What is the UnixWare 7.1.4 OpenSSH 6.6.1p1 Package? The OpenSSH 6.6.1p1 package is an updated OpenSSH for UnixWare 7.1.4 that addresses the following problems or new features. Problems Fixed -------------- 1. Addressing concerns regarding CVE-2014-0160 or CVE-2014-0346 a.k.a Heartbleed OpenSSL Bug. The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g had a deficiency which would allow remote hackers obtain sensitive data. OpenSSH uses code from OpenSSL, but only the crypto library (libcrypto) which is not affected by the heartbleed bug. The OpenSSH, version 6.2.p1 that was released with the UnixWare 7.1.4+ products, statically linked against libcrypto library is not susceptible to CVE-2014-0160 related attacks. 2. Fix for CVE-2014-0076 - issue allowing local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. Features Added to OpenSSH 6.6.1p1 --------------------------------- 1. Support for ED25519 keys and a back-ported fix from OpenSSH 6.7 that corrects some incorrect key failures. 2. Support for non-root users sftp'ing into a chrooted environment. Contents -------- /usr/share/openssh/LICENCE /etc/ssh/6.6.1p1/ssh_config /etc/ssh/6.6.1p1/sshd_config /etc/ssh/6.6.1p1/moduli /etc/init.d/opensshd /etc/rc0.d/K30opensshd=/etc/init.d/opensshd /etc/rc1.d/K30opensshd=/etc/init.d/opensshd /etc/rc2.d/S98opensshd=/etc/init.d/opensshd /usr/bin/scp /usr/bin/sftp /usr/bin/slogin=/usr/bin/ssh /usr/bin/ssh /usr/bin/ssh-add /usr/bin/ssh-agent /usr/bin/ssh-keygen /usr/bin/ssh-keyscan /usr/sbin/sftp-server /usr/sbin/ssh-keysign /usr/sbin/ssh-pkcs11-helper /usr/sbin/sshd /usr/man/html.1/scp.1.html /usr/man/html.1/sftp.1.html /usr/man/html.1/slogin.1.html /usr/man/html.1/ssh-add.1.html /usr/man/html.1/ssh-agent.1.html /usr/man/html.1/ssh-keygen.1.html /usr/man/html.1/ssh-keyscan.1.html /usr/man/html.1/ssh.1.html /usr/man/html.5/moduli.5.html /usr/man/html.5/ssh_config.5.html /usr/man/html.5/sshd_config.5.html /usr/man/html.8/sftp-server.8.html /usr/man/html.8/ssh-keysign.8.html /usr/man/html.8/ssh-pkcs11-helper.8.html /usr/man/html.8/sshd.8.html Software Notes and Recommendations ---------------------------------- The UW714 OpenSSH 6.6.1p1 package is intended for installation on UnixWare 7.1.4 Maintenance Pack 4 UnixWare 7.1.4+ Caution: If this package is installed on UW 7.1.4 MP4 and the system is later upgraded to UW7.1.4+, This version of OpenSSH may be replaced by and earlier version. If that should happen, simply reinstall this package to correct the problem. Installation Instructions ------------------------- 1. Download the openssh-6.6.1p1.image file to the /tmp directory on your machine. 2. As root, add the package to your system using these commands: $ su - Password: # pkgadd -d /tmp/openssh-6.6.1p1.image $ su - Password: # pkgadd -qd /tmp/openssh-6.6.1p1.image all 3. There is no need to reboot the system after installing this package. The package installation process will have terminate a running sshd before installing the new software. Once the new software is on the system, a new sshd process will be started. 4. The upgrade process will not modify existing /etc/ssh/ssh_config, /etc/ssh/sshd_config, and /etc/ssh/moduli settings. OpenSSH 6.6.1p1 may have modified default option settings as well as have additional options than the earlier openSSH being replaced. The default configuration files will be installed in the /etc/ssh/6.6.1p1 directory. System administrators should review the 6.6.1p1 default options and update the active system /etc/ssh/ssh_config, /etc/ssh/sshd_config, and /etc/ssh/moduli settings accordingly. Two strongly recommended changes to /etc/ssh/sshd_config are: PrintMotd no # no need to duplicate the message of the day PrintLastLog no # PAM authentication will print last login info Removal Instructions -------------------- 1. As root, remove the package using these commands: $ su - Password: # pkgrm openssh 2. It is not necessary to reboot your system after removing this package. 3. Your system does not contain an OpenSSH (ssh or sshd) after removal of this package If you have questions regarding this supplement, or the product on which it is installed, please contact your software supplier.