allow protocol 2 only on the server-side (client-side still allows protocol 1) and add CTR based ciphers

17 years ago · 4754f7994d
3 changed files with 4 additions and 3 deletions
--- a/openssh/openssh.spec
+++ b/openssh/openssh.spec
@ -38,7 +38,7 @@ Class:        CORE
 Group:        SSH
 License:      BSD
 Version:      %{V_base}%{V_portable}
-Release:      20081122
+Release:      20081223
 #   package options
 %option       with_fsl          yes
--- a/openssh/ssh_config
+++ b/openssh/ssh_config
@ -17,7 +17,7 @@ Host *
    HostKeyAlgorithms                  ssh-rsa,ssh-dss
    PreferredAuthentications           hostbased,publickey,keyboard-interactive,password
    Cipher                             3des
-    Ciphers                            aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+    Ciphers                            aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,arcfour256,arcfour128,arcfour,3des-cbc,blowfish-cbc,cast128-cbc
    MACs                               hmac-sha1,hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
    Compression                        yes
    CompressionLevel                   4
--- a/openssh/sshd_config
+++ b/openssh/sshd_config
@ -7,7 +7,8 @@ ListenAddress            127.0.0.1
 Subsystem                sftp @l_prefix@/libexec/openssh/sftp-server
-Protocol                 2,1
+Protocol                 2
 Ciphers                  aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,arcfour256,arcfour128,arcfour,3des-cbc,blowfish-cbc,cast128-cbc
 HostKey                  @l_prefix@/etc/openssh/ssh_host_key
 HostKey                  @l_prefix@/etc/openssh/ssh_host_rsa_key
 HostKey                  @l_prefix@/etc/openssh/ssh_host_dsa_key