mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-13 22:30:37 +08:00
geekpi
parent
fbe4c229c1
commit
5e16d7165d
@ -0,0 +1,34 @@
|
||||
Translating---geekpi
|
||||
|
||||
OpenSSH 7.2 Out Now with Support for RSA Signatures Using SHA-256/512 Algorithms
|
||||
========================================================
|
||||
|
||||
**Today, February 29, 2016, the OpenBSD project had the great pleasure of announcing the release and immediate availability for download of OpenSSH 7.2 for all supported platforms.**
|
||||
|
||||
According to the internal [release notes][1], also attached at the end of the article for reference, OpenSSH 7.2 is primarily a bugfix release, fixing most of the issues reported by users or discovered by the development team since the release of OpenSSH 7.1p2, but we can see several new features as well.
|
||||
|
||||
Among these, we can mention support for RSA signatures using SHA-256 or SHA-256 512 hash algorithms, the addition of an AddKeysToAgent client option to add private keys used for authentication to the ssh-agent, and the implementation of the "restrict" authorized_keys option for storing key restrictions.
|
||||
|
||||
Furthermore, there's now an ssh_config CertificateFile option for explicitly listing certificates, the ssh-keygen is now capable of changing the key comment for all supported formats, fingerprinting is now allowed from standard input and for multiple public keys in a file.
|
||||
|
||||
### ssh-keygen now supports multiple certificates
|
||||
|
||||
In addition to the changes mentioned above, OpenSSH 7.2 adds support for multiple certificates to ssh-keygen, one per line, implements the "none" argument for sshd_config ChrootDirectory and Foreground, and the "-c" flag allows ssh-keyscan to fetch certificates instead of plain keys.
|
||||
|
||||
Last but not least, OpenSSH 7.2 no longer enables by default all flavors of the rijndael-cbc aliases for AES, blowfish-cbc, and cast128-cbc legacy ciphers, as well as MD5-based and truncated HMAC algorithms. The getrandom() syscall is now supported under Linux. [Download OpenSSH 7.2][2] and check the changelog below for some additional details about exactly what has been fixed in this major release.
|
||||
|
||||
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://news.softpedia.com/news/openssh-7-2-out-now-with-support-for-rsa-signatures-using-sha-256-512-algorithms-501111.shtml
|
||||
|
||||
作者:[Marius Nestor][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: http://news.softpedia.com/editors/browse/marius-nestor
|
||||
[1]: http://www.openssh.com/txt/release-7.2
|
||||
[2]: http://linux.softpedia.com/get/Security/OpenSSH-4474.shtml
|
||||
@ -1,33 +0,0 @@
|
||||
使用SHA-256/512算法作为RSA签名的OpenSSH 7.2发布了
|
||||
========================================================
|
||||
|
||||
**今天,2016.2.29,OpenBSD项目很高兴地宣布OpenSSH 7.2发布了,并且很块可在所有支持的平台下载。**
|
||||
|
||||
根据内部[发布公告][1],该公告附在了文章的最后,OpenSSH 7.2主要是bug修复,修改了自OpenSSH 7.1p2以来由用户报告和开发团队发现的问题,但是我们可以看到几个新功能。
|
||||
|
||||
这其中,我们可以提到使用了SHA-256 或者 SHA-256 512哈希算法的RSA签名,增加了一个AddKeysToAgent客户端选项添加用于身份验证的ssh-agent的私钥,和实现了一个“restrict”级别的authorized_keys选项用于存储键限制。
|
||||
|
||||
此外,现在ssh_config中CertificateFile选项可以明确列出证书,ssh-keygen现在能够改所有支持的格式的密钥注释、指纹可以来自标准输入,文件可含多个公钥。
|
||||
|
||||
### ssh-keygen现在支持多证书
|
||||
|
||||
除了上面提到的,OpenSSH 7.2正加了ssh-keygen多证书的支持,一个一行,实现了sshd_config ChrootDirectory及前台的0参数,“-c”标志允许ssh-keyscan取回证书而不是文本密钥。
|
||||
|
||||
最后但并非最不重要的,OpenSSH 7.3不再默认启用rijndael-cbc也叫AES,blowfish-cbc、古老的cast128-cbc密码,同样还有基于MD5和截断的HMAC算法。getrandom()系统调用在Linux中支持。[下载OpenSSH 7.2][2]并在更新日志中查看更细节的在本主要更新中修复的问题。
|
||||
|
||||
|
||||
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://news.softpedia.com/news/openssh-7-2-out-now-with-support-for-rsa-signatures-using-sha-256-512-algorithms-501111.shtml
|
||||
|
||||
作者:[Marius Nestor][a]
|
||||
译者:[geekpi](https://github.com/geekpi)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: http://news.softpedia.com/editors/browse/marius-nestor
|
||||
[1]: http://www.openssh.com/txt/release-7.2
|
||||
[2]: http://linux.softpedia.com/get/Security/OpenSSH-4474.shtml
|
||||
Loading…
Reference in New Issue
Block a user