I-OpenSSH 9.2 ifika ilungisa ubuthathaka obu-3 kunye nophuculo oluthile

Darkcrizt

Imizuzu ye4

kuvulwa

I-OpenSSH yiseti yezicelo ezivumela unxibelelwano olufihliweyo kuthungelwano, kusetyenziswa iSSH protocol.

Ukuphehlelelwa inguqulelo entsha yokuphunyezwa okuvulekileyo komxumi kunye neseva ukusebenza kunye ne-SSH 2.0 kunye ne-SFTP protocol, "Vula iSSH 9.2".

Inguqulelo entsha ilungisa ubuthathaka, ekhokelela ekukhululweni kabini kwendawo yememori kwinqanaba lokuqinisekisa kwangaphambili. ukuba sesichengeni ichaphazela kuphela ukukhutshwa kwe-OpenSSH 9.1, kwiinguqulelo zangaphambili ingxaki ayiveli.

Ukudala iimeko zokubonakaliswa kobuthathaka, kwanele ukutshintsha ibhana yomxhasi we-SSH kwi-"SSH-2.0-FuTTYSH_9.1p1" ukufezekisa uqwalaselo lweeflegi "SSH_BUG_CURVE25519PAD" kunye ne "SSH_OLD_DHGEX", ngokuxhomekeke kuguqulelo. yomthengi we-SSH.

Emva kokucwangcisa ezi flegi, inkumbulo ye "options.kex_algorithms" buffer ikhululwa kabini: ngokwenza i-do_ssh2_kex () umsebenzi, obiza compat_kex_proposal (), kwaye ngokwenza i do_authentication2 () umsebenzi, obiza input_userauth_request ( ), mm_getpwnama ), copy_set_server_options() ecaleni kwetsheyini, ensemble_algorithms() kunye ne kex_assemble_names().

Kucingelwa ukuba akunakufane kwenzeke ukudala ukuxhaphaza okusebenzayo ngenxa yokuba sesichengeni, ukusukela ukuba inkqubo yoxhaphazo intsonkothile kakhulu: iilayibrari zonikezelo lwenkumbulo zangoku zibonelela ngokhuseleko ngokuchasene nokukhululwa kabini kwenkumbulo, kunye nenkqubo yoqinisekiso lwangaphambili, apho kukho ibug, ibaleka ngamalungelo ancitshisiweyo kwibhokisi yesanti.

Ukongeza kubuthathaka obukhankanyiweyo, inguqulelo entsha kwakhona ulungisa imiba emibini yokhuseleko ngaphezulu:

  • Kwenzeke impazamo ngelixa kusetwa i-"PermitRemoteOpen", ebangele ukuba ingxabano yokuqala ingahoywa ukuba yahlukile kumaxabiso "nayiphi na" kwaye "akukho". Umba uvela kwiinguqulelo emva kwe-OpenSSH 8.7 kwaye ibangela ukuba itshekhi igqitywe xa kukhankanyiwe imvume enye kuphela.
  • Umhlaseli olawula umncedisi we DNS osetyenziselwa ukusombulula amagama angafikelela endaweni yabalinganiswa abakhethekileyo (umzekelo, "*") kwiifayile zenginginya ezaziwayo ukuba iCanonicalizeHostname kunye CanonicalizePermittedCNAMEs iinketho zenziwe kuqwalaselo kwaye umsombululi akaqinisekisi ulungiso lwe DNS. iimpendulo zeseva. Uhlaselo lubonwa njengolungenakufane luphumelele njengoko amagama abuyisiweyo kufuneka angqinelane neemeko ezibalulwe ngeCanonicalizePermittedCNAME.

Yintoni entsha kwi-OpenSSH 9.2

Kutshintsho olwenziwa kwi-OpenSSH 9.2 kuyacaca ukuba wongeze uqwalaseloivuliwe EnableEscapeCommandline a ssh_config ukulawula ukuba umxhasi-uqhubekeko lwecala ye "~C" ulandelelwano lokubaleka nanini na xa ilayini yomyalelo yenziwe. Ngokungagqibekanga, "~C" inkqubo ngoku ivaliwe ukuvumela okungqongqo kwebhokisi yesanti, enokwaphula iinkqubo ezisebenzisa "~C" kugqithiso lwezibuko ngexesha lokusebenza

Ibeyi yongeze iChannelTimeout yomyalelo kwi sshd_config ukwenzela i-sshd ukuseta ixesha lokungenzi nto (Amatshaneli apho kungekho traffic ifunyenweyo ngexesha elichazwe kumgaqo-nkqubo aya kuvalwa ngokuzenzekelayo.) Iseshoni, i-X11, i-arhente, kunye nokuphinda uqondise itrafikhi kunokuba namaxesha ahlukeneyo.

Ye- olunye utshintsho:

  • Yongeza i-UnusedConnectionTimeout Directive kwi-sshd_config ye-sshd, ekuvumela ukuba ubeke ixesha lokuyeka ukuphelisa uxhulumaniso oluvela kubaxhasi abangenazo iziteshi ezisebenzayo ixesha elithile.
  • Yongeza "-V" ukhetho kwi-sshd ukubonisa uguqulelo olufana nokhetho lwe-ssh lomxhasi.
  • Yongeza umtya "umamkeli" kwimveliso ye "ssh -G" ukubonisa ixabiso lengxoxo yegama lenginginya.
  • Yongeza "-X" ukhetho kwi-scp kunye ne-sftp ukulawula i-SFTP iparameters ezifana nekopi yesikhuseli sesayizi kunye nenani lezicelo ezilindileyo.
  • I-ssh-keyscan ikuvumela ukuba uhlolisise uluhlu olupheleleyo lweedilesi ze-CIDR, umzekelo, "ssh-keyscan 192.168.0.0/24".

Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nale nguqulo intsha, unokujonga iinkcukacha ngokuya kule khonkco ilandelayo.

Uyifaka njani i-OpenSSH 9.2 kwiLinux?

Kulabo banomdla wokukwazi ukufaka le nguqulo intsha ye-OpenSSH kwiinkqubo zabo, okwangoku bangayenza Ukukhuphela ikhowudi yemvelaphi yoku kunye ukwenza ukudityaniswa kwiikhompyuter zabo.

Kungenxa yokuba ingxelo entsha ayikabandakanywa koovimba beenkqubo eziphambili zeLinux. Ukufumana ikhowudi yemvelaphi, ungenza kwi ikhonkco elandelayo.

Yenza ukhuphelo, ngoku siza kukhulula ipakethe ngalo myalelo ulandelayo:

tar -xvf openssh-9.2.tar.gz

Sifaka isikhombisi esenziwe:

cd openssh-9.2

Y sinokudibanisa kunye le miyalelo ilandelayo:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   UJuan ngaphandle koloyiko sitsho
    yenzayo 1 ngonyaka

    "Ekungxameni?"…

    Phendula kuJuanSinMiedo
    1.    Ubumnyama sitsho
      yenzayo 1 ngonyaka

      Ewe, ndiyazikhupha, hehe.

      Ndiyabulela ngokuqwalasela.

      Phendula kwi-Darkcrizt