Kev tso tawm ntawm OpenSSH 9.2 tau tshaj tawm, qhib kev siv ntawm tus neeg siv khoom thiab cov neeg rau zaub mov rau kev ua haujlwm siv SSH 2.0 thiab SFTP raws tu qauv. Tus tshiab version tshem tawm qhov tsis txaus ntseeg uas ua rau muaj kev tso tawm ob npaug ntawm lub cim xeeb ntawm theem ua ntej kev lees paub. Tsuas yog OpenSSH 9.1 tso tawm raug cuam tshuam; qhov teeb meem tsis tshwm sim hauv cov ntawv ua ntej.
Txhawm rau tsim cov xwm txheej rau qhov tshwm sim ntawm qhov tsis zoo, nws txaus los hloov SSH tus neeg siv banner rau "SSH-2.0-FuTTYSH_9.1p1" txhawm rau txhawm rau teeb tsa tus chij "SSH_BUG_CURVE25519PAD" thiab "SSH_OLD_DHGEX", uas nyob ntawm qhov version ntawm SSH tus neeg siv khoom. Tom qab teeb tsa cov chij no, lub cim xeeb rau "options.kex_algorithms" tsis yog tso tawm ob zaug - thaum ua tiav cov haujlwm do_ssh2_kex(), uas hu rau compat_kex_proposal(), thiab thaum ua tiav cov haujlwm do_authentication2(), uas hu rau input_userauth_getpllow(), mm. ), copy_set_server_options() raws cov saw, assemble_algorithms() thiab kex_assemble_names().
Tsim kom muaj kev ua haujlwm rau kev ua haujlwm tsis zoo yog suav tias tsis zoo, txij li cov txheej txheem kev siv dag zog dhau los - niaj hnub nco kev faib cov tsev qiv ntawv muab kev tiv thaiv ob npaug ntawm kev tso lub cim xeeb, thiab cov txheej txheem ua ntej uas qhov yuam kev tam sim no khiav nrog txo cov cai nyob rau hauv ib qho kev sib cais. sandbox ib puag ncig.
Ntxiv nrog rau qhov tsis txaus ntseeg tau sau tseg, qhov kev tso tawm tshiab tseem kho ob qhov teeb meem kev nyab xeeb ntxiv:
- Ib qho yuam kev tshwm sim thaum ua qhov "PermitRemoteOpen" teeb tsa, ua rau thawj qhov kev sib cav tsis pom zoo yog tias nws txawv ntawm qhov tseem ceeb "ib yam" thiab "tsis muaj". Qhov teeb meem tshwm sim nyob rau hauv cov versions tshiab dua OpenSSH 8.7 thiab ua rau daim tshev raug hla thaum tsuas yog ib qho kev tso cai tau teev tseg.
- Tus neeg tawm tsam tswj hwm DNS server siv los daws cov npe tuaj yeem ua tiav qhov kev hloov pauv ntawm cov cim tshwj xeeb (piv txwv li, "*") rau hauv cov ntaub ntawv paub_hosts yog tias CanonicalizeHostname thiab CanonicalizePermittedCNAMEs kev xaiv tau qhib rau hauv kev teeb tsa, thiab tus neeg daws teeb meem tsis kuaj xyuas qhov tseeb ntawm cov lus teb los ntawm DNS server. Qhov kev tawm tsam yog qhov tsis zoo vim tias cov npe xa rov qab yuav tsum ua raws li cov xwm txheej tau teev tseg los ntawm CanonicalizePermittedCNAMEs.
Lwm yam kev hloov pauv:
- Ib qho kev teeb tsa EnableEscapeCommandline tau ntxiv rau ssh_config rau ssh los tswj seb tus neeg siv-sab ua haujlwm ntawm "~C" kev khiav tawm uas muab cov kab hais kom ua tau qhib. Los ntawm lub neej ntawd, "~C" tuav tam sim no tsis muaj peev xwm siv kev sib cais sandbox nruj dua, muaj feem cuam tshuam cov tshuab uas siv "~C" rau qhov chaw nres nkoj xa tawm ntawm lub sijhawm khiav.
- Cov lus qhia ChannelTimeout tau muab ntxiv rau sshd_config rau sshd los teeb tsa lub sijhawm tsis ua haujlwm ntawm lub sijhawm (txoj kev uas tsis muaj tsheb thauj mus los rau lub sijhawm teev hauv cov lus qhia yuav raug kaw). Cov sijhawm sib txawv tuaj yeem teem caij rau kev sib tham, X11, tus neeg sawv cev, thiab kev hloov tsheb thauj mus los.
- Cov lus qhia UnusedConnectionTimeout tau muab ntxiv rau sshd_config rau sshd, tso cai rau koj los teem sijhawm rau kev txiav cov neeg siv khoom sib txuas uas tsis muaj kev sib txuas rau ib lub sijhawm.
- Qhov kev xaiv "-V" tau ntxiv rau sshd los tso saib cov version, zoo ib yam li cov kev xaiv zoo sib xws hauv ssh tus neeg siv khoom.
- Ntxiv cov kab "Host" rau cov zis ntawm "ssh -G", uas qhia txog tus nqi ntawm hostname sib cav.
- Qhov kev xaiv "-X" tau ntxiv rau scp thiab sftp los tswj SFTP raws tu qauv tsis xws li daim ntawv tsis pub loj thiab tus naj npawb ntawm cov kev thov tseem tos.
- ssh-keyscan tso cai luam theej duab tag nrho CIDR chaw nyob, piv txwv li "ssh-keyscan 192.168.0.0/24".
Tau qhov twg los: opennet.ru