[{"data":1,"prerenderedAt":55},["ShallowReactive",2],{"zh-cn:CommonContent:/news/2024-09-13-aosc-os-installer-ssh-keys":3},{"id":4,"title":5,"body":6,"categories":44,"date":46,"description":15,"extension":47,"home":48,"important":49,"meta":50,"navigation":49,"path":51,"seo":52,"stem":53,"__hash__":54},"zhCN/news/2024-09-13-aosc-os-installer-ssh-keys.md","安同 OS 离线安装盘意外安装预制 SSH 主机密钥",{"type":7,"value":8,"toc":41},"minimark",[9,17,20,23,33,38],[10,11,12],"p",{},[13,14],"img",{"alt":15,"src":16},"","/assets/news/2024-09-13-aoscos-installer-ssh-keys.png",[10,18,19],{},"由于离线安装盘生成工具中的清理流程设计疏忽，自六月底开始发行的安同 OS 离线安装盘（即文件名由 aosc-os_installer 开头的 ISO 镜像）所包含的系统镜像均未正确清理 SSH 主机密钥，致使安装后的系统中亦使用了该主机密钥。",[10,21,22],{},"考虑到安同 OS 默认开启 SSH 服务，该疏忽恐严重影响用户安全：这些密钥可能导致其它主机能够冒充您的主机的身份，从而窃取您的登入口令和与主机之间的 SSH 会话的内容；但是，如果您使用 SSH 公钥作为登入凭据，则不受影响。",[10,24,25,26],{},"为此，我们紧急发布了 OpenSSH 更新（版本 9.8p1-4）修补这一问题：在匹配到已知泄漏的主机密钥的密码学指纹 (fingerprint) 时，将清理并重新生成系统中的 SSH 主机密钥。",[27,28,29],"u",{},[30,31,32],"strong",{},"如有可能，请尽快更新安同 OS，以免存留安全隐患。",[10,34,35],{},[30,36,37],{},"请注意：更新完成后，AOSC OS 将重启 SSH 服务守护程序，但不会影响当前已经建立的 SSH 连接。如果您对外提供 SSH 服务，您的用户在连接受影响的 SSH/SCP/SFTP 服务时可能会遇到连接错误。因此，您可能需要将有关情况告知您的用户，并引导他们删除先前信任的 SSH 主机密钥记录。",[10,39,40],{},"我们为此带来的不便表示歉意！",{"title":15,"searchDepth":42,"depth":42,"links":43},2,[],[45],"advisories","2024-09-13T04:00:00.000Z","md",false,true,{},"/news/2024-09-13-aosc-os-installer-ssh-keys",{"title":5,"description":15},"news/2024-09-13-aosc-os-installer-ssh-keys","NJEvknpSS6ldgT1WfeDD5nFPTkz-YNqzQbrw92K2qO4",1773742825031]