Ipapashiwe Ukukhutshwa kwe-OpenSSH 9.3, umxhasi ovulekileyo kunye nokuphunyezwa kweseva ukusebenza kunye ne-SSH 2.0 kunye ne-SFTP protocol. Inguqulelo entsha ye-OpenSSH 9.3 iyakwazi ukulungisa ezinye iingxaki zokhuseleko, ukongeza ekongezeni izinto ezintsha
Kulabo abangaziyo nge-OpenSSH (Vula i-Shell ekhuselekileyo) kufuneka bayazi loo nto Esi siseti yezicelo ezivumela unxibelelwano olofihliweyo kwinethiwekhi, usebenzisa umthetho olandelwayo weSSH. Yenziwe njengenye indlela yasimahla nevulekileyo kwinkqubo yeShell ekhuselekileyo, nesoftware yokuthengisa.
Iimpawu ezintsha eziphambili ze-OpenSSH 9.3
Kolu guqulelo lutsha luphuma kwi-OpenSSH 9.3 enye yezinto ezintsha kukuba i-sshd yongeza `sshd -G` ukhetho olucalula kwaye luprinte uqwalaselo olululo ngaphandle kokuzama ukulayisha izitshixo zabucala kunye nokwenza ezinye iitshekhi. Oku kuvumela ukhetho ukuba lusetyenziswe phambi kokuba izitshixo zenziwe kunye nokuvavanya uqwalaselo kunye nokuqinisekiswa ngabasebenzisi abangenalo ilungelo.
Kwinxalenye yokulungisa ibug, imposiso yengqiqo ifunyenwe kusetyenziso lwe-ssh-yongeza, ngoko xa ufaka izitshixo zekhadi le-smart kwi-arhente ye-ssh, izithintelo ezichaziweyo ngo "ssh-yongeza -h" ukhetho aluzange lugqithiselwe kwi-arhente. Ngenxa yoko, isitshixo songezwa kwi-arhente, ngoko ke kwakungekho zithintelo ezivumela uxhulumaniso oluvela kuphela kwimikhosi ethile.
Enye yezilungiso oko kwaphunyezwa, yi ukuba sesichengeni kusetyenziso lwe-ssh olunokubangela ukuba idatha ifundwe kwindawo yesitaki ngaphandle kwesithinteli esinikezelweyo xa kusetyenzwa ngeempendulo zeDNS ezenziwe ngokukodwa ukuba iVerifyHostKeyDNS isicwangciso sibandakanyiwe kwifayile yoqwalaselo.
Ingxaki ikhona kuzalisekiso olwakhelwe ngaphakathi lwe getrrsetbyname() umsebenzi, osetyenziswa kwiinguqulelo eziphathwayo ze OpenSSH eyakhelwe ngaphandle kokusebenzisa ithala leencwadi langaphandle le ldns (-with-ldns) nakwiisistim ezinamathala eencwadi asemgangathweni angaxhasi getrrsetbyname() ukufowuna. Ukuba nokwenzeka kokuxhaphaza ukuba sesichengeni, ngaphandle kokuqalisa ukwaliwa kwenkonzo yomxhasi we-ssh, kubonwa njengento engenakwenzeka.
Kwiinguqulelo ezintsha ezibalaseleyo:
- Kwi-scp kunye ne-sftp ilungisa ukonakala kwemitha yenkqubela kwizikrini ezibanzi;
- ssh-yongeza kunye ne-ssh-keygen sebenzisa i-RSA/SHA256 xa uvavanya ukusetyenziswa kwesitshixo sabucala, njengoko ezinye iinkqubo ziqala ukuvala i-RSA/SHA1 kwi-libcrypto.
- Kwi-sftp-server yenza ulungiso lokuvuza kwememori.
- Kwi-ssh, sshd kunye ne-ssh-keyscan ikhowudi yokuhambelana yasuswa kwaye yenziwa lula into eseleyo yeprotocol ye "vestigal".
- Yenza ulungiso kwimpembelelo ephantsi I-Coverity static analysis results series.
Ezi ziquka iingxelo ezininzi:
* ssh_config(5), sshd_config(5): khankanya ukuba ezinye iinketho azikho
umdlalo wokuqala uphumelele
*Rework log yovavanyo lokubuyela umva. Uvavanyo lokurhoxa ngoku
bamba iilog ezahlukeneyo ze-ssh nganye kunye ne-sshd invocation kuvavanyo.
* ssh(1): yenza `ssh -Q I-CASignatureAlgorithms` isebenze njengephepha lomntu
ithi kufanele; bz3532.
Okokugqibela, kufuneka kuqatshelwe ukuba ubuthathaka bunokubonwa kwilayibrari ye libskey ifakwe ne-OpenBSD, esetyenziswa yi-OpenSSH. Ingxaki ibikho ukusukela ngo-1997 kwaye inokubangela ukuphuphuma kwe-stack buffer xa kusetyenzwa ngamagama abamkeli akhiwe ngokukodwa.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nale nguqulo intsha, unokujonga iinkcukacha ngokuya kule khonkco ilandelayo.
Uyifaka njani i-OpenSSH 9.3 kwiLinux?
Kulabo banomdla wokukwazi ukufaka le nguqulo intsha ye-OpenSSH kwiinkqubo zabo, okwangoku bangayenza Ukukhuphela ikhowudi yemvelaphi yoku kunye ukwenza ukudityaniswa kwiikhompyuter zabo.
Kungenxa yokuba ingxelo entsha ayikabandakanywa koovimba beenkqubo eziphambili zeLinux. Ukufumana ikhowudi yemvelaphi, ungenza kwi ikhonkco elandelayo.
Yenza ukhuphelo, ngoku siza kukhulula ipakethe ngalo myalelo ulandelayo:
tar -xvf openssh-9.3.tar.gz
Sifaka isikhombisi esenziwe:
cd openssh-9.3
Y sinokudibanisa kunye le miyalelo ilandelayo:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install