[ol8_baseos_latest] openssh-8.0p1-4.el8_1.x86_64

SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

Changelog (Show File list) (Show related packages)

• Wed Jan 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-4 + 0.10.3-7

  - Restore entropy patch for CC certification (#1785655)

• Tue Jul 23 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-3 + 0.10.3-7

  - Fix typos in manual pages (#1668325)
  - Use the upstream support for PKCS#8 PEM files alongside with the legacy PEM files (#1712436)
  - Unbreak ssh-keygen -A in FIPS mode (#1732424)
  - Add missing RSA certificate types to offered hostkey types in FIPS mode (#1732449)

• Wed Jun 12 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-2 + 0.10.3-7

  - Allow specifying a pin-value in PKCS #11 URI in ssh-add (#1639698)
  - Whitelist another syscall variant for s390x cryptographic module (ibmca engine) (#1714915)

• Tue May 14 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-1 + 0.10.3-7

  - New upstream release (#1691045)
  - Remove support for unused VendorPatchLevel configuration option
  - Fix kerberos cleanup procedures (#1683295)
  - Do not negotiate arbitrary primes with DH GEX in FIPS (#1685096)
  - Several GSSAPI key exchange improvements and sync with Debian
  - Allow to use labels in PKCS#11 URIs even if they do not match on private key (#1671262)
  - Do not fall back to sshd_net_t SELinux context (#1678695)
  - Use FIPS compliant high-level signature OpenSSL API and KDF
  - Mention crypto-policies in manual pages
  - Do not fail if non-FIPS approved algorithm is enabled in FIPS
  - Generate the PEM files in new PKCS#8 format without the need of MD5 (#1712436)

• Mon Nov 26 2018 Jakub Jelen <jjelen@redhat.com> - 7.8p1-4 + 0.10.3-5

  - Unbreak PKCS#11 URI tests (#1648262)
  - Allow to disable RSA signatures with SHA1 (#1648898)
  - Dump missing GSS options from client configuration (#1649505)
  - Minor fixes from Fedora related to GSSAPI and keberos
  - Follow the system-wide PATH settings

• Mon Sep 24 2018 Jakub Jelen <jjelen@redhat.com> - 7.8p1-3 + 0.10.3-5

  - Disable OpenSSH hardening flags and use the ones provided by system (#1630615)
  - Ignore unknown parts of PKCS#11 URI (#1631478)
  - Do not fail with GSSAPI enabled in match blocks (#1580017)
  - Fix the segfaulting cavs test (#1629692)

• Fri Aug 31 2018 Jakub Jelen <jjelen@redhat.com> - 7.8p1-2 + 0.10.3-5

  - New upstream release fixing CVE 2018-15473
  - Remove unused patches
  - Remove reference to unused enviornment variable SSH_USE_STRONG_RNG
  - Address coverity issues
  - Unbreak scp between two IPv6 hosts (#1620333)
  - Unbreak GSSAPI key exchange (#1624323)
  - Unbreak rekeying with GSSAPI key exchange (#1624344)

• Thu Aug 09 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-6 + 0.10.3-4

  - Fix listing of kex algoritms in FIPS mode
  - Allow aes-gcm cipher modes in FIPS mode
  - Coverity fixes

• Tue Jul 03 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-5 + 0.10.3-4

  - Disable manual printing of motd by default (#1591381)

• Wed Jun 27 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-4 + 0.10.3-4

  - Better handling of kerberos tickets storage (#1566494)
  - Add pam_motd to pam stack (#1591381)