This is an old revision of the document!

OpenSSH 7.0 is out!

Nuovo importante aggiornamento della famosa suite creata dagli autori di OpenBSD !

201508.16

Pochi giorni fà gli autori di OpenSSH hanno rilasciato la nuovissima versione (7.0) della suite per la creazione di connessioni sicure e crittografate.

Leggendo le release note, in questa nuova versione oltre a correggere molti bug, disabilita di default molte “features” rituenute obsolete:

• Support for the legacy SSH version 1 protocol is disabled by default at compile time.
• Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time. It may be re-enabled using the instructions at http://www.openssh.com/legacy.html
• Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html
• Support for the legacy v00 cert format has been removed.
• The default for the sshd_config(5) PermitRootLogin option has changed from “yes” to “prohibit-password”.
• PermitRootLogin=without-password/prohibit-password now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled).

Nelle prossime release verranno inoltre eliminati alcuni algoritmi “legacy”:

• Refusing all RSA keys smaller than 1024 bits (the current minimum is 768 bits)
• Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES.
• MD5-based HMAC algorithms will be disabled by default.

Fonte http://www.openssh.com