22612856 man sshd_config(5) needs to call out hmac-sha1 as enabled by default
authorJan Parcel <jan.parcel@oracle.com>
Fri, 29 Jan 2016 13:12:25 -0800
changeset 5372 0f0d5e50998d
parent 5369 f78fddfac74d
child 5373 51f7f594bd6f
22612856 man sshd_config(5) needs to call out hmac-sha1 as enabled by default
components/openssh/patches/039-sshd_config_5_defaults.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/039-sshd_config_5_defaults.patch	Fri Jan 29 13:12:25 2016 -0800
@@ -0,0 +1,22 @@
+#
+# hmac-sha1 is heavily used in the world, and customers updating openssh should 
+# not be afraid that updating will make hmac-sha1 become non-default
+# without notice to them when in fact it is still enabled for sshd by default.
+#
+# This patch will be submitted upstream.  If the omission was deliberate, as
+# part of a deprecation process, then we can decide at that time how to 
+# notify customers of the upcoming deprecation.
+# 
+
+diff -rupN old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5	2016-01-28 13:47:34.630632408 -0800
++++ new/sshd_config.5	2016-01-28 13:48:34.129479936 -0800
[email protected]@ -1018,7 +1018,7 @@ The default is:
+ [email protected],[email protected],
+ [email protected],[email protected],
+ [email protected],[email protected],
+-hmac-sha2-256,hmac-sha2-512
++hmac-sha2-256,hmac-sha2-512,hmac-sha1
+ .Ed
+ .Pp
+ The list of available MAC algorithms may also be obtained using the