顯示具有 sha1 標籤的文章。 顯示所有文章
顯示具有 sha1 標籤的文章。 顯示所有文章

2025/06/22

今天把oracle linux 8 升到 almalinux 9

首先升到 almalinux 8

dnf update -y

curl -O https://raw.githubusercontent.com/AlmaLinux/almalinux-deploy/master/almalinux-deploy.sh

bash almalinux-deploy.sh


再升到 almalinux 9

dnf -y update

yum install -y http://repo.almalinux.org/elevate/elevate-release-latest-el$(rpm --eval %rhel).noarch.rpm

dnf install -y leapp-upgrade leapp-data-almalinux

leapp preupgrade

查看 log 解決升級會碰到的問題

cpu要改成 x86-64-v2 或以上

leapp upgrade


升完後

dnf -y update 出現以下訊息

warning: Signature not supported. Hash algorithm SHA1 not available.

需要清除有問題的 gpg-pubkey

列出所有 gpg key

rpm -qa gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

刪除以下二個  gpg key

gpg-pubkey-ad986da3-5cabf60d    gpg(Oracle OSS group (Open Source Software group) <build@oss.oracle.com>)

gpg-pubkey-ced7258b-6525146f    gpg(AlmaLinux OS 8 <packager@almalinux.org>)

rpm -e gpg-pubkey-ad986da3-5cabf60d
rpm -e gpg-pubkey-ced7258b-6525146f


目前正常
再觀察看看


張貼者: 沒有留言:
標籤: , , , , , , , ,

2024/06/12

本次弱掃有關SSH出現以下二個中風險


The remote SSH server is configured to allow / support weak key

exchange (KEX) algorithm(s).

Detection Result

The remote SSH server supports the following weak KEX algorithm(s):


KEX algorithm                      | Reason

------------------------------------------------

diffie-hellman-group-exchange-sha1 | Using SHA-1




The remote SSH server is configured to allow / support weak
encryption algorithm(s).
Detection Result
The remote SSH server supports the following weak client-to-server encryption algorithm(s):

aes128-cbc
aes256-cbc

解決方式是在 /etc/ssh/sshd_config
加入以下二行

Ciphers aes128-ctr,aes192-ctr,aes256-ctr

KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1

重新啟動daemon



張貼者: 沒有留言:
標籤: , , ,
訂閱: 文章 (Atom)