Next revision | Previous revision |
news:2015:08:16:openssh-7.0-is-out [2015/08/16 23:26] – created Giuseppe Di Terlizzi | news:2015:08:16:openssh-7.0-is-out [2015/11/12 22:41] (current) – Giuseppe Di Terlizzi |
---|
title : OpenSSH 7.0 is out! | title : OpenSSH 7.0 is out! |
image : https://upload.wikimedia.org/wikipedia/en/6/65/OpenSSH_logo.png | image : https://upload.wikimedia.org/wikipedia/en/6/65/OpenSSH_logo.png |
source_url : http:\\www.openssh.com | source_url : http://www.openssh.com |
description : Nuovo importante aggiornamento della famosa suite creata dagli autori di OpenBSD ! | description : Nuovo importante aggiornamento della famosa suite creata dagli autori di OpenBSD ! |
---- | ---- |
Pochi giorni fà gli autori di OpenSSH hanno rilasciato la nuovissima versione (7.0) della suite per la creazione di connessioni sicure e crittografate. | Pochi giorni fà gli autori di OpenSSH hanno rilasciato la nuovissima versione (7.0) della suite per la creazione di connessioni sicure e crittografate. |
| |
Leggendo le [[http://www.openssh.com/txt/release-7.0|release note]], in questa nuova versione oltre a correggere molti bug, disabilita di default molte "features" rituenute obsolete: | Leggendo la [[http://www.openssh.com/txt/release-7.0|release note]], in questa nuova versione oltre a correggere molti bug, disabilita di default molte "features" rituenute obsolete in modo da aumentare la sicurezza: |
| |
* Support for the legacy SSH version 1 protocol is disabled by default at compile time. | * Support for the legacy __SSH version 1__ protocol is disabled by default at compile time. |
* Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time. It may be re-enabled using the instructions at http://www.openssh.com/legacy.html | * Support for the 1024-bit ''diffie-hellman-group1-sha1'' key exchange is disabled by default at run-time. It may be re-enabled using the instructions at http://www.openssh.com/legacy.html |
* Support for ''ssh-dss'', ''ssh-dss-cert-*'' host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html | * Support for ''ssh-dss'', ''ssh-dss-cert-*'' host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html |
* Support for the legacy v00 cert format has been removed. | * Support for the legacy ''v00'' cert format has been removed. |
* The default for the [[man>sshd_config(5)]] ''PermitRootLogin'' option has changed from ''"yes"'' to ''"prohibit-password"''. | * The default for the [[man>sshd_config(5)]] ''PermitRootLogin'' option has changed from ''"yes"'' to ''"prohibit-password"''. |
* ''PermitRootLogin=without-password/prohibit-password'' now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled). | * ''PermitRootLogin=without-password/prohibit-password'' now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled). |
* Several ciphers will be disabled by default: ''blowfish-cbc'', ''cast128-cbc'', all ''arcfour'' variants and the ''rijndael-cbc'' aliases for AES. | * Several ciphers will be disabled by default: ''blowfish-cbc'', ''cast128-cbc'', all ''arcfour'' variants and the ''rijndael-cbc'' aliases for AES. |
* MD5-based HMAC algorithms will be disabled by default. | * MD5-based HMAC algorithms will be disabled by default. |
| |
| Prima di aggiornare le nostre Linux-Box alla nuova versione di OpenSSH è importante ricordare che il supporto alla versione "1" di SSH ed l'algoritmo DSS, sono stato disabilitati di default. Nel caso in cui si utilizza ancora questo algoritmo, si consiglia di aggiornare le proprie chiavi ad un algoritmo più recente come RSA. |
| |
**Fonte** http://www.openssh.com | **Fonte** http://www.openssh.com |