🥇OpenSSH 8.4 tso tawm

Tom qab plaub lub hlis ntawm kev loj hlob hais tawm tso tawm ntawm OpenSSH 8.4, qhib cov neeg siv khoom thiab kev siv server rau kev ua haujlwm siv SSH 2.0 thiab SFTP raws tu qauv.

Cov kev hloov loj:

Kev hloov kev ruaj ntseg:
- Hauv ssh-tus neeg saib xyuas, thaum siv FIDO cov yuam sij uas tsis tau tsim rau SSH authentication (tus ID tseem ceeb tsis pib nrog txoj hlua "ssh:"), nws tam sim no xyuas tias cov lus yuav raug kos npe siv cov kev siv hauv SSH raws tu qauv. Qhov kev hloov pauv yuav tsis tso cai rau ssh-tus neeg sawv cev raug xa mus rau cov chaw nyob deb nroog uas muaj FIDO yuam sij los thaiv lub peev xwm los siv cov yuam sij no los tsim kev kos npe rau kev thov kev lees paub lub vev xaib (qhov rov qab rooj plaub, thaum browser tuaj yeem kos npe rau SSH thov, yog thawj zaug tsis suav nrog. vim yog siv "ssh:" ua ntej hauv tus cim tseem ceeb).
- ssh-keygen tus neeg nyob hauv lub cim tseem ceeb suav nrog kev txhawb nqa rau credProtect add-on tau piav qhia hauv FIDO 2.1 specification, uas muab kev tiv thaiv ntxiv rau cov yuam sij los ntawm kev xav tau tus lej PIN ua ntej ua txhua yam haujlwm uas yuav ua rau rho tawm tus yuam sij nyob hauv lub token.
Tej zaum yuav tawg compatibility hloov:
- Txhawm rau txhawb FIDO / U2F, nws raug nquahu kom siv libfido2 tsev qiv ntawv tsawg kawg version 1.5.0. Lub peev xwm los siv cov ntawv qub tau raug siv ua ib feem, tab sis qhov no, cov haujlwm xws li cov yuam sij nyob hauv, thov tus PIN, thiab txuas ntau lub tokens yuav tsis muaj.
- Hauv ssh-keygen, cov ntaub ntawv pov thawj tsim nyog rau kev txheeb xyuas qhov kev kos npe digital tau ntxiv rau hom ntawv ntawm cov ntaub ntawv lees paub, xaiv tau txais kev cawmdim thaum tsim tus yuam sij FIDO.
- API siv thaum OpenSSH cuam tshuam nrog txheej rau kev nkag mus rau FIDO tokens tau hloov pauv.
- Thaum tsim ib lub portable version ntawm OpenSSH, automake yog tam sim no yuav tsum tau los tsim cov configure tsab ntawv thiab nrog rau tsim cov ntaub ntawv (yog hais tias lub tsev los ntawm ib tug luam tawm code tar ntaub ntawv, regenerating configure yog tsis yuav tsum tau).
Ntxiv kev txhawb nqa rau FIDO cov yuam sij uas xav tau kev txheeb xyuas tus lej PIN hauv ssh thiab ssh-keygen. Txhawm rau tsim cov yuam sij nrog tus lej PIN, qhov kev xaiv "tseem ceeb-yuav tsum tau" tau ntxiv rau ssh-keygen. Yog tias cov yuam sij no raug siv, ua ntej ua haujlwm kos npe tsim, tus neeg siv yuav raug ceeb toom kom paub meej tias lawv ua los ntawm kev nkag mus rau tus lej PIN.
Hauv sshd, qhov kev xaiv "tseem ceeb-yuav tsum tau" yog siv nyob rau hauv qhov kev tso cai_keys teeb tsa, uas yuav tsum tau siv lub peev xwm los txheeb xyuas qhov muaj tus neeg siv thaum ua haujlwm nrog lub token. Tus qauv FIDO muab ntau txoj hauv kev rau kev txheeb xyuas qhov no, tab sis tam sim no OpenSSH tsuas yog txhawb nqa kev txheeb xyuas tus lej PIN.
sshd thiab ssh-keygen tau ntxiv kev txhawb nqa rau kev txheeb xyuas cov kos npe digital uas ua raws li tus qauv FIDO Webauthn, uas tso cai rau FIDO yuam sij siv hauv web browsers.
Hauv ssh hauv CertificateFile nqis,
ControlPath, IdentityAgent, IdentityFile, LocalForward thiab
RemoteForward tso cai hloov cov txiaj ntsig los ntawm ib puag ncig hloov pauv tau teev tseg hauv hom "${ENV}".
ssh thiab ssh-tus neeg saib xyuas tau ntxiv kev txhawb nqa rau $SSH_ASKPASS_REQUIRE ib puag ncig hloov pauv, uas tuaj yeem siv los pab lossis lov tes taw ssh-askpass hu.
Hauv ssh hauv ssh_config hauv AddKeysToAgent cov lus qhia, lub peev xwm los txwv lub sijhawm siv tau ntawm tus yuam sij tau ntxiv. Tom qab qhov txwv tsis pub dhau lawm, cov yuam sij yuav raug rho tawm ntawm ssh-tus neeg saib xyuas.
Hauv scp thiab sftp, siv tus chij "-A", tam sim no koj tuaj yeem tso cai rau redirection rau scp thiab sftp siv ssh-tus neeg saib xyuas (redirection is disabled by default).
Ntxiv kev txhawb nqa rau '%k' hloov pauv hauv ssh chaw, uas qhia meej lub npe tseem ceeb ntawm tus tswv tsev. Qhov no tuaj yeem siv los faib cov yuam sij rau hauv cov ntaub ntawv sib cais (piv txwv li, "UserKnownHostsFile ~/.ssh/known_hosts.d/%k").
Tso cai rau kev siv "ssh-ntxiv -d -" ua haujlwm los nyeem cov yuam sij ntawm stdin uas yuav tsum tau muab tshem tawm.
Hauv sshd, qhov pib thiab xaus ntawm kev sib txuas pruning txheej txheem yog tshwm sim hauv lub cav, tswj hwm siv MaxStartups parameter.

