ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Tso tawm ntawm OpenSSH 8.7

Tso tawm ntawm OpenSSH 8.7

Tom qab plaub lub hlis ntawm kev txhim kho, kev tso tawm ntawm OpenSSH 8.7, qhib kev siv tus neeg siv khoom thiab cov neeg rau zaub mov rau kev ua haujlwm dhau SSH 2.0 thiab SFTP raws tu qauv, tau nthuav tawm.

Cov kev hloov loj:

  • Ib qho kev sim cov ntaub ntawv hloov pauv tau ntxiv rau scp siv SFTP raws tu qauv siv SCP / RCP raws tu qauv. SFTP siv ntau txoj kev tuav lub npe thiab tsis siv lub plhaub ua cov qauv glob ntawm lwm tus tswv tsev, uas tsim teeb meem kev nyab xeeb. Txhawm rau ua kom SFTP hauv scp, tus chij "-s" tau thov, tab sis yav tom ntej nws tau npaj hloov mus rau qhov kev cai no los ntawm lub neej ntawd.
  • sftp-server siv txuas ntxiv rau SFTP raws tu qauv kom nthuav dav ~ / thiab ~ cov neeg siv / txoj hauv kev, uas yog qhov tsim nyog rau scp.
  • Cov khoom siv hluav taws xob scp tau hloov tus cwj pwm thaum luam cov ntaub ntawv ntawm ob lub chaw nyob deb (piv txwv li, "scp host-a: / path host-b:"), uas tam sim no ua tiav los ntawm lub neej ntawd los ntawm tus tswv tsev nruab nrab hauv zos, xws li thaum qhia txog " -3" chij. Txoj hauv kev no tso cai rau koj kom tsis txhob dhau daim ntawv pov thawj tsis tsim nyog rau thawj tus tswv tsev thiab kev txhais peb npaug ntawm cov npe ntawm cov ntaub ntawv hauv lub plhaub (ntawm qhov chaw, qhov chaw thiab lub hauv paus system sab), thiab thaum siv SFTP, nws tso cai rau koj siv txhua txoj kev lees paub thaum nkag mus rau tej thaj chaw deb. hosts, thiab tsis yog cov txheej txheem tsis sib tham xwb. Qhov kev xaiv "-R" tau muab ntxiv los kho cov cwj pwm qub.
  • Ntxiv ForkAfterAuthentication teeb tsa rau ssh coj mus rau tus chij "-f".
  • Ntxiv StdinNull chaw rau ssh, sib xws rau tus chij "-n".
  • Kev teeb tsa SessionType tau ntxiv rau ssh, los ntawm qhov uas koj tuaj yeem teeb tsa cov qauv coj mus rau "-N" (tsis muaj kev sib kho) thiab "-s" (subsystem) chij.
  • ssh-keygen tso cai rau koj los qhia txog lub sijhawm tseem ceeb ntawm cov ntaub ntawv tseem ceeb.
  • Ntxiv "-Oprint-pubkey" chij rau ssh-keygen los luam tag nrho pej xeem tus yuam sij ua ib feem ntawm sshsig kos npe.
  • Hauv ssh thiab sshd, ob tus neeg siv khoom thiab cov neeg rau zaub mov tau raug tsiv mus siv cov ntaub ntawv txwv kev txwv ntau dua uas siv cov kev cai zoo li lub plhaub rau kev tuav cov nqe lus, qhov chaw, thiab khiav tawm cov cim. Tus tshiab parser kuj tsis quav ntsej cov kev xav yav dhau los, xws li tshem tawm cov lus sib cav hauv cov kev xaiv (piv txwv li, DenyUsers cov lus qhia tsis tuaj yeem tso tseg), tsis kaw cov lus, thiab qhia ntau yam = cim.
  • Thaum siv SSHFP DNS cov ntaub ntawv thaum txheeb xyuas cov yuam sij, ssh tam sim no tshawb xyuas tag nrho cov ntaub ntawv sib xws, tsis yog cov uas muaj hom kos npe tshwj xeeb.
  • Hauv ssh-keygen, thaum tsim tus yuam sij FIDO nrog qhov kev xaiv -Ochallenge, txheej txheej tsim tam sim no siv rau kev hashing, tsis yog libfido2, uas tso cai rau kev siv cov kev sib tw sib tw loj dua lossis tsawg dua 32 bytes.
  • Hauv sshd, thaum ua ib puag ncig = "..." cov lus qhia hauv cov ntaub ntawv tso cai_keys, thawj qhov kev sib tw tau txais tam sim no thiab muaj qhov txwv ntawm 1024 ib puag ncig cov npe sib txawv.

