GSS-API Key Exchange for OpenSSH
21643415 OpenSSH should use AI_ADDRCONFIG per bug 19827438
20370803 OpenSSH patch number collision
20711463 OpenSSH wants to be able to login to a role too
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
22582153 openssh system/linker should be added to core REQ
#
# Originally we planned to only deprecate client config (ssh_config) options
# and leave it up to system administrators to remove all SunSSH specific
# server config (sshd_config) options. In internal testing we have discovered,
# that this would bring too much trouble to the said administrators.
# The probability of these options appearing in existing sshd_config files
# is higher than initially though, because some of the options have been in
# default sshd_config file for very long time. Also the consequence of
# unknown server option is harsh - ssh service goes to maintenance mode
# possible rendering the instance not accessible. For this reason we will
# deprecate SunSSH specific sshd_config options too.
#
# This is a Solaris specific change to ease the transition and will not be
# offered upstream.
#
diff -pur old/servconf.c new/servconf.c
--- old/servconf.c
+++ new/servconf.c
@@ -518,6 +518,7 @@ static struct {
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+ { "gssauthentication", sGssAuthentication, SSHCFG_ALL }, /* alias */
#ifdef USE_GSS_STORE_CRED
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
#else /* USE_GSS_STORE_CRED */
@@ -526,6 +527,7 @@ static struct {
{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
+ { "gssauthentication", sUnsupported, SSHCFG_ALL }, /* alias */
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
#endif
@@ -592,6 +594,30 @@ static struct {
{ "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
{ "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
#endif
+#ifdef DEPRECATE_SUNSSH_OPT
+ /*
+ * On Solaris, to make the transition from SunSSH to OpenSSH as smooth
+ * as possible, we will deprecate SunSSH-only options in OpenSSH.
+ * Therefore on a system having one of the following options in
+ * /etc/ssh/sshd_config, change to OpenSSH will not result in service
+ * network/ssh going to maintenance. Instead, a warning will be printed
+ * to /var/svc/log/network-ssh:default.log. Note that
+ * this is an interim enhancement to OpenSSH to make the transition
+ * smoother. If a deprecated SunSSH-only option is migrated to OpenSSH
+ * later, then it will be changed from deprecated to supported.
+ */
+ { "maxauthtrieslog", sDeprecated, SSHCFG_GLOBAL },
+ { "lookupclienthostnames", sDeprecated, SSHCFG_GLOBAL },
+ { "useopensslengine", sDeprecated, SSHCFG_GLOBAL },
+ { "preuserauthhook", sDeprecated, SSHCFG_ALL},
+ { "kmfpolicydatabase", sDeprecated, SSHCFG_GLOBAL },
+ { "kmfpolicyname", sDeprecated, SSHCFG_GLOBAL },
+ { "trustedanchorkeystore", sDeprecated, SSHCFG_GLOBAL },
+ { "useunsupportedsshv1", sDeprecated, SSHCFG_GLOBAL },
+ { "usefips140", sDeprecated, SSHCFG_ALL},
+ { "gssapistoredelegatedcredentials", sDeprecated, SSHCFG_ALL },
+ { "gssstoredelegcreds", sDeprecated, SSHCFG_ALL },
+#endif
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },