OpenSSH 9.5 yakatoburitswa uye idzi ndidzo nhau dzayo

Darkcrizt

4 maminitsi

kuvhura

OpenSSH seti yezvishandiso inobvumira kuvharirwa kutaurirana pamusoro petiweki, uchishandisa iyo SSH protocol.

Yakaziviswa nguva pfupi yapfuura kuburitswa kweiyo vhezheni itsva ye "OpenSSH 9.5", Iyo cuan inoonekwa seyakagadziriswa vhezheni, sezvo iyi vhezheni inogadzirisa akatevedzana mabhugi uye inowedzera zvimwe zvidiki maficha.

Kune avo vasingazive nezve OpenSSH (Vhura Yakachengeteka Shell) vanofanirwa kuziva izvo iyi seti yezvishandiso inobvumidza yakavharidzirwa kutaurirana pamusoro penetiweki, uchishandisa SSH protocol. Yakagadzirwa senge yemahara uye yakavhurika imwe nzira kune Yakachengeteka Shell chirongwa, inova yepfuma software.

Main nyowani maficha eOpenSSH 9.5

Mushanduro itsva yeOpenSSH 9.5 inoratidzwa, vanoiswa mu ssh-keygen a default form of key generation based on iyo digital siginecha Ed25519 iyo inotsigirwa kubva pakaburitswa OpenSSH 6.5 uye iri nyore nekuda kwehukuru hwavo hudiki. Panguva imwecheteyo, masiginecha edhijitari Ed25519 Vane chiyero chepamusoro chekuchengetedza kupfuura ECDSA neDSA uye ratidza kumhanya kwakanyanya kwekusimbisa uye kugadzira siginecha.

Imwe shanduko inomira pachena mushanduro itsva ndeyekuti mu ssh keystroke timing obfuscation yakawedzerwa kune mutengi, izvi kuitira kupa dziviriro kubva kudivi rekurwiswa kwechiteshi chinoongorora kunonoka pakati pemakiyi pakiibhodhi kuti ugadzirezve mapindiro. Ichi chitsva chimiro edza kuvanza nguva pakati pemakiyi makiyi kutumira inopindirana traffic panguva dzakatarwa (default: yega yega 20 ms) kana paine zvishoma zvishoma data inotumirwa, sezvo kurwiswa kwakadaro kunoenderana nekuti kunonoka pakati pekiyi pakunyora kunoenderana nenzvimbo yemakiyi pakhibhodi.

Zvakakodzera kutaura izvozvo SSH yaigona kubatwa nekurwiswa uku nekuti yakatumira ruzivo nezve mavara akataipa mupaketi yakaparadzana pakarepo mushure mekutsikirira kiyi yega yega, saka kunonoka pakati pekutumira mapaketi ane chekuita nekunonoka pakati pemakiyi ekutsikirira. Pamusoro pezvo, kuvhiringa vanorwisa, kudzvanya kwekunyepedzera kunotumirwa zvisina tsarukano nguva mushure mekunge data chaiyo yatumirwa. Kugadzirisa chengetedzo, iyo "ObscureKeystrokeTiming" paramende yakawedzerwa kune ssh_config.

Pamusoro peizvi, mukuburitswa kutsva kweOpenSSH 9.5, Mu ssh uye sshd basa reping rinounzwa padanho rekufambisa, yeSSH protocol yekuwedzera "ping@openssh.com". Izvi zvinowedzera
mameseji akati wandei ekufambisa protocol SSH SSH2_MSG_PING/PONG kuita kutumira mapaketi nguva nenguva panguva nenguva. Mameseji aya anoshandisa manhamba mu "local extensions" uye anoziviswa nemeseji yeruzivo rwekunze ine tambo nhamba ye "0."

Kune rimwe divi, sshd inokutendera kuti uwedzere subsystem mirairo kuburikidza neMatch blocks. Mu sshd, iyo Subsystem dhairekitori yakashandura mabatiro ekotesheni, ayo zvino achengeterwa mirairo uye nharo, izvo zvinogona kutungamira kune tsigiro yezvisingawanzo kurongeka.

Of the dzimwe shanduko izvo zvinomira pachena:

  • Mu scp iyo SFTP modhi yekudzokorodza kurodha uye kudhawunirodha madhairekitori ane zviratidzo zvinongedzo kune mamwe madhairekitori anogadziriswa.
  • Mu sshd kunonoka kwekupinda kwekugadzira kunogumira kune inonzwisisika yepamusoro (5 masekonzi) uye hainonoke nzira yekusimbisa zvachose.
  • sshd matanda zvikanganiso mu kex_exchange_identification () ine verbose level pane kukanganisa kuderedza pre-authentication log spam. Iwo ese akaiswa ane yakawanda generic sshpkt_fatal() kukanganisa meseji.
  • Mune ssh yakagadziriswa kudzokororwa muOpenSSH 9.4 (mux.c r1.99) izvo zvakakonzera kuti masesheni akawandisa arege kufuratira SIGINT mune mamwe mamiriro.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo nezve iyi vhezheni nyowani, iwe unogona kutarisa iyo ruzivo nekuenda kunotevera chinongedzo.

Maitiro ekuisa OpenSSH 9.5 paLinux?

Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.

Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane iyo kodhi kodhi, iwe unogona kuita kubva ku next link.

Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera

tar -xvf openssh-9.5.tar.gz

Isu tinopinda dhairekitori rakagadzirwa:

cd openssh-9.5

Y tinogona kuumbiridza ne inotevera mirairo:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako