内容简介:OpenSSH 7.8 已发布。它包含对用户名枚举漏洞的修复;此外,私钥文件的默认格式已更改,已删除对运行 ssh setuid root 的支持,还添加了几个新的签名算法等等。 OpenSSH 是一个 100% 完整的 SSH 2.0 协议实现,包...
OpenSSH 7.8 已发布。它包含对用户名枚举漏洞的修复;此外,私钥文件的默认格式已更改,已删除对运行 ssh setuid root 的支持,还添加了几个新的签名算法等等。
OpenSSH 是一个 100% 完整的 SSH 2.0 协议实现,包括 sftp 客户端和服务器支持。
此版本包含许多可能影响现有配置的变更:
* ssh-keygen(1): write OpenSSH format private keys by default instead of using OpenSSL's PEM format. The OpenSSH format, supported in OpenSSH releases since 2014 and described in the PROTOCOL.key file in the source distribution, offers substantially better protection against offline password guessing and supports key comments in private keys. If necessary, it is possible to write old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments when generating or updating a key. * sshd(8): remove internal support for S/Key multiple factor authentication. S/Key may still be used via PAM or BSD auth. * ssh(1): remove vestigal support for running ssh(1) as setuid. This used to be required for hostbased authentication and the (long gone) rhosts-style authentication, but has not been necessary for a long time. Attempting to execute ssh as a setuid binary, or with uid != effective uid will now yield a fatal error at runtime. * sshd(8): the semantics of PubkeyAcceptedKeyTypes and the similar HostbasedAcceptedKeyTypes options have changed. These now specify signature algorithms that are accepted for their respective authentication mechanism, where previously they specified accepted key types. This distinction matters when using the RSA/SHA2 signature algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate counterparts. Configurations that override these options but omit these algorithm names may cause unexpected authentication failures (no action is required for configurations that accept the default for these options). * sshd(8): the precedence of session environment variables has changed. ~/.ssh/environment and environment="..." options in authorized_keys files can no longer override SSH_* variables set implicitly by sshd. * ssh(1)/sshd(8): the default IPQoS used by ssh/sshd has changed. They will now use DSCP AF21 for interactive traffic and CS1 for bulk. For a detailed rationale, please see the commit message: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh...
更多发布说明请点此查看。
下载地址 https://www.openbsd.org/faq/faq4.html#Download
【声明】文章转载自:开源中国社区 [http://www.oschina.net]
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:- OpenSSH用户枚举漏洞:一探究竟
- 漏洞分析:OpenSSH用户枚举漏洞(CVE-2018-15473)分析
- OpenSSH用户枚举漏洞(CVE-2018-15473)分析
- OpenSSH 7.8 发布,修复了用户名枚举漏洞
- Apache Roller服务器侧请求伪造和文件枚举漏洞(CVE-2018-17198)
- c# – 枚举时项目发生变化时是否会影响枚举?
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
形式感+:网页视觉设计创意拓展与快速表现
晋小彦 / 清华大学出版社 / 2014-1-1 / 59.00元
网页设计师从早年的综合性工作中分化出来,形成了相对独立的专业岗位,网页设计也不再是单纯的软件应用,它衍生出了许多独立的研究方向,当网站策划、交互体验都逐渐独立之后,形式感的突破和表现成为网页视觉设计的一项重要工作。随着时代的发展,网页设计更接近于一门艺术。网络带宽和硬件的发展为网页提供了使用更大图片、动画甚至视频的权利,而这些也为视觉设计师提供了更多表现的空间。另外多终端用户屏幕(主要是各种移动设......一起来看看 《形式感+:网页视觉设计创意拓展与快速表现》 这本书的介绍吧!