New features ------------ * ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1): the ssh_config "Include" directive can now expand environment as well as the same set of %-tokens "Match Exec" supports. * sshd(8): add a sshd_config "RefuseConnection" option that, if set will terminate the connection at the first authentication request. * sshd(8): add a "refuseconnection" penalty class to sshd_config PerSourcePenalties that is applied when a connection is dropped by the new RefuseConnection keyword. * sshd(8): add a "Match invalid-user" predicate to sshd_config Match options that matches when the target username is not valid on the server. * ssh(1), sshd(8): update the Streamlined NTRUPrime code to a substantially faster implementation. * ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange algorithm now has an IANA-assigned name in addition to the "@openssh.com" vendor extension name. This algorithm is now also available under this name IANAsntrup761x25519-sha512IANA * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and FreeBSD. * All: convert key handling to use the libcrypto EVP_PKEY API, with the exception of DSA. * sshd(8): add a random amount of jitter (up to 4 seconds) to the grace login time to make its expiry unpredictable.
- A hozzászóláshoz be kell jelentkezni
Hozzászólások
Rossz a cím: sed "s,9.2,9.9,". Néztem is, az archlinux az jövőben jár-e (9.9p1-1)
- A hozzászóláshoz be kell jelentkezni
>available under this name IANAsntrup761x25519-sha512IANA
mit szivnak ezek? :)
- A hozzászóláshoz be kell jelentkezni
Hát ha egyszer ez a neve az IANA registryben: https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ss…
- A hozzászóláshoz be kell jelentkezni
korrigalom: mit szivnak azok? :)
- A hozzászóláshoz be kell jelentkezni
Régen a szervereket híres emberekről vagy karakterekről neveztük el, ők ezt a hagyományt követik, csak Elon Musk gyerekei nevével
- A hozzászóláshoz be kell jelentkezni