I-OpenSSH 8.9 sele ikhutshiwe kwaye ezi ziindaba zayo

Emva kweenyanga ezintandathu zophuhliso Ukukhutshwa kwe-OpenSSH 8.9 kwabhengezwa, apho ku lungisa ukuba sesichengeni kwi-sshd enokuvumela ufikelelo ngaphandle koqinisekiso. Ingxaki ibangelwa kukuphuphuma kwenani elipheleleyo kwikhowudi yokuqinisekisa, kodwa ukuxhaphazwa kunokwenzeka kuphela ngokudibanisa nezinye iimpazamo ezinengqiqo kwikhowudi.

Kwimo yayo yangoku, ukuba sesichengeni akunakusetyenziswa xa ukwahlulwa kwamalungelo kwenziwe, ekubeni ukubonakaliswa kwayo kuvaliwe ngokuhlolwa okwahlukileyo okwenziwa kwikhowudi yokulandela yokwahlula-kwamalungelo.

Imowudi yelungelo ekwabelwana ngayo yenziwe ngokungagqibekanga ngo-2002 njenge-OpenSSH 3.2.2 kwaye ibifuneka ukusukela ngo-2017 ukukhutshwa kwe-OpenSSH 7.5. Ukongeza, kwiinguqulelo eziphathwayo ze-OpenSSH ukusukela kwinguqulo 6.5 (2014), ubuthathaka buthintelwe ngokudibanisa nokufakwa kweeflegi ukukhusela ngokuchasene nokuphuphuma okupheleleyo.

Iimpawu ezintsha eziphambili ze-OpenSSH 8.9

Kolu guqulelo lutsha olunikwayo sinokufumanisa ukuba lInguqulelo ephathekayo ye-OpenSSH isusa inkxaso eyakhelwe-ngaphakathi ye-sshd kwi-password hashing usebenzisa i-MD5 algorithm (ukudibanisa kwakhona kumathala eencwadi angaphandle njenge libxcrypt ivumelekile)
ssh, sshd, ssh-yongeza, kunye ne-ssh-arhente ziphumeza inkqubo esezantsi yokuthintela ugqithiso nokusetyenziswa kwezitshixo ezongeziweyo kwi-arhente ye-ssh.

Inkqubo esezantsi ivumela imigaqo yokumisela emisela indlela kunye nalapho izitshixo zingasetyenziswa kwi-ssh-arhente. Umzekelo, ukongeza isitshixo esinokusetyenziswa kuphela ukuqinisekisa xa nawuphi na umsebenzisi eqhagamshela kumamkeli scylla.example.org, umsebenzisi perseus uqhagamshela kumamkeli cetus.example.org, kunye nemedea yomsebenzisi iqhagamshela kumamkeli charybdis.example .org host, Ukwalathisa ngokutsha ngenginginya ephakathi scylla.example.org.

En ssh kunye ne-sshd, uluhlu lwe-KexAlgorithms, emisela indlela apho iindlela zokutshintshiselana ezingundoqo zikhethwa ngayo, yongeze ngokungagqibekanga i-algorithm ye-hybrid "sntrup761x25519-sha512@openssh.com» (ECDH/x25519 + NTRU Prime), echasene nokukhethwa kwiikhomputha ze-quantum. Kwi-OpenSSH 8.9, le ndlela yokuxoxisana yongezwa phakathi kwe-ECDH kunye neendlela ze-DH, kodwa icwangciswe ukuba yenziwe ngokuzenzekelayo ekukhululweni okulandelayo.

I-ssh-keygen, i-ssh kunye ne-ssh-arhente baye baphucula ukuphathwa kwamaqhosha ophawu lwe-FIDO isetyenziselwa uqinisekiso lwesixhobo, ukuquka izitshixo zoqinisekiso lwebhayometriki.

Olunye utshintsho olwahlukileyo kule nguqulo intsha:

  • Kongezwe "ssh-keygen -Y match-principals" umyalelo kwi-ssh-keygen ukujonga amagama omsebenzisi kwifayile enoluhlu lwamagama avumelekileyo.
  • I-ssh-yongeza kunye ne-ssh-arhente zinika isakhono sokongeza izitshixo ze-FIDO ezikhuselweyo ze-PIN kwi-arhente ye-ssh (uncedo lwe-PIN luyaboniswa ngexesha lokuqinisekisa).
  • I-ssh-keygen ikuvumela ukuba ukhethe i-algorithm ye-hash (sha512 okanye i-sha256) ngexesha lokusayina.
    Ukuphucula ukusebenza, i-ssh kunye ne-sshd zifunde idatha yenethiwekhi ngokuthe ngqo kwi-buffer yepakethi engenayo, ngokudlula i-buffer ephakathi kwi-stack. Ukubekwa ngokuthe ngqo kwedatha efunyenweyo kwisithinteli setshaneli kuphunyezwa ngendlela efanayo.
  • Kwi-ssh, umyalelo woQinisekiso wePubkey wandise uluhlu lweparameters ezixhasiweyo (ewe|hayi|unbound|inginginya-ibotshelelwe) ukunika ukukwazi ukukhetha ukuba loluphi ulwandiso lweprotocol onokusetyenziswa.

Kuguqulelo lwexesha elizayo, kucwangciswe ukutshintsha usetyenziso lwe-scp okungagqibekanga ukusebenzisa iSFTP endaweni yelifa leSCP/RCP protocol. I-SFTP isebenzisa iindlela zokuphatha amagama aqikelelwayo ngakumbi kwaye ayisebenzisi ukusetyenzwa kweqokobhe leepateni zeglobhu kumagama eefayile kwelinye icala lomamkeli, odala imiba yokhuseleko.

Ngokukodwa, xa usebenzisa i-SCP kunye ne-RCP, umncedisi uthatha isigqibo sokuba zeziphi iifayile kunye nezilawuli zokuthumela kumxhasi, kwaye umxhasi uhlola kuphela ukuchaneka kwamagama ezinto ezibuyiselweyo, apho, ngokungabikho kokuhlolwa okufanelekileyo ngumxhasi, kuvumela ukuba unikezelo lwefayile ye-SCP kunye ne-RCP. ukuba umncedisi adlulise amanye amagama efayile ahlukileyo kulawo aceliweyo. Iprotocol yeSFTP ayinazo ezi ngxaki, kodwa ayiluxhasi ukwandiswa kweendlela ezizodwa njenge "~/

Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nale nguqulo intsha, unokujonga iinkcukacha ngokuya kule khonkco ilandelayo.

Uyifaka njani i-OpenSSH 8.9 kwiLinux?

Kulabo banomdla wokukwazi ukufaka le nguqulo intsha ye-OpenSSH kwiinkqubo zabo, okwangoku bangayenza Ukukhuphela ikhowudi yemvelaphi yoku kunye ukwenza ukudityaniswa kwiikhompyuter zabo.

Kungenxa yokuba ingxelo entsha ayikabandakanywa koovimba beenkqubo eziphambili zeLinux. Ukufumana ikhowudi yemvelaphi, ungenza kwi ikhonkco elandelayo.

Yenza ukhuphelo, ngoku siza kukhulula ipakethe ngalo myalelo ulandelayo:

tar -xvf openssh-8.9.tar.gz

Sifaka isikhombisi esenziwe:

cd openssh-8.9

Y sinokudibanisa kunye le miyalelo ilandelayo:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.