ProHoster > Блог > labaran intanet > Sakin OpenSSH 9.1

Sakin OpenSSH 9.1

Bayan watanni shida na haɓakawa, an buga sakin OpenSSH 9.1, buɗe aikace-aikacen abokin ciniki da sabar don aiki akan ka'idojin SSH 2.0 da SFTP. An siffanta sakin a matsayin mai ƙunshe da galibin gyare-gyaren kwaro, gami da yuwuwar lahani da yawa da al'amuran ƙwaƙwalwa suka haifar:

  • Zurfafa byte guda ɗaya a cikin lambar sarrafa banner na SSH a cikin kayan aikin ssh-keyscan.
  • Kira sau biyu zuwa aikin kyauta () idan akwai kuskure lokacin ƙididdige hashes don fayiloli a cikin lambar don ƙirƙira da tabbatar da sa hannun dijital a cikin kayan aikin ssh-keygen.
  • Kira sau biyu zuwa aikin () kyauta lokacin da ake sarrafa kurakurai a cikin kayan aikin ssh-keysign.

Babban canje-canje:

  • An ƙara umarnin da ake buƙataRSASize zuwa ssh da sshd, yana ba ku damar ƙayyade mafi ƙarancin izinin maɓallan RSA. A cikin sshd, za a yi watsi da ƙananan maɓalli, kuma a cikin ssh za su haifar da ƙarewar haɗin.
  • An canza bugu na OpenSSH mai ɗaukuwa don amfani da maɓallan SSH don sa hannu a lambobi da alamun a cikin Git.
  • Umarnin SetEnv a cikin fayilolin sanyi na ssh_config da sshd_config yanzu suna amfani da ƙimar daga farkon ambaton yanayin yanayin idan an bayyana shi fiye da sau ɗaya a cikin tsarin (a baya an yi amfani da ambaton ƙarshe).
  • Lokacin kiran mai amfani da ssh-keygen tare da tutar “-A” (samar da kowane nau'in maɓallan runduna da ke tallafawa ta tsohuwa), tsarar maɓallan DSA, waɗanda ba a yi amfani da su ta tsohuwa ba na shekaru da yawa, ba su da ƙarfi.
  • sftp-server da sftp aiwatar da tsawo"[email kariya]", yana ba abokin ciniki ikon neman mai amfani da sunayen rukuni masu dacewa da ƙayyadadden saitin abubuwan gano dijital (uid da gid). A cikin sftp, ana amfani da wannan tsawo don nuna sunaye yayin nuna abubuwan da ke cikin kundin adireshi.
  • sftp-server yana aiwatar da tsawo na "gidaje-gida" don faɗaɗa ~/ da ~ mai amfani/ hanyõyi, madadin tsawaita da aka tsara a baya "[email kariya]"(an gabatar da tsawo na "gidaje-gida" don daidaitawa kuma wasu abokan ciniki sun riga sun goyi bayan).
  • ssh-keygen da sshd suna ƙara ikon tantance lokaci a cikin yankin lokaci na UTC lokacin da ake tantance takaddun shaida da tazarar ingancin maɓalli, ban da lokacin tsarin.
  • sftp yana ba da damar ƙarin mahawara don bayyana tare da zaɓin "-D" (misali, "/usr/libexec/sftp-server -el debug3").
  • ssh-keygen yana ba da damar yin amfani da tutar "-U" (amfani da ssh-agent) tare da ayyukan "-Y" don sanin cewa maɓallan masu zaman kansu suna ɗaukar nauyin ssh-agent.

    source: budenet.ru

Add a comment