Emva kweenyanga ezine zophuhliso, ukumiliselwa kwe Inguqulelo entsha ye I-OpenSSH 8.2, Umthengi ovulekileyo kunye nokuphunyezwa kweseva ukusebenza kwi-SSH 2.0 kunye neeprotocol zeSFTP. A zokuphucula eziphambili xa kusungulwa ngu-OpenSSH 8.2 feu ubuchule bokusebenzisa ukungqinisisa kwezinto ezimbini usebenzisa izixhobo exhasa umthetho olandelwayo we-U2F iphuhliswe ngumdibaniso weFIDO.
I-U2F ivumela ukwenziwa kweethokheni zexabiso eliphantsi zehardware ukuqinisekisa ubukho bomsebenzisi ngokomzimba, ondibaniselwano yakhe idlula nge-USB, iBluetooth okanye iNFC. Ezi zixhobo ziyakhuthazwa njengendlela yokuqinisekiswa kwezinto ezimbini kwiziza, sele zihambelana nazo zonke iibrawuza eziphambili, kwaye ziveliswa ngabavelisi abohlukeneyo, kubandakanya iYubico, Feitian, Thetis, kunye neKensington.
Ukunxibelelana nezixhobo eziqinisekisa ubukho bomsebenzisi, I-OpenSSH yongeze iintlobo ezimbini ezintsha zezitshixo "ecdsa-sk" kunye "ed25519-sk", Esebenzisa i-ECDSA kunye ne-Ed25519 algorithms yesiginesha ngokudityaniswa ne-SHA-256 hash.
Inkqubo yokunxibelelana neethokheni idluliselwe kwithala leencwadi eliphakathi, Elayishwe ngokufana nelayibrari yenkxaso ye-PKCS # 11 kwaye iyikhonkco kwilayibrari ye-libfido2, ebonelela ngeendlela zonxibelelwano kunye neethokheni nge-USB (I-FIDO U2F / CTAP 1 kunye neenkqubo zeFIDO 2.0 / CTAP zixhaswa ezimbini).
Ithala leencwadi le-libsk-libfido2 eliphakathi elilungiselelwe ngabaphuhlisi be-OpenSSHkwaye ibandakanya i-kernel libfido2, kunye nomqhubi we-HID we-OpenBSD.
Ukuqinisekiswa kunye nokuveliswa kwesitshixo, kufuneka ukhankanye ipharamitha "SecurityKeyProvider" kulungelelwaniso okanye usete imeko eyahlukileyo SSH_SK_PROVIDER, ucacisa indlela eya kwilayibrari yangaphandle libsk-libfido2.so.
Kuyenzeka ukuba kwakhiwe i-opensh ngenkxaso eyakhelweyo kwithala leencwadi eliphakathi Kule meko ke kufuneka usete ipharamitha "SecurityKeyProvider = yangaphakathi".
Kananjalo, ngokungagqibekanga, xa kusenziwa imisebenzi ephambili, kufuneka isiqinisekiso sendawo sobukho bomsebenzisi, umzekelo, kucetyiswa ukuba ubambe umenzi woluvo, owenza ukuba kube nzima ukwenza uhlaselo olukude kwiinkqubo ezinophawu oludityanisiweyo. .
Kwelinye icala, ingxelo entsha ye I-OpenSSH ikwabhengeze ukuhanjiswa okuzayo kudidi lwee-algorithms eziphelelwe lixesha ezisebenzisa iSHA-1 hashing. ngenxa yokonyuka kokusebenza kokuhlaselwa kokungqubana.
Ukwenza lula ukutshintshela kwii-algorithms ezintsha kwi-OpenSSH kukhupho oluzayo, useto lohlaziyo lweeKosta luya kwenziwa ngokungagqibekanga, eziya kuthi ngokuzenzekelayo zitshintshele abathengi kwii-algorithms ezinokuthenjwa ngakumbi.
Inokufumaneka kwi-OpenSSH 8.2, Ukukwazi ukuqhagamshela usebenzisa "ssh-rsa" kusekho, kodwa le algorithm iyasuswa kuluhlu lwe-CASignatureAlgorithms, oluchaza ii-algorithms ezisemthethweni zokutyikitya iziqinisekiso ezitsha ngokwamanani.
Ngokufanayo, i-diffie-hellman-group14-sha1 algorithm isusiwe kwi-algorithm yesitshixo esitshintshayo.
Olunye utshintsho olwahlukileyo kule nguqulo intsha:
- Isikhokelo sokubandakanya songezwa kwi-sshd_config, evumela imixholo yezinye iifayile ukuba zibandakanywe kwindawo yangoku yefayile yoqwalaselo.
- Isalathiso sePapashoAuthOptions songezwa kwi-sshd_config, ngokudibanisa iindlela ezahlukeneyo ezinxulumene nokuqinisekiswa kwesitshixo.
- Yongezwe "-O bhala-ubungqina = / umendo" ukhetho kwi-ssh-keygen, evumela isatifikethi esongezelelekileyo seFIDO ukuba sibhalwe xa kuveliswa amaqhosha.
- Isakhono sokuthumela ngaphandle kwe-PEM i-DSA kunye ne-ECDSA isitshixo songezwe kwi-ssh-keygen.
- Yongeza ifayile entsha ephumelelayo ssh-sk-helper esetyenziselwa ukwahlula ithala lokufikelela kwithokheni ye-FIDO / U2F.
Uyifaka njani i-OpenSSH 8.2 kwiLinux?
Kulabo banomdla wokukwazi ukufaka le nguqulo intsha ye-OpenSSH kwiinkqubo zabo, okwangoku bangayenza Ukukhuphela ikhowudi yemvelaphi yoku kunye ukwenza ukudityaniswa kwiikhompyuter zabo.
Kungenxa yokuba ingxelo entsha ayikabandakanywa koovimba beenkqubo eziphambili zeLinux. Ukufumana ikhowudi yemvelaphi ye-OpenSSH 8.2. Unokwenza oku ukusuka kwifayile ye- ikhonkco elandelayo (ngexesha lokubhala iphakheji ayikafumaneki kwizibuko kwaye bayakhankanya ukuba kungathatha iiyure ezimbalwa)
Yenza ukhuphelo, ngoku siza kukhulula ipakethe ngalo myalelo ulandelayo:
tar -xvf openssh-8.2.tar.gz
Sifaka isikhombisi esenziwe:
cd openssh-8.2
Y sinokudibanisa kunye le miyalelo ilandelayo:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install