ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Tso tawm ntawm OpenSSH 9.6 nrog tshem tawm qhov tsis zoo

Tso tawm ntawm OpenSSH 9.6 nrog tshem tawm qhov tsis zoo

Kev tso tawm ntawm OpenSSH 9.6 tau tshaj tawm, qhib kev siv ntawm tus neeg siv khoom thiab cov neeg rau zaub mov rau kev ua haujlwm siv SSH 2.0 thiab SFTP raws tu qauv. Tus tshiab version kho peb qhov teeb meem kev ruaj ntseg:

  • Qhov tsis zoo nyob rau hauv SSH raws tu qauv (CVE-2023-48795, "Terrapin" nres), uas tso cai rau MITM nres rov qab qhov kev sib txuas los siv cov txheej txheem kev lees paub tsis tshua muaj kev ruaj ntseg thiab lov tes taw tiv thaiv kev tawm tsam sab-channel uas rov tsim cov tswv yim los ntawm kev txheeb xyuas qhov qeeb. nruab nrab ntawm cov keystrokes ntawm cov keyboard. Txoj kev tawm tsam tau piav qhia hauv ib tsab xov xwm cais.
  • Qhov tsis zoo nyob rau hauv ssh qhov hluav taws xob uas tso cai rau kev hloov pauv ntawm cov lus txib ntawm lub plhaub arbitrary los ntawm kev tswj tus ID nkag mus thiab tus tswv tsev muaj txiaj ntsig uas muaj cov cim tshwj xeeb. Qhov tsis muaj zog tuaj yeem siv tau yog tias tus neeg tawm tsam tswj hwm tus ID nkag mus thiab hostname qhov tseem ceeb dhau mus rau ssh, ProxyCommand thiab LocalCommand cov lus qhia, lossis "match exec" blocks uas muaj cov cim qus xws li %u thiab %h. Piv txwv li, kev nkag mus tsis raug thiab tus tswv tsev tuaj yeem hloov pauv hauv cov tshuab uas siv cov submodules hauv Git, vim Git tsis txwv tsis pub qhia cov cim tshwj xeeb hauv tus tswv tsev thiab cov npe neeg siv. Ib qho tsis zoo sib xws kuj tshwm sim hauv libssh.
  • Muaj kab mob hauv ssh-tus neeg saib xyuas qhov twg, thaum ntxiv PKCS # 11 tus yuam sij ntiag tug, kev txwv tsuas yog siv rau thawj tus yuam sij rov qab los ntawm PKCS # 11 token. Qhov teeb meem tsis cuam tshuam rau cov yuam sij ntiag tug, FIDO tokens, lossis cov yuam sij tsis txwv.

Lwm yam kev hloov pauv:

  • Ntxiv "%j" hloov mus rau ssh, nthuav mus rau hauv lub hostname teev ntawm ProxyJump cov lus qhia.
  • ssh tau ntxiv kev txhawb nqa rau kev teeb tsa ChannelTimeout ntawm cov neeg siv khoom sab nraud, uas tuaj yeem siv los txiav tawm cov channel tsis ua haujlwm.
  • Ntxiv kev txhawb nqa rau kev nyeem ED25519 tus yuam sij ntiag tug hauv PEM PKCS8 hom ntawv rau ssh, sshd, ssh-ntxiv thiab ssh-keygen (yav dhau los tsuas yog OpenSSH hom ntawv tau txais kev txhawb nqa).
  • Cov txheej txheem txuas ntxiv tau ntxiv rau ssh thiab sshd txhawm rau rov sib tham txog kev kos npe digital algorithms rau kev lees paub qhov tseem ceeb rau pej xeem tom qab tau txais lub npe siv. Piv txwv li, siv qhov txuas ntxiv, koj tuaj yeem xaiv siv lwm cov algorithms hauv kev sib raug zoo rau cov neeg siv los ntawm kev qhia PubkeyAcceptedAlgorithms hauv "Match user" thaiv.
  • Ntxiv cov txheej txheem txuas ntxiv rau ssh-ntxiv thiab ssh-tus neeg saib xyuas los teeb tsa daim ntawv pov thawj thaum thauj khoom PKCS # 11 cov yuam sij, tso cai rau daim ntawv pov thawj cuam tshuam nrog PKCS # 11 tus yuam sij ntiag tug siv hauv txhua qhov kev siv OpenSSH uas txhawb nqa ssh-tus neeg saib xyuas, tsis yog ssh xwb.
  • Txhim kho kev tshawb pom ntawm cov tsis txhawb lossis tsis ruaj khov compiler chij xws li "-fzero-call-used-regs" hauv clang.
  • Txhawm rau txwv cov cai ntawm cov txheej txheem sshd, cov qauv ntawm OpenSolaris uas txhawb nqa getpflags() interface siv PRIV_XPOLICY hom hloov PRIV_LIMIT.

Tau qhov twg los: opennet.ru

Ntxiv ib saib