OpenSSH 9.2 inosvika ichigadzirisa 3 kusasimba uye nekumwe kuvandudzwa

Darkcrizt

4 maminitsi

kuvhura

OpenSSH seti yezvishandiso inobvumira kuvharirwa kutaurirana pamusoro petiweki, uchishandisa iyo SSH protocol.

Kutanga kwe iyo vhezheni nyowani yekuvhurwa kwekuita kwemutengi uye sevha kushanda neSSH 2.0 uye SFTP protocol, "VhuraSSH 9.2".

Shanduro nyowani inogadzirisa kusagadzikana, izvo zvinotungamira kusunungurwa kaviri kwenzvimbo yekuyeuka mu pre-authentication stage. vulnerability inobata chete kuburitswa kweOpenSSH 9.1, mushanduro dzakapfuura dambudziko harioneki.

Kugadzira mamiriro ekuratidzwa kwekusagadzikana, zvakakwana kushandura banner reSSH mutengi kuita "SSH-2.0-FuTTYSH_9.1p1" kuti uwane kugadziridzwa kwemureza "SSH_BUG_CURVE25519PAD" uye "SSH_OLD_DHGEX", zvichienderana neshanduro. yeSSH mutengi.

Mushure mekuisa mireza iyi, ndangariro ye "options.kex_algorithms" buffer inosunungurwa kaviri: nekuita do_ssh2_kex() basa, rinodaidza compat_kex_proposal(), uye nekuita do_authentication2() basa, rinodaidza input_userauth_request( ), mm_getpwnama. ), copy_set_server_options() pamwe neketani, ensemble_algorithms() uye kex_assemble_names().

Zvinoonekwa sezvisingaite kugadzira kushandiswa kwekushanda kwekusagadzikana, sezvo maitiro ekubiridzira akanyanya kuomesesa: maraibhurari emazuva ano ekugovera ndangariro anopa dziviriro kubva mukusunungurwa kaviri kwendangariro, uye pre-yechokwadi maitiro, umo mune bug, inomhanya neropafadzo dzakaderedzwa mubhokisi rejecha.

Pamusoro pekusagadzikana kwataurwa, iyo vhezheni itsva inogadzirisawo dzimwe nyaya mbiri dzekuchengetedza:

  • Chikanganiso chakaitika panguva yekugadziridza "PermitRemoteOpen" kuseta, izvo zvakaita kuti gakava rekutanga riregererwe kana rakasiyana nehunhu "chero" uye "hapana". Nyaya yacho inoonekwa mumavhezheni mushure meOpenSSH 8.7 uye inoita kuti cheki isvekwe kana mvumo imwe chete yatsanangurwa.
  • Anorwisa anodzora sevha yeDNS inoshandiswa kugadzirisa mazita anogona kutsiva mavara akakosha (semuenzaniso, "*") mumafaira evatambi anozivikanwa kana CanonicalizeHostname uye CanonicalizePermittedCNAMEs sarudzo dzakagoneswa mukumisikidza uye mugadziri akasaona kugadzirisa kweDNS. server mhinduro. Kurwiswa kwacho kunoonekwa sekusina kubudirira sezvo mazita akadzoswa anofanirwa kuenderana nemamiriro akatsanangurwa kuburikidza neCanonicalizePermittedCNAME.

Chii chitsva mu OpenSSH 9.2

Pane shanduko dzakaitwa muOpenSSH 9.2 zvinomira pachena akawedzera configurationon EnableEscapeCommandline a ssh_config kudzora kana mutengi-parutivi kugadzirisa ye "~C" kutevedzana kwekupukunyuka pese kana mutsara wemirairo uchigoneswa. Nekumisikidza, "~C" kugadzirisa kwave kuremara kubvumira sandboxing yakasimba, iyo inogona kutyora masisitimu anoshandisa "~C" yekufambisa chiteshi panguva yekumhanya

Zvave zvakadaro yakawedzera ChannelTimeout dhairekitori kuti sshd_config kuti sshd isete chiteshi chisina basa nguva yekubuda (Mateshi asina traffic yaonekwa kwenguva yakatsanangurwa mupolicy anozovharwa otomatiki.) Session, X11, mumiririri, uye redirect traffic inogona kuva nenguva dzakasiyana.

Of the dzimwe shanduko:

  • Yakawedzera iyo UnusedConnectionTimeout dhairekitori kune sshd_config ye sshd, iyo inokutendera iwe kuseta nguva yekumisa kubatanidzwa kubva kune vatengi vanga vasina chiteshi chinoshanda kwenguva yakati.
  • Yakawedzera iyo "-V" sarudzo ku sshd kuratidza shanduro yakafanana neiyo ssh mutengi sarudzo.
  • Yakawedzera tambo "host" kune yakabuda ye "ssh -G" kuratidza kukosha kweiyo hostname argument.
  • Yakawedzera iyo "-X" sarudzo ku scp uye sftp kudzora SFTP paramita senge kopi buffer size uye nhamba yezvikumbiro zvakamirira.
  • ssh-keyscan inokutendera kuti utarise mitsara yese yemakero eCIDR, semuenzaniso, "ssh-keyscan 192.168.0.0/24".

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo nezve iyi vhezheni nyowani, iwe unogona kutarisa iyo ruzivo nekuenda kunotevera chinongedzo.

Maitiro ekuisa OpenSSH 9.2 paLinux?

Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.

Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane iyo kodhi kodhi, iwe unogona kuita kubva ku next link.

Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera

tar -xvf openssh-9.2.tar.gz

Isu tinopinda dhairekitori rakagadzirwa:

cd openssh-9.2

Y tinogona kuumbiridza ne inotevera mirairo:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Juan asingatyi akadaro
    inoita 1 gore

    "Muchimbichimbi?"…

    Pindura kuna JuanSinMiedo
    1.    darkcrizt akadaro
      inoita 1 gore

      Zvakanaka, ndinovabudisa, hehe.

      Ndinotenda nekuda kwekucherechedza.

      Pindura kuRimacrizt