Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ---- datatemplateentry news ---- type : news template : news:template:article year : 2015 month : 08 day : 16 pubdate_dt : 2015-08-16 title : OpenSSH 7.0 is out! image : https://upload.wikimedia.org/wikipedia/en/6/65/OpenSSH_logo.png source_url : http://www.openssh.com description : Nuovo importante aggiornamento della famosa suite creata dagli autori di OpenBSD ! ---- Pochi giorni fà gli autori di OpenSSH hanno rilasciato la nuovissima versione (7.0) della suite per la creazione di connessioni sicure e crittografate. Leggendo la [[http://www.openssh.com/txt/release-7.0|release note]], in questa nuova versione oltre a correggere molti bug, disabilita di default molte "features" rituenute obsolete in modo da aumentare la sicurezza: * Support for the legacy __SSH version 1__ protocol is disabled by default at compile time. * Support for the 1024-bit ''diffie-hellman-group1-sha1'' key exchange is disabled by default at run-time. It may be re-enabled using the instructions at http://www.openssh.com/legacy.html * Support for ''ssh-dss'', ''ssh-dss-cert-*'' host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html * Support for the legacy ''v00'' cert format has been removed. * The default for the [[man>sshd_config(5)]] ''PermitRootLogin'' option has changed from ''"yes"'' to ''"prohibit-password"''. * ''PermitRootLogin=without-password/prohibit-password'' now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled). Nelle prossime release verranno inoltre eliminati alcuni algoritmi "legacy": * Refusing all RSA keys smaller than 1024 bits (the current minimum is 768 bits) * Several ciphers will be disabled by default: ''blowfish-cbc'', ''cast128-cbc'', all ''arcfour'' variants and the ''rijndael-cbc'' aliases for AES. * MD5-based HMAC algorithms will be disabled by default. Prima di aggiornare le nostre Linux-Box alla nuova versione di OpenSSH è importante ricordare che il supporto alla versione "1" di SSH ed l'algoritmo DSS, sono stato disabilitati di default. Nel caso in cui si utilizza ancora questo algoritmo, si consiglia di aggiornare le proprie chiavi ad un algoritmo più recente come RSA. **Fonte** http://www.openssh.com {{tag>news 2015/08}} ~~NewsArticle~~ news/2015/08/16/openssh-7.0-is-out.txt Last modified: 8 years agoby Giuseppe Di Terlizzi Log In