Cov neeg tsim tawm OpenSSH kuj tau ceeb toom txog qhov decomposition ntawm algorithms siv SHA-1 hashes vim qhov ua tau zoo ntawm kev sib tsoo tawm tsam nrog cov lus qhia ua ntej (tus nqi ntawm kev xaiv kev sib tsoo yog kwv yees li ntawm 50 txhiab daus las). Hauv qhov kev tso tawm tom ntej no, peb npaj yuav lov tes taw los ntawm lub neej ntawd lub peev xwm los siv cov pej xeem tseem ceeb digital kos npe algorithm "ssh-rsa", uas tau hais hauv thawj RFC rau SSH raws tu qauv thiab tseem siv dav hauv kev xyaum.

Txhawm rau kuaj kev siv ssh-rsa ntawm koj lub tshuab, koj tuaj yeem sim txuas ntawm ssh nrog "-oHostKeyAlgorithms =-ssh-rsa" kev xaiv. Nyob rau tib lub sijhawm, kev tsis ua haujlwm "ssh-rsa" digital kos npe los ntawm lub neej ntawd tsis txhais tau tias kev tso tseg tag nrho ntawm kev siv RSA yuam sij, txij li ntxiv rau SHA-1, SSH raws tu qauv tso cai rau kev siv lwm yam hash xam algorithms. Tshwj xeeb, ntxiv rau "ssh-rsa", nws tseem tuaj yeem siv tau "rsa-sha2-256" (RSA / SHA256) thiab "rsa-sha2-512" (RSA / SHA512) bundles.

Txhawm rau ua kom txoj kev hloov pauv mus rau cov txheej txheem tshiab, OpenSSH yav dhau los muaj qhov UpdateHostKeys teeb tsa los ntawm lub neej ntawd, uas tso cai rau cov neeg siv hloov pauv mus rau ntau qhov kev ntseeg siab algorithms. Siv qhov teeb tsa no, kev txuas ntxiv tshwj xeeb yog qhib "[email tiv thaiv]", tso cai rau tus neeg rau zaub mov, tom qab kev lees paub, qhia rau tus neeg siv khoom txog txhua tus yuam sij muaj nyob hauv. Tus neeg siv khoom tuaj yeem cuam tshuam cov yuam sij no hauv nws cov ntaub ntawv ~/.ssh/known_hosts, uas tso cai rau tus tswv cov yuam sij hloov kho thiab ua kom yooj yim hloov cov yuam sij ntawm lub server.

Kev siv UpdateHostKeys raug txwv los ntawm ntau qhov kev ceeb toom uas yuav raug tshem tawm yav tom ntej: tus yuam sij yuav tsum tau hais txog hauv UserKnownHostsFile thiab tsis siv hauv GlobalKnownHostsFile; tus yuam sij yuav tsum muaj nyob rau hauv ib lub npe xwb; yuav tsum tsis txhob siv daim ntawv pov thawj tseem ceeb ntawm tus tswv tsev; hauv know_hosts qhov ncauj qhov ntswg los ntawm lub npe tswv yuav tsum tsis txhob siv; Qhov teeb tsa VerifyHostKeyDNS yuav tsum raug kaw; UserKnownHostsFile parameter yuav tsum ua haujlwm.

Pom zoo algorithms rau kev tsiv teb tsaws suav nrog rsa-sha2-256/512 raws li RFC8332 RSA SHA-2 (txhawb txij li OpenSSH 7.2 thiab siv los ntawm lub neej ntawd), ssh-ed25519 (txhawb txij li OpenSSH 6.5) thiab ecdsa-sha2-nistp256/384 ntawm RFC521 ECDSA (txhawb txij li OpenSSH 5656).

Tau qhov twg los: opennet.ru

Ntxiv ib saib