This is an old revision of the document!
OpenSSH 7.0 is out!
Nuovo importante aggiornamento della famosa suite creata dagli autori di OpenBSD !
201508.16
Pochi giorni fà gli autori di OpenSSH hanno rilasciato la nuovissima versione (7.0) della suite per la creazione di connessioni sicure e crittografate.
Leggendo le release note, in questa nuova versione oltre a correggere molti bug, disabilita di default molte “features” rituenute obsolete:
- Support for the legacy SSH version 1 protocol is disabled by default at compile time.
- Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time. It may be re-enabled using the instructions at http://www.openssh.com/legacy.html
- Support for
ssh-dss
,ssh-dss-cert-*
host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html - Support for the legacy v00 cert format has been removed.
- The default for the sshd_config(5)
PermitRootLogin
option has changed from“yes”
to“prohibit-password”
. PermitRootLogin=without-password/prohibit-password
now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled).
Nelle prossime release verranno inoltre eliminati alcuni algoritmi “legacy”:
- Refusing all RSA keys smaller than 1024 bits (the current minimum is 768 bits)
- Several ciphers will be disabled by default:
blowfish-cbc
,cast128-cbc
, allarcfour
variants and therijndael-cbc
aliases for AES. - MD5-based HMAC algorithms will be disabled by default.
Fonte http://www.openssh.com