Mushure memwedzi mitanhatu yekukura OpenSSH 8.1 kuburitswa kwakafumurwa, inova seti yekushandisa iyo inobvumira kutaurirana kwakanyorwa pamusoro petiweki, uchishandisa SSH protocol, seyakavhurika sosi mutengi uye sevha kuitisa kushanda paSSH 2.0 uye SFTP.
Iyi vhezheni itsva ye OpenSSH 8.1 inouya nekumwe kugadzirisa, asi chimwe chezvakakurisa ndiko kugadzirisa kwekusagadzikana kunokanganisa ssh, sshd, ssh-wedzera uye ssh-keygen. Dambudziko iripo mune yakavanzika kiyi yekuparadzanisa kodhi ine mhando XMSS uye inobvumira anorwisa kuti atange kufashukira. Iyo kusagadzikana kunoratidzirwa sekushandisa, asi kusashanda, se XMSS kiyi rutsigiro inoreva kune ekuyedza maficha akaremara nekutadza (mune inotakurika vhezheni, autoconf haina kana kupa mukana wekugonesa XMSS).
Main nyowani maficha eOpenSSH 8.1
Mune iyi vhezheni itsva yeOpenSSH 8.1 se yawedzera kodhi kune ssh, sshd uye ssh-mumiririri iyo inodzivirira kupora kweyakavanzika kiyi iri mu RAM semhedzisiro yekurwiswa kwenzira dzechitatu-bato senge Specter, Kuparara, RowHammer uye RAMBleed.
Yakavanzika makiyi ikozvino akanyorwa mukati kana akaiswa mundangariro uye akadzivirirwa chete ipapo yekushandisa, yasara yenguva yasara yakavharidzirwa. Nemaitiro aya, kuti ubudirire kudzorera yakavanzika kiyi, anorwisa anofanira kutanga adzoreredza yakasarudzika 16K yepakati kiyi kunyorera kiyi yekutanga kiyi, izvo zvisingaite neyakagadziriswa yekukanganisa mwero iyo inowanzoitika pakurwiswa kwazvino.
Imwe shanduko huru iyo inomira ndeye ssh-keygen iyo yakawedzerwa sekutsigira kwekuyedza nokuti chirongwa chakareruka chekugadzira uye kuongorora masiginecha edhijitari. Masiginecha edhijitari anogona kugadzirwa uchishandisa zvakajairika SSH makiyi akachengetwa padiski kana mu ssh-mumiriri uye inosimbiswa nerunyorwa rweakakodzera makiyi akafanana nemakiyi anotenderwa.
Ruzivo rwe namespace rwakapindirwa mune siginicha yedhijitari kudzivirira kuvhiringidzika kana ichishandiswa munzvimbo dzakawanda (semuenzaniso, yeemail nemafaira).
Ssh-keygen inogoneswa nekutadza kushandisa iyo rsa-sha2-512 algorithm kana uchiongorora zvitupa zvine siginicha yedhijitari inoenderana nekiyi RSA (kana uchishanda muCA modhi).
Izvi zvitupa hazviwirirane neshanduro pamberi paOpenSSH 7.2 (Kuona kugarisana, wedzera mhando yealgorithm, semuenzaniso nekudana "ssh-keygen -t ssh-rsa -s ...").
Mu ssh, chirevo cheProxyCommand chinotsigira kutambanudza kuwedzera "% n" (iro zita revaenzi rinotsanangurwa mubara rekero).
Mune zvinyorwa zve encryption algorithms ye ssh uye sshd, iyo "^" chiratidzo kunetime inogona kushandiswa kuisa iyo default algorithms. Ssh-keygen inopa kuburitswa kwemashoko akasungirirwa kukiyi apo kiyi yeruzhinji inotorwa kubva kune yakavanzika.
Ssh-keygen inowedzera kugona kushandisa iyo -v mureza kana uchiita kiyi yekutarisa (semuenzaniso, ssh-keygen -vF inomiririra), iyo inoratidza iyo inotungamira pakuratidzwa kweyakajeka inomiririra siginicha.
Pakupedzisira imwe yakasarudzika ruzivo ndeye kuwedzerwa kwekugona kwekushandisa PKCS8 senge imwe fomati yekuchengetedza zvakavanzika makiyi Pane diski. Nekukanganisa, iyo PEM fomati inoenderera ichishandiswa, uye PKCS8 inogona kubatsira mukuenderana neyechitatu-bato kunyorera.
Maitiro ekuisa OpenSSH 8.1 paLinux?
Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.
Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane iyo OpenSSH 8.1 kodhi kodhi, isu tinongofanirwa kuvhura terminal uye mairi tichaenda kunyora murairo unotevera:
wget https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera
tar -xvf openssh-8.1p1.tar.gz
Isu tinopinda dhairekitori rakagadzirwa:
cd openssh-8.1p1.tar.gz
Y tinogona kuumbiridza ne inotevera mirairo:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install