目前,OpenSSH 7.8 (Fedora 28/Arch) 无法使用证书签名密钥与 OpenSSH 7.4 (CentOS 7) 服务器协商,如redhat 的 bugzilla 上提交的错误所述。OpenSSH 发行说明表明现在必须明确定义签名协商算法的更改。虽然现在允许使用 2 个新的签名算法(自 7.7 起),但由于错误或有意,ssh-rsa-cert-v01@openssh.com 用户证书不再能够用于身份验证。
重现步骤:
我试图通过修改证书签名过程中使用的算法来解决这个问题。
ssh-keygen -L -f test.crt
test.crt:
Type: ssh-rsa-cert-v01@openssh.com user certificate
Public key: RSA-CERT SHA256:<fingerprint>
Signing CA: RSA SHA256:<fingerprint>
ssh-keygen 的默认设置是在 ssh-rsa-cert-v01@openssh.com 中对密钥进行签名。
根据 OpenSSH 7.8 文档,PROTOCOL.certkeys。
All certificate types include certification information along with the
public …我正在执行从 CentOS 7.4 到 CentOS 7.5 的 yum 更新,当 nspr 和 nss soft-softoken 收到更新时,出现以下错误:
yum update nspr
error: Failed to initialize NSS library
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:
cannot import name ts
Please install a package which provides this module, or
verify that the module is installed correctly.
It's possible that the above module doesn't match the
current version of Python, which is:
2.7.5 …