Mushure memwedzi mitanhatu yekukura OpenSSH 8.9 kuburitswa kwakaziviswa, mairi gadzirisa kusagadzikana mu sshd izvo zvinogona kubvumira kupinda pasina huchokwadi. Dambudziko rinokonzerwa nekuwanda kwehuwandu mukodhi yekusimbisa, asi kushandiswa kunogoneka chete pamwe chete nezvimwe zvikanganiso zvine musoro mukodhi.
Mune fomu yazvino, kushaya simba hakugone kushandiswa kana kupatsanurwa kwekodzero kuchigoneswa, sezvo kuratidzwa kwayo kwakavharwa neakasiyana macheki anoitwa pane division-ye-ropafadzo yekutevera kodhi.
Kugovaniswa ropafadzo mode yakagoneswa nekusarudzika muna 2002 seOpenSSH 3.2.2 uye yave kudikanwa kubva pakaburitswa OpenSSH 2017 muna 7.5. Pamusoro pezvo, mumavhezheni anotakurika eOpenSSH kubvira vhezheni 6.5 (2014), kusazvibata kunovharwa nekubatanidza pamwe nekubatanidzwa kwemamureza kudzivirira kubva kune yakazara yakazara.
Main nyowani maficha eOpenSSH 8.9
Muiyi vhezheni itsva inoratidzwa tinogona kuwana kuti lInotakurika vhezheni yeOpenSSH inobvisa yakavakirwa-mukati sshd rutsigiro yepassword hashing uchishandisa iyo MD5 algorithm (kubatanidza kune ekunze maraibhurari senge libxcrypt inobvumidzwa)
ssh, sshd, ssh-add, uye ssh-agent shandisa subsystem kurambidza kutumira uye kushandiswa kwemakiyi akawedzerwa kune ssh-agent.
Sisitimu inokubvumira kuti uise mitemo inotsanangura kuti sei uye kupi makiyi anogona kushandiswa mu ssh-agent. Semuenzaniso, kuwedzera kiyi inogona kushandiswa kuratidza chokwadi kana chero mushandisi abatana nekutambira scylla.example.org, mushandisi perseus anobatanidza kune host cetus.example.org, uye mushandisi medea inobatana kune host charybdis.example .org host, kutungamira kuburikidza nemutambi wepakati scylla.example.org.
En ssh uye sshd, iyo KexAlgorithms runyorwa, iyo inosarudza marongero ayo nzira dzinokosha dzekutsinhana dzinosarudzwa, yakawedzera nekusarudzika iyo hybrid algorithm "sntrup761x25519-sha512@openssh.com»(ECDH/x25519 + NTRU Prime), iyo inopesana nekusarudzwa mumakombiyuta ehuwandu. MuOpenSSH 8.9, iyi nzira yekutaurirana yakawedzerwa pakati peECDH neDH nzira, asi inorongwa kuti igoneswe nekusarudzika mukuburitswa kunotevera.
ssh-keygen, ssh uye ssh-agent yakagadzirisa kubata kweFIDO makiyi echiratidzo. inoshandiswa kuongorora mudziyo, kusanganisira makiyi ekusimbisa biometric.
Yeimwe shanduko inomira mushanduro iyi nyowani:
- Yakawedzerwa "ssh-keygen -Y match-principals" raira ku ssh-keygen kutarisa mazita ekushandisa mufaira rine runyoro rwemazita anotenderwa.
- ssh-add uye ssh-agent inopa kukwanisa kuwedzera PIN-yakachengetedzwa FIDO makiyi kune ssh-agent (pini yekukurumidza inoratidzwa panguva yechokwadi).
- ssh-keygen inokubvumira kuti usarudze hash algorithm (sha512 kana sha256) panguva yekusaina.
Kuti uvandudze mashandiro, ssh uye sshd verenga network data zvakananga muinouya packet buffer, uchipfuura iyo yepakati buffer mustack. Kuiswa kwakananga kweiyo data yakagamuchirwa muchiteshi buffer kunoitwa nenzira yakafanana. - Mu ssh, iyo PubkeyAuthentication dhairekitori yakawedzera rondedzero yeanotsigirwa paramita (hongu|kwete|isina kusungwa|yakasungwa-yakasungwa) kupa kugona kusarudza kuti ndeipi protocol yekuwedzera yekushandisa.
Mune ramangwana vhezheni, yakarongwa kushandura iyo scp utility default kushandisa SFTP pachinzvimbo chenhaka SCP/RCP protocol. SFTP inoshandisa nzira dzinofungidzirwa dzekubata mazita uye haishandise ganda kugadzirisa eglob mapatani pamafaira emafaira kune rimwe divi remugamuchiri, izvo zvinogadzira nyaya dzekuchengetedza.
Kunyanya, kana uchishandisa SCP neRCP, sevha inosarudza kuti ndeapi mafaera nemadhairekitori ekutumira kune mutengi, uye mutengi anongotarisa kurongeka kwemazita ezvinhu zvakadzoserwa, izvo, kana pasina cheki yakakodzera nemutengi, inobvumira. kuti sevha itumire mamwe mazita emafaira akasiyana kubva kune akakumbirwa. Iyo SFTP protocol haina matambudziko aya, asi haitsigire kuwedzera kwenzira dzakakosha senge "~/
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo nezve iyi vhezheni nyowani, iwe unogona kutarisa iyo ruzivo nekuenda kunotevera chinongedzo.
Maitiro ekuisa OpenSSH 8.9 paLinux?
Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.
Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane iyo kodhi kodhi, iwe unogona kuita kubva ku next link.
Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera
tar -xvf openssh-8.9.tar.gz
Isu tinopinda dhairekitori rakagadzirwa:
cd openssh-8.9
Y tinogona kuumbiridza ne inotevera mirairo:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install