ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Tso tawm ntawm OpenSSH 8.1

Tso tawm ntawm OpenSSH 8.1

Tom qab rau lub hlis ntawm kev loj hlob hais tawm tso tawm OpenSSH 8.1, qhib cov neeg siv khoom thiab kev siv server rau kev ua haujlwm ntawm SSH 2.0 thiab SFTP raws tu qauv.

Kev saib xyuas tshwj xeeb hauv qhov kev tso tawm tshiab yog kev tshem tawm qhov tsis zoo cuam tshuam rau ssh, sshd, ssh-ntxiv thiab ssh-keygen. Qhov teeb meem yog tam sim no nyob rau hauv cov cai rau parsing ntiag tug yuam sij nrog XMSS hom thiab tso cai rau ib tug attacker los ua ib tug integer overflow. Qhov tsis zoo yog cim tias siv tau, tab sis siv me me, txij li kev txhawb nqa rau XMSS cov yuam sij yog qhov kev sim ua haujlwm uas yog neeg xiam oob qhab los ntawm lub neej ntawd (lub portable version tsis txawm muaj kev xaiv tsim hauv autoconf los pab XMSS).

Cov kev hloov loj:

  • Hauv ssh, sshd thiab ssh-tus neeg sawv cev ntxiv code uas tiv thaiv kev rov qab los ntawm tus yuam sij ntiag tug nyob hauv RAM vim yog kev tawm tsam sab-channel, xws li Spectre, Meltdown, RowHammer ΠΈ RAMBleed. Cov yuam sij ntiag tug tam sim no tau encrypted thaum loaded rau hauv lub cim xeeb thiab decrypted tsuas yog thaum siv, seem encrypted lub sij hawm. Nrog rau txoj hauv kev no, kom rov ua tiav tus yuam sij ntiag tug, tus neeg tawm tsam yuav tsum tau rov qab ua qhov yuam kev nruab nrab ntawm qhov loj me ntawm 16 KB, siv los encrypt tus yuam sij tseem ceeb, uas tsis zoo li muab qhov yuam kev rov qab zoo li niaj hnub tawm tsam;
  • Π’ ssh-keygen Ntxiv kev sim txhawb nqa rau lub tswv yim yooj yim rau kev tsim thiab txheeb xyuas cov kos npe digital. Cov kos npe digital tuaj yeem tsim tau siv cov yuam sij SSH ib txwm khaws cia ntawm disk lossis hauv ssh-tus neeg saib xyuas, thiab txheeb xyuas siv qee yam zoo ib yam li authorized_keys daim ntawv teev cov yuam sij siv tau. Cov ntaub ntawv Namespace tau tsim rau hauv cov ntawv kos npe digital kom tsis txhob muaj kev ntxhov siab thaum siv ntau qhov chaw (piv txwv li, rau email thiab cov ntaub ntawv);
  • ssh-keygen tau hloov pauv los ntawm lub neej ntawd los siv rsa-sha2-512 algorithm thaum lees paub daim ntawv pov thawj nrog tus lej kos npe raws li tus yuam sij RSA (thaum ua haujlwm hauv CA hom). Cov ntawv pov thawj zoo li no tsis sib haum nrog kev tshaj tawm ua ntej OpenSSH 7.2 (kom ntseeg tau tias muaj kev sib raug zoo, hom algorithm yuav tsum dhau mus, piv txwv li hu rau "ssh-keygen -t ssh-rsa -s ... ");
  • Hauv ssh, ProxyCommand qhia tam sim no txhawb kev nthuav dav ntawm "%n" hloov pauv (lub npe hostname teev hauv qhov chaw nyob);
  • Hauv cov npe ntawm encryption algorithms rau ssh thiab sshd, tam sim no koj tuaj yeem siv lub cim "^" los ntxig rau lub neej ntawd algorithms. Piv txwv li, ntxiv ssh-ed25519 rau hauv daim ntawv teev npe, koj tuaj yeem teev "HostKeyAlgorithms ^ssh-ed25519";
  • ssh-keygen muab cov lus tso tawm ntawm cov lus txuas rau tus yuam sij thaum rho tawm tus yuam sij pej xeem los ntawm tus kheej;
  • Ntxiv lub peev xwm los siv tus chij "-v" hauv ssh-keygen thaum ua haujlwm nrhiav qhov tseem ceeb (piv txwv li, "ssh-keygen -vF host"), qhia qhov uas ua rau pom tus tswv kos npe;
  • Ntxiv lub peev xwm los siv PKCS 8 ua lwm hom ntawv rau khaws cov yuam sij ntiag tug ntawm disk. PEM hom ntawv txuas ntxiv siv los ntawm lub neej ntawd, thiab PKCS8 yuav muaj txiaj ntsig zoo rau kev ua tiav kev sib raug zoo nrog cov ntawv thov thib peb.

Tau qhov twg los: opennet.ru

Ntxiv ib saib