Kev tso tawm ntawm OpenSSH 9.3, qhib kev siv ntawm tus neeg siv khoom thiab cov neeg rau zaub mov rau kev ua haujlwm dhau SSH 2.0 thiab SFTP raws tu qauv, tau tshaj tawm. Tus tshiab version kho teeb meem kev ruaj ntseg:
- Ib qho laj thawj yuam kev tau raug txheeb xyuas hauv ssh-ntxiv cov nqi hluav taws xob, vim tias, thaum ntxiv cov keycard smartcard rau ssh-tus neeg saib xyuas, cov kev txwv uas tau teev tseg siv qhov kev xaiv "ssh-add -h" tsis dhau mus rau tus neeg sawv cev. Yog li ntawd, ib qho tseem ceeb tau ntxiv rau tus neeg sawv cev, uas txwv tsis pub siv uas tso cai rau kev sib txuas tsuas yog los ntawm qee tus tswv tsev.
- Ib qho kev tsis txaus ntseeg tau raug txheeb xyuas nyob rau hauv ssh qhov hluav taws xob uas tuaj yeem ua rau cov ntaub ntawv raug nyeem los ntawm pawg pawg sab nraum qhov kev faib tsis tau thaum ua tiav cov lus teb tshwj xeeb DNS yog tias VerifyHostKeyDNS teeb tsa suav nrog hauv cov ntaub ntawv teeb tsa. Qhov teeb meem tshwm sim nyob rau hauv qhov kev siv ua ke ntawm getrrsetbyname() muaj nuj nqi, uas yog siv nyob rau hauv portable versions ntawm OpenSSH ua tsis tau siv lub tsev qiv ntawv ldns sab nraud (--with-ldns) thiab nyob rau hauv systems nrog cov qauv tsev qiv ntawv uas tsis txhawb lub getrrsetbyname ( ) hu. Qhov muaj peev xwm ntawm kev siv qhov tsis zoo, uas tsis yog los pib qhov kev tsis lees paub kev pabcuam rau tus neeg siv khoom ssh, raug ntsuas raws li qhov tsis zoo.
Tsis tas li ntawd, qhov muaj qhov tsis zoo tuaj yeem raug sau tseg hauv libskey tsev qiv ntawv suav nrog OpenBSD, uas yog siv hauv OpenSSH. Qhov teeb meem tau tshwm sim txij li xyoo 1997 thiab tuaj yeem ua rau muaj qhov tsis txaus ntawm cov pawg thaum ua cov khoom siv tshwj xeeb hostnames. Nws tau raug sau tseg tias txawm hais tias qhov tshwm sim ntawm qhov tsis muaj peev xwm tuaj yeem pib nyob deb ntawm OpenSSH, hauv kev xyaum, qhov tsis zoo yog qhov tsis muaj txiaj ntsig, vim nws qhov tshwm sim lub npe ntawm tus tswv tsev tawm tsam (/etc/hostname) yuav tsum muaj ntau dua 126 tus cim, thiab qhov tsis tuaj yeem hla tsuas yog cov cim nrog null code ('\ 0').
Ntawm cov kev hloov tsis ruaj ntseg:
- Ntxiv kev txhawb nqa rau "-Ohashalg = sha1|sha256" parameter rau ssh-keygen thiab ssh-keyscan xaiv algorithm rau kev nthuav tawm SSHFP snapshots.
- Ntxiv "-G" kev xaiv rau sshd rau parse thiab tso saib cov kev teeb tsa nquag yam tsis tau sim thauj cov yuam sij ntiag tug thiab tsis ua qhov kev kuaj xyuas ntxiv, tso cai rau kev teeb tsa los kuaj xyuas ua ntej cov cim tseem ceeb thiab ua haujlwm los ntawm cov neeg siv tsis muaj cai.
- sshd tau txhim kho kev sib cais ntawm Linux platform siv seccomp thiab seccomp-bpf system hu filtering mechanisms. Ntxiv cov chij rau mmap, madvise thiab futex rau cov npe ntawm kev tso cai hu.
Tau qhov twg los: opennet.ru