OpenSSH 9.6 inosvika ichigadzirisa matambudziko matatu ekuchengetedza, inoshandisa kuvandudzwa uye nezvimwe

Darkcrizt

4 maminitsi

kuvhura

OpenSSH seti yezvishandiso inobvumira kuvharirwa kutaurirana pamusoro petiweki, uchishandisa iyo SSH protocol.

Kuburitswa kweiyo vhezheni nyowani yeOpenSSH 9.6 yakaziviswa uye iyi vhezheni inosanganisira akati wandei mabug kugadzirisa uye zvakare inosanganisira mamwe maficha matsva, akati wandei maitiro ekuvandudza nezvimwe.

Kune avo vasingazive nezve OpenSSH (Vhura Yakachengeteka Shell) vanofanirwa kuziva izvo iyi seti yezvishandiso inobvumidza yakavharidzirwa kutaurirana pamusoro penetiweki, uchishandisa SSH protocol. Yakagadzirwa senge yemahara uye yakavhurika imwe nzira kune Yakachengeteka Shell chirongwa, inova yepfuma software.

Main nyowani maficha eOpenSSH 9.6

Muiyi vhezheni itsva yeOpenSSH 9.6, iyo yakarerutswa ProxyJump inomira pachena, seyakatsiva "%j" yakawedzerwa ku ssh, ichiwedzera kune yakataurwa zita remuenzi, pamwe nekuvandudzwa kwekuona kwemamureza asina kugadzikana kana asina kutsigirwa, se "-fzero-call-yakashandiswa-regs»mukutaura.

Imwe shanduko inounzwa neshanduro itsva ndeyekuti Tsigiro yekumisikidza ChannelTimeout yakawedzerwa kune ssh kudivi revatengi, iro rinogona kushandiswa kumisa nhanho dzisingashande.

Mukuwedzera, mu OpenSSH 9.6 Granular control yemasiginecha algorithms akaunzwa, sezvo kuwedzera kweprotocol kwakawedzerwa kune ssh uye sshd kutauriranazve dhijitari siginecha algorithms yekusimbisa kiyi yeruzhinji mushure mekugamuchira zita rekushandisa. Semuenzaniso, kana uchishandisa yekuwedzera, unogona kusarudza kushandisa mamwe maalgorithms ane chekuita nevashandisi vaunotsanangura.

Izvo zvakare zvakasimbiswa izvo akawedzera protocol yekuwedzera kune ssh-add uye ssh-agent kugadzirisa zvitupa paunenge uchiisa PKCS#11 makiyi, l.o iyo inobvumira zvitupa zvine chekuita nePKCS#11 makiyi akavanzika kuti ashandiswe mune ese OpenSSH zvishandiso zvinotsigira ssh-agent, kwete ssh chete.

Nezve kugadzirisa kwebug, zvinonzi zvinotevera zvinogadziriswa zvinosanganisirwa:

  1. Solution kune kusagadzikana muSSH protocol (CVE-2023-48795, Terrapin kurwisa), iyo inobvumira kurwiswa kweMITM kudzoreredza kubatana kuti ushandise algorithms yakachengeteka isina kuchengetedzeka uye kudzima dziviriro kubva kudivi-chiteshi kurwisa kunodzokorora kupinza nekuongorora kunonoka pakati pemakiyi pakiyibhodhi. Nzira yekurwisa inotsanangurwa mune imwe nyaya yenhau.
  2. Solution kune kusagadzikana mune ssh utility iyo inobvumira kutsiviwa kweanopokana shell mirairo nekushandisa login uye host values ​​dzine akakosha mavara. Kusadzikama kunogona kushandiswa kana munhu anorwisa akadzora mabiko ekupinda uye zita remugamuchiri anopfuudzwa kune ssh, iyo ProxyCommand uye LocalCommand mirairo, kana "match exec" mabhuroko ane wildcard mavara akadai %u uye %h. Semuyenzaniso, iyo yekusaina uye yekugamuchira inogona kuvharwa pane masisitimu anoshandisa submodules muGit, sezvo Git isingarambidze kudoma akakosha mavara mumazita evatambi nemazita ekushandisa. Kusagadzikana kwakafanana kunoonekwawo mune libssh.
  3. Solution to kukanganisa mu ssh-agent uko, kana uchiwedzera PKCS#11 zvakavanzika makiyi, zvirambidzo zvakashandiswa chete kukiyi yekutanga yakadzorerwa nePKCS#11 tokeni. Nyaya yacho haikanganisi makiyi ega ega ega, makiyi eFIDO, kana makiyi asina kurambidzwa.

Of the dzimwe shanduko dzinomira pachena yeiyi vhezheni itsva:

  • PubkeyAcceptedAlgorithms mu "Match user" block.
  • Kudzikamisa maropafadzo eiyo sshd maitiro, OpenSolaris shanduro dzinotsigira getpflags() interface dzinoshandisa PRIV_XPOLICY pachinzvimbo chePRIV_LIMIT.
  • Yakawedzerwa rutsigiro rwekuverenga ED25519 makiyi epachivande muPEM PKCS8 fomati ye ssh, sshd, ssh-add, uye ssh-keygen (yaimbova iyo OpenSSH fomati yaitsigirwa).

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo nezve iyi vhezheni nyowani, iwe unogona kutarisa iyo ruzivo nekuenda kunotevera chinongedzo.

Maitiro ekuisa OpenSSH 9.6 paLinux?

Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.

Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane iyo kodhi kodhi, iwe unogona kuita kubva ku next link.

Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera

tar -xvf openssh-9.6.tar.gz

Isu tinopinda dhairekitori rakagadzirwa:

cd openssh-9.6

Y tinogona kuumbiridza ne inotevera mirairo:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako