OpenSSH 8.2 inosvika nerutsigiro rwe2FA yekusimbisa tokeni

A2F OpenSSH

Mushure memwedzi mina yekusimudzira, kuvhurwa kwe iyo nyowani vhezheni ye VhuraSSH 8.2, inova yakavhurika mutengi uye sevha kuita kuti ishande pane SSH 2.0 uye SFTP protocols. A yezvakakosha zvinowedzera pakuburitswa kubudikidza OpenSSH 8.2 feu iko kugona kushandisa maviri-chinhu chokwadi uchishandisa zvishandiso iyo inotsigira iyo U2F protocol yakagadzirirwa neFIDO mubatanidzwa.

U2F inobvumira kugadzirwa kwemitengo yakaderera-dhata yemahara yekusimbisa kuvapo kwemunhu mushandisi, ane kudyidzana kuri kuburikidza neUSB, Bluetooth kana NFC. Midziyo yakadaro inosimudzirwa senzira yezvinhu zviviri-kusimbiswa pamasaiti, atoenderana nemabhurawuza makuru ese, uye anogadzirwa nevakagadziri vakasiyana siyana, kusanganisira Yubico, Feitian, Thetis, uye Kensington.

Kubatana nemidziyo inosimbisa kuvepo kwemushandisi, OpenSSH yakawedzera maviri matsva mhando dzemakiyi "ecdsa-sk" uye "ed25519-sk", iyo inoshandisa iyo ECDSA uye Ed25519 dijitari siginecha algorithms pamwe chete neSHA-256 hash.

Maitiro ekudyidzana nema tokeni akaendeswa kune repakati raibhurari, iyo inotakurwa nekufananidza neraibhurari yePKCS # 11 rutsigiro uye iri chinongedzo pane libfido2 raibhurari, iyo inopa nzira dzekutaurirana nemasaini kuburikidza ne USB (FIDO U2F / CTAP 1 uye FIDO 2.0 / CTAP protocols inotsigirwa maviri).

Iyo libsk-libfido2 yepakati raibhurari yakagadzirirwa neOpenSSH vagadziri suye inosanganisira mu kernel libfido2, pamwe neiye HID mutyairi weOpenBSD.

Kwechokwadi uye yakakosha chizvarwa, unofanirwa kudoma "SecurityKeyProvider" paramende mukugadzirisa kana kumisikidza nharaunda inoshanduka SSH_SK_PROVIDER, ichidudzira nzira yekuraibhurari yekunze libsk-libfido2.so.

Izvo zvinokwanisika kuvaka opensh nerakavakirwa-mukati rutsigiro repakati dura raibhurari uye mune ino kesi iwe unofanirwa kuseta iyo paramende "SecurityKeyProvider = yemukati".

Zvakare, nekutadza, kana kiyi mashandiro achiitwa, kusimbiswa kwemuno kwekuvapo kwemushandisi kuri kudiwa, semuenzaniso, zvinokurudzirwa kubata iyo sensor pachiratidzo, izvo zvinoita kuti zviome kuita kurwisa kwekure pane masisitimu ane chiratidzo chakabatana. .

Kune rimwe divi, vhezheni itsva ye OpenSSH yakazivisawo kuri kuuya kwekutumira kune iyo chikamu cheakare algorithms anoshandisa SHA-1 hashing. nekuda kwekuwedzera kwekugona kwekurovera kurwisa.

Kurerutsa shanduko kune itsva algorithms muOpenSSH mune iri kuuya kusunungurwa, iyo yekuvandudzaHostKeys yekugadzwa ichave inogoneswa nekutadza, iyo inongochinjisa vatengi kuenda kune mamwe akavimbika algorithms.

Inogona zvakare kuwanikwa muOpenSSH 8.2, iko kugona kwekubatanidza uchishandisa "ssh-rsa" kuchiripo, asi iyi algorithm inobviswa kubva kuCASignatureAlgorithms rondedzero, iyo inotsanangura algorithms ayo anoshanda ekusaina digitally kusaina zvitupa.

Saizvozvo, iyo diffie-hellman-group14-sha1 algorithm yakabviswa kubva kune yakasarudzika kiyi yekutsinhana algorithms.

Yeimwe shanduko inomira mushanduro iyi nyowani:

  • An inosanganisa rairo yakawedzerwa kune sshd_config, iyo inobvumira zvirimo mune mamwe mafaera kuverengerwa mune iripo chinzvimbo cheiyo faira yekumisikidza.
  • Iyo PublishAuthOptions rairo yakawedzerwa kune sshd_config, ichibatanidza sarudzo dzakasiyana dzinoenderana neruzhinji kiyi yekusimbiswa.
  • Wakawedzera "-O write-attestation = / path" sarudzo kune ssh-keygen, iyo inobvumidza zvimwe zvitupa zveFIDO kunyorwa kana uchigadzira makiyi
  • Iko kugona kwekuburitsa PEM yeDSA uye ECDSA makiyi akawedzerwa kune ssh-keygen.
  • Wakawedzera nyowani inogadziriswa faira ssh-sk-mubatsiri yakashandiswa kupatsanura raibhurari yekuwana chiratidzo yeFIDO / U2F.

Maitiro ekuisa OpenSSH 8.2 paLinux?

Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.

Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane kodhi yekodhi yeOpenSSH 8.2. Unogona kuita izvi kubva ku next link (panguva yekunyora pasuru yacho haisati yavapo pamirazi uye ivo vanotaura kuti zvinogona kutora mamwe maawa mashoma)

Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera

tar -xvf openssh-8.2.tar.gz

Isu tinopinda dhairekitori rakagadzirwa:

cd openssh-8.2

Y tinogona kuumbiridza ne inotevera mirairo:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako