OpenSSH 8.3 iri pano uye idzi ndidzo nhau dzayo

Mushure memwedzi mitatu yekuvandudza, kuburitswa kweshanduro nyowani yeOpenSSH 8.3 kwakaunzwa, mariri inosimbisa nyowani yakawedzera kuchengetedzwa kubva ku scp kurwiswa, chii inobvumira sevha kuendesa mamwe mazita emafaira akasiyana neaya akumbirwa (Kusiyana nenjodzi yapfuura, kurwisa hakubvumidze kushandura dhairekitori rakasarudzwa nemushandisi kana mask yepasi rose).

MuSCP, sevha inosarudza kuti ndeapi mafaera uye madhairekitori ekutumira kune mutengi uye mutengi anongotarisa kunyatso yemazita echinhu chakadzorerwa. Musimboti wedambudziko rakazivikanwa nderekuti kana kufona kuiyo nguva yekutadza ikatadza, zvirimo mufaira zvinodudzirwa sefaira metadata.

Kana uchibatanidza kune server inodzorwa neanorwisa, iri basa rinogona kushandiswa kuchengetedza mamwe mazita Faira nezvimwe zvirimo muFS yemushandisi kana uchiteedzera uchishandisa scp muzvirongwa zvinokanganisa kutadza kwenguva. Semuenzaniso, kana nguva dzakaremara neSELinux mutemo kana system yekufona firita.

Iko mukana wekurwiswa chaiko kunofungidzirwa kuve kushoma, nekuti mune zvakajairika kurongeka nguva yekufona haikundike. Zvakare, kurwisa hakuendi kusingaonekwe: kana scp ichidaidzwa, kukanganisa kwekutumira data kunoratidzwa.

Mhoro kune SHA-1

Uye zvakare, ivo vanogadzira OpenSSH zvakare yambiro zvakare nezve kuchinjisa kuri kuuya kune yechinyakare algorithms chikamu iyo inoshandisa SHA-1 hashing, nekuda kwekuwedzera kwekugona kwekurovera kurwisa neakapihwa chirevo chekutanga (mutengo wesarudzo yekusangana unofungidzirwa kunge ungangoita madhora makumi mana nemashanu).

Mune rimwe rematambudziko anotevera, vanoronga kuremadza nekutadza kugona kushandisa iyo ssh-rsa yeruzhinji kiyi yedhijitari siginari algorithm, iyo inotaurwa mune yekutanga RFC yeiyo SSH protocol uye inoramba yakapararira mukuita.

Vanogona kukwikwidza

Kurerutsa shanduko kune itsva algorithms muOpenSSH mune iri kuuya kusunungurwa, iyo yekuvandudzaHostKeys yekugadzwa ichave inogoneswa nekutadza, izvo zvinobva zvangochinja vatengi kune mamwe akavimbika algorithms.

Pakati pezvakakurudzirwa algorithms ekutama Iwo ndeaya: rsa-sha2-256 / 512 yakavakirwa paRFC8332 RSA SHA-2 (inoenderana neOpenSSH 7.2 uye inoshandiswa nekutadza), ssh-ed25519 (inoenderana neOpenSSH 6.5) uye ecdsa-sha2-nistp256 / 384/521 zvichibva paRFC5656 ECDSA (OpenSSH 5.7 inoenderana).

Dzimwe shanduko

Kubva pane yekupedzisira nyaya, "ssh-rsa" uye "diffie-hellman-group14-sha1»Vakabviswa kubva kuCASignatureAlgorithms runyorwa, iyo inotsanangura ma algorithms anoshanda ekusaina zvitupa nyowani, sezvo kushandiswa kweSHA-1 muzvitupa kune imwe njodzi nekuti anorwisa ane nguva isinga gumi yekutsvaga mabonderana echitupa chiripo, nepo nguva yekurwisa mumakiyi eImba nguva yekubatanidza (LoginGraceTime).

Yeimwe shanduko izvo zvinoratidzika kubva pane iyi nyowani vhezheni ndeiyi:

  • Mu sftp, "-1" yekumira yekumira, yakafanana nessh uye scp, iyo yaimbotambirwa asi isingatariswe.
  • Mu sshd paunenge uchishandisa IgnoreRhosts, ikozvino sarudzo nhatu dzinopihwa: "hongu" kufuratira zvipuka / zvipuka, "kwete" kufunga zvipoko / shingi uye "shosts-chete" zvinova zvinobvumidza ".shosts", asi inoremadza ".rhosts" .
  • Mu ssh,% YAKADZIDZWA pamusoro pekugadziriswa kunopihwa mu LocalFoward uye RemoteForward kumisikidza inoshandiswa kuendesa Unix zvigadziko.
  • Inotenderwa kurodha makiyi eruzhinji kubva kune faira isina kunyorwa nekiyi yakavanzika, kana pasina faira rakasiyana rine kiyi yeruzhinji.
  • Kana iyo system iine libcrypto mu ssh uye sshd, ikozvino yoshandisa chacha20 algorithm kuita kweiri raibhurari, panzvimbo yeyakavakirwa-mukati inotakurika kuitiswa, iyo ine yakaderera kuita.
  • Iko kugona kurasa zvirimo mune bhaisikopo runyorwa rwezvakatorerwa zvitupa kana uchiita rairo "ssh-keygen -lQf / nzira" yaitwa.
  • Iyo inotakurika vhezheni inoshandisa sisitimu tsananguro umo masaini neSA_RESTART Sarudzo inoputsa sarudzo;
  • Nyaya dzekuunganidza dzakagadziriswa paHP / UX uye AIX masisitimu.
  • Yakagadziriswa nyaya dzekusanganisa seccomp sandbox pane mamwe marongero eLinux.
  • Tsananguro yeraibfido2 raibhurari yakagadziridzwa uye matambudziko ekusanganisa akagadziriswa ne-- ne-yekuchengetedza-kiyi-yakavakirwa sarudzo.

Maitiro ekuisa OpenSSH 8.3 paLinux?

Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.

Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane iyo kodhi kodhi, iwe unogona kuita kubva ku next link.

Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera

tar -xvf openssh-8.3.tar.gz

Isu tinopinda dhairekitori rakagadzirwa:

cd openssh-8.3

Y tinogona kuumbiridza ne inotevera mirairo:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Mhinduro, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Chiwy akadaro

    Ndatenda neruzivo :)