Cov neeg tsim tawm OpenSSH kuj tseem nco qab qhov kev txiav txim siab tom ntej ntawm algorithms siv SHA-1 hashes vim kev txhawb nqa qhov ua tau zoo ntawm kev sib tsoo tawm tsam nrog cov lus qhia ua ntej (tus nqi ntawm kev xaiv kev sib tsoo yog kwv yees li ntawm 45 txhiab daus las). Nyob rau hauv ib qho ntawm cov kev tshaj tawm yav tom ntej, lawv npaj yuav lov tes taw los ntawm lub neej ntawd lub peev xwm los siv cov pej xeem tseem ceeb digital kos npe algorithm "ssh-rsa", uas tau hais hauv thawj RFC rau SSH raws tu qauv thiab tseem muaj dav hauv kev xyaum (los sim siv ntawm ssh-rsa hauv koj lub tshuab, koj tuaj yeem sim txuas ntawm ssh nrog kev xaiv "-oHostKeyAlgorithms =-ssh-rsa").

Txhawm rau ua kom qhov kev hloov pauv mus rau qhov tshiab algorithms hauv OpenSSH, qhov kev tso tawm tom ntej yuav ua rau UpdateHostKeys teeb tsa los ntawm lub neej ntawd, uas yuav cia li hloov cov neeg siv mus rau ntau qhov kev ntseeg siab algorithms. Pom zoo algorithms rau kev tsiv teb tsaws suav nrog rsa-sha2-256/512 raws li RFC8332 RSA SHA-2 (txhawb txij li OpenSSH 7.2 thiab siv los ntawm lub neej ntawd), ssh-ed25519 (txhawb txij li OpenSSH 6.5) thiab ecdsa-sha2-nistp256/384 ntawm RFC521 ECDSA (txhawb txij li OpenSSH 5656).

Tau qhov twg los: opennet.ru

Tso tawm ntawm OpenSSH 8.4

Ntxiv ib saib Отменить ответ