I-OpenSSH 9.3 ifika nolungiso lweebug ezahlukeneyo kunye nokunye

Darkcrizt

Imizuzu ye4

kuvulwa

I-OpenSSH yiseti yezicelo ezivumela unxibelelwano olufihliweyo kuthungelwano, kusetyenziswa iSSH protocol.

Ipapashiwe Ukukhutshwa kwe-OpenSSH 9.3, umxhasi ovulekileyo kunye nokuphunyezwa kweseva ukusebenza kunye ne-SSH 2.0 kunye ne-SFTP protocol. Inguqulelo entsha ye-OpenSSH 9.3 iyakwazi ukulungisa ezinye iingxaki zokhuseleko, ukongeza ekongezeni izinto ezintsha

Kulabo abangaziyo nge-OpenSSH (Vula i-Shell ekhuselekileyo) kufuneka bayazi loo nto Esi siseti yezicelo ezivumela unxibelelwano olofihliweyo kwinethiwekhi, usebenzisa umthetho olandelwayo weSSH. Yenziwe njengenye indlela yasimahla nevulekileyo kwinkqubo yeShell ekhuselekileyo, nesoftware yokuthengisa.

Iimpawu ezintsha eziphambili ze-OpenSSH 9.3

Kolu guqulelo lutsha luphuma kwi-OpenSSH 9.3 enye yezinto ezintsha kukuba i-sshd yongeza `sshd -G` ukhetho olucalula kwaye luprinte uqwalaselo olululo ngaphandle kokuzama ukulayisha izitshixo zabucala kunye nokwenza ezinye iitshekhi. Oku kuvumela ukhetho ukuba lusetyenziswe phambi kokuba izitshixo zenziwe kunye nokuvavanya uqwalaselo kunye nokuqinisekiswa ngabasebenzisi abangenalo ilungelo.

Kwinxalenye yokulungisa ibug, imposiso yengqiqo ifunyenwe kusetyenziso lwe-ssh-yongeza, ngoko xa ufaka izitshixo zekhadi le-smart kwi-arhente ye-ssh, izithintelo ezichaziweyo ngo "ssh-yongeza -h" ukhetho aluzange lugqithiselwe kwi-arhente. Ngenxa yoko, isitshixo songezwa kwi-arhente, ngoko ke kwakungekho zithintelo ezivumela uxhulumaniso oluvela kuphela kwimikhosi ethile.

Enye yezilungiso oko kwaphunyezwa, yi ukuba sesichengeni kusetyenziso lwe-ssh olunokubangela ukuba idatha ifundwe kwindawo yesitaki ngaphandle kwesithinteli esinikezelweyo xa kusetyenzwa ngeempendulo zeDNS ezenziwe ngokukodwa ukuba iVerifyHostKeyDNS isicwangciso sibandakanyiwe kwifayile yoqwalaselo.

Ingxaki ikhona kuzalisekiso olwakhelwe ngaphakathi lwe getrrsetbyname() umsebenzi, osetyenziswa kwiinguqulelo eziphathwayo ze OpenSSH eyakhelwe ngaphandle kokusebenzisa ithala leencwadi langaphandle le ldns (-with-ldns) nakwiisistim ezinamathala eencwadi asemgangathweni angaxhasi getrrsetbyname() ukufowuna. Ukuba nokwenzeka kokuxhaphaza ukuba sesichengeni, ngaphandle kokuqalisa ukwaliwa kwenkonzo yomxhasi we-ssh, kubonwa njengento engenakwenzeka.

Kwiinguqulelo ezintsha ezibalaseleyo:

  • Kwi-scp kunye ne-sftp ilungisa ukonakala kwemitha yenkqubela kwizikrini ezibanzi;
  • ssh-yongeza kunye ne-ssh-keygen sebenzisa i-RSA/SHA256 xa uvavanya ukusetyenziswa kwesitshixo sabucala, njengoko ezinye iinkqubo ziqala ukuvala i-RSA/SHA1 kwi-libcrypto.
  • Kwi-sftp-server yenza ulungiso lokuvuza kwememori.
  • Kwi-ssh, sshd kunye ne-ssh-keyscan ikhowudi yokuhambelana yasuswa kwaye yenziwa lula into eseleyo yeprotocol ye "vestigal".
  • Yenza ulungiso kwimpembelelo ephantsi I-Coverity static analysis results series.
    Ezi ziquka iingxelo ezininzi:
    * ssh_config(5), sshd_config(5): khankanya ukuba ezinye iinketho azikho
    umdlalo wokuqala uphumelele
    *Rework log yovavanyo lokubuyela umva. Uvavanyo lokurhoxa ngoku
    bamba iilog ezahlukeneyo ze-ssh nganye kunye ne-sshd invocation kuvavanyo.
    * ssh(1): yenza `ssh -Q I-CASignatureAlgorithms` isebenze njengephepha lomntu
    ithi kufanele; bz3532.

Okokugqibela, kufuneka kuqatshelwe ukuba ubuthathaka bunokubonwa kwilayibrari ye libskey ifakwe ne-OpenBSD, esetyenziswa yi-OpenSSH. Ingxaki ibikho ukusukela ngo-1997 kwaye inokubangela ukuphuphuma kwe-stack buffer xa kusetyenzwa ngamagama abamkeli akhiwe ngokukodwa.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nale nguqulo intsha, unokujonga iinkcukacha ngokuya kule khonkco ilandelayo.

Uyifaka njani i-OpenSSH 9.3 kwiLinux?

Kulabo banomdla wokukwazi ukufaka le nguqulo intsha ye-OpenSSH kwiinkqubo zabo, okwangoku bangayenza Ukukhuphela ikhowudi yemvelaphi yoku kunye ukwenza ukudityaniswa kwiikhompyuter zabo.

Kungenxa yokuba ingxelo entsha ayikabandakanywa koovimba beenkqubo eziphambili zeLinux. Ukufumana ikhowudi yemvelaphi, ungenza kwi ikhonkco elandelayo.

Yenza ukhuphelo, ngoku siza kukhulula ipakethe ngalo myalelo ulandelayo:

tar -xvf openssh-9.3.tar.gz

Sifaka isikhombisi esenziwe:

cd openssh-9.3

Y sinokudibanisa kunye le miyalelo ilandelayo:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.