OpenSSH yog qhov ua tiav ntawm SSH 2.0 raws tu qauv, suav nrog SFTP kev txhawb nqa.
Qhov kev tso tawm no suav nrog kev txhawb nqa rau FIDO / U2F hardware authenticators. FIDO cov cuab yeej tam sim no tau txais kev txhawb nqa raws li hom tshiab "ecdsa-sk" thiab "ed25519-sk", nrog rau cov ntawv pov thawj sib xws.
Qhov kev tso tawm no suav nrog ntau qhov kev hloov pauv uas yuav cuam tshuam rau cov uas twb muaj lawm
configurations:
- Tshem tawm "ssh-rsa" los ntawm CASignatureAlgorithms cov npe. Tam sim no, thaum kos npe rau daim ntawv pov thawj tshiab, "rsa-sha2-512" yuav raug siv los ntawm lub neej ntawd;
- Lub diffie-hellman-group14-sha1 algorithm tau raug tshem tawm rau ob tus neeg siv khoom thiab tus neeg rau zaub mov;
- Thaum siv cov nqi hluav taws xob ps, sshd txheej txheem npe tam sim no qhia cov naj npawb ntawm cov kev sib txuas sim kom paub tseeb thiab cov kev txwv teeb tsa siv MaxStartups;
- Ntxiv cov ntaub ntawv tshiab executable ssh-sk-helper. Nws yog tsim los cais FIDO/U2F cov tsev qiv ntawv.
Nws kuj tau tshaj tawm tias kev txhawb nqa rau SHA-1 hashing algorithm yuav tsis ntev.
Tau qhov twg los: linux.org.ru ua