OpenSSH saitin aikace-aikace ne da ke ba da damar rufaffiyar sadarwa akan hanyar sadarwa, ta amfani da ka'idar SSH.
An buga shi Buɗe SSH 9.3 saki, abokin ciniki mai buɗewa da aiwatar da sabar don aiki tare da ka'idojin SSH 2.0 da SFTP. Sabuwar sigar OpenSSH 9.3 tana sarrafa gyara wasu matsalolin tsaro, baya ga ƙara wasu sabbin abubuwa
Ga wadanda basu da masaniya game da OpenSSH (Open Secure Shell) su sani hakan wannan saitin aikace-aikace ne wanda ke bada damar sadarwa mai rufin asiri a kan hanyar sadarwa, ta amfani da yarjejeniyar SSH. An ƙirƙira shi azaman kyauta kuma buɗe madadin ga shirin na Secure Shell, wanda shine software na mallaka.
Babban sabon fasali na OpenSSH 9.3
A cikin wannan sabon sigar da ke fitowa daga OpenSSH 9.3 ɗaya daga cikin sabbin fasalulluka shine sshd yana ƙara zaɓi na `sshd -G` wanda ke rarrabawa da buga ainihin tsarin ba tare da ƙoƙarin loda maɓallan sirri ba da yin wasu cak. Wannan yana ba da damar yin amfani da zaɓin kafin a samar da maɓallai kuma don ƙima da tantancewa ta masu amfani marasa gata.
Ga bangaren gyara kwaro, an sami kuskuren ma'ana a cikin ssh-add mai amfani, don haka lokacin ƙara maɓallan katin wayo zuwa wakilin ssh, ƙuntatawa da aka ƙayyade tare da zaɓin "ssh-add -h" ba a wuce ga wakili ba. Sakamakon haka, an ƙara maɓalli ga wakili, don haka babu wasu hani waɗanda ke ba da izinin haɗi kawai daga wasu runduna.
Wani daya daga cikin gyaran wanda aka aiwatar, shine rauni a cikin ssh mai amfani wanda zai iya sa a karanta bayanai daga wurin tari daga cikin buffer da aka keɓance lokacin sarrafa martani na musamman na DNS idan an haɗa saitin VerifyHostKeyDNS a cikin fayil ɗin sanyi.
Matsalar tana kasancewa a cikin ginanniyar aiwatar da aikin getrrsetbyname(), wanda ake amfani da shi akan nau'ikan OpenSSH mai ɗaukar hoto da aka gina ba tare da amfani da ɗakin karatu na ldns na waje ba (–with-ldns) da kuma tsarin tare da daidaitattun ɗakunan karatu waɗanda basa goyan bayan sunan getrrsetby() kira. Yiwuwar yin amfani da raunin rauni, ban da fara ƙin sabis ga abokin ciniki ssh, ana ganin ba zai yuwu ba.
Daga cikin sabbin sigogin da suka yi fice:
- A cikin gyaran scp da sftp ci gaba da cin hanci da rashawa na mita akan manyan fuska;
- ssh-add da ssh-keygen suna amfani da RSA/SHA256 lokacin gwada amfani da maɓalli na sirri, kamar yadda wasu tsarin ke fara kashe RSA/SHA1 a cikin libcrypto.
- A cikin sftp-uwar garke an yi gyara don zubar da ƙwaƙwalwar ajiya.
- A cikin ssh, sshd da ssh-keyscan an cire lambar dacewa kuma an sauƙaƙa abin da ya saura na ƙa'idar "vestigal".
- An yi gyara ga ƙarancin tasiri jerin sakamakon bincike a tsaye.
Waɗannan sun haɗa da rahotanni da yawa:
* ssh_config (5), sshd_config (5): ambaci cewa wasu zaɓuɓɓukan ba
wasan farko ya ci
* Sake aiki log don gwajin koma baya. Gwajin koma baya yanzu
Ɗauki daban-daban rajistan ayyukan ga kowane ssh da kiran sshd a cikin gwaji.
* ssh (1): sanya `ssh -Q CASignatureAlgorithms' aiki azaman shafin mutum
ya ce ya kamata; bz3532.
A karshe, ya kamata a lura da cewa ana iya lura da rauni a cikin ɗakin karatu na libskey an haɗa da OpenBSD, wanda OpenSSH ke amfani dashi. Matsalar ta kasance tun daga 1997 kuma tana iya haifar da cikas lokacin sarrafa sunayen da aka kera na musamman.
Finalmente idan kuna sha'awar ƙarin sani game da shi game da wannan sabon sigar, zaku iya bincika cikakkun bayanai ta hanyar zuwa mahaɗin mai zuwa.
Yadda ake girka OpenSSH 9.3 akan Linux?
Ga waɗanda suke da sha'awar iya shigar da wannan sabon sigar na OpenSSH akan tsarin su, don yanzu zasu iya yi sauke lambar tushe na wannan kuma suna yin tattara abubuwa akan kwamfutocin su.
Wannan shi ne saboda ba a haɗa sabon sigar a cikin ɗakunan manyan abubuwan rarraba Linux ba. Don samun lambar tushe, zaku iya yi daga link mai zuwa.
Anyi saukewar, yanzu zamu kwance kunshin tare da umarni mai zuwa:
tar -xvf openssh-9.3.tar.gz
Mun shigar da kundin adireshi:
cd openssh-9.3
Y za mu iya tattarawa tare da dokokin nan masu zuwa:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install