Bayan watanni shida na ci gaba saki , Buɗe abokin ciniki da aiwatar da uwar garke don aiki ta hanyar SSH 2.0 da ka'idojin SFTP.
Hankali na musamman a cikin sabon sakin shine kawar da raunin da ya shafi ssh, sshd, ssh-add da ssh-keygen. Matsalar tana nan a lambar don tantance maɓallai masu zaman kansu tare da nau'in XMSS kuma yana bawa maharin damar haifar da cikar lamba. Ana yiwa alamar rauni a matsayin mai amfani, amma ba ta da ɗan amfani, tunda goyan bayan maɓallan XMSS siffa ce ta gwaji wacce aka kashe ta tsohuwa ( sigar mai ɗaukar hoto ba ta da zaɓin ginawa a cikin autoconf don kunna XMSS).
Babban canje-canje:
- A cikin ssh, sshd da ssh-agent lambar da ke hana dawo da maɓalli na sirri da ke cikin RAM sakamakon hare-haren tashoshi na gefe, kamar , и . Maɓallai masu zaman kansu yanzu ana rufaffen rufaffiyar idan an loda su cikin ƙwaƙwalwar ajiya kuma ana ɓoye su kawai lokacin da ake amfani da su, sauran rufaffen sauran lokacin. Tare da wannan hanyar, don samun nasarar dawo da maɓalli na sirri, maharin dole ne ya fara dawo da maɓallin tsaka-tsakin da aka ƙirƙira ba da gangan ba na 16 KB girmansa, wanda aka yi amfani da shi don ɓoye babban maɓalli, wanda ba zai yuwu ba idan aka ba da kuskuren dawo da daidaitattun hare-hare na zamani;
- В Ƙara goyan bayan gwaji don ƙaƙƙarfan tsari don ƙirƙira da tabbatar da sa hannun dijital. Ana iya ƙirƙirar sa hannu na dijital ta amfani da maɓallan SSH na yau da kullun da aka adana akan faifai ko a cikin wakilin ssh, kuma an tabbatar da su ta amfani da wani abu mai kama da maɓallan izini. . An gina bayanan sararin samaniya a cikin sa hannu na dijital don guje wa rudani lokacin amfani da shi a wurare daban-daban (misali, don imel da fayiloli);
- ssh-keygen an canza shi ta tsohuwa don amfani da algorithm rsa-sha2-512 lokacin inganta takaddun shaida tare da sa hannu na dijital dangane da maɓallin RSA (lokacin aiki a yanayin CA). Irin waɗannan takaddun shaida ba su dace da sakewa ba kafin OpenSSH 7.2 (don tabbatar da dacewa, nau'in algorithm dole ne a soke shi, misali ta hanyar kiran "ssh-keygen -t ssh-rsa -s ...");
- A cikin ssh, kalmar ProxyCommand yanzu tana goyan bayan faɗaɗa musanya "% n" (sunan mai masauki da aka ƙayyade a mashigin adireshin);
- A cikin jerin algorithms na ɓoyewa don ssh da sshd, yanzu zaku iya amfani da harafin "^" don saka tsoffin algorithms. Misali, don ƙara ssh-ed25519 zuwa jerin tsoho, zaku iya saka "HostKeyAlgorithms ^ssh-ed25519";
- ssh-keygen yana ba da fitar da sharhin da aka makala zuwa maɓalli lokacin da za a cire maɓallin jama'a daga na sirri;
- An ƙara ikon yin amfani da tutar "-v" a cikin ssh-keygen yayin aiwatar da ayyukan bincike na maɓalli (misali, "ssh-keygen -vF host"), ƙididdige abin da ke haifar da sa hannun mai watsa shiri na gani;
- Ƙara ikon amfani azaman madadin tsari don adana maɓallan sirri akan faifai. Ana ci gaba da amfani da tsarin PEM ta hanyar tsohuwa, kuma PKCS8 na iya zama da amfani don cimma daidaituwa tare da aikace-aikacen ɓangare na uku.
source: budenet.ru