qhov teeb meem tshiab , compact MIT-licensed SSH server thiab cov neeg siv khoom siv feem ntau ntawm cov tshuab kos xws li wireless routers. Dropbear yog tus cwj pwm los ntawm kev siv lub cim xeeb tsawg (thaum kev sib txuas nrog uClibc nws tsuas yog siv li 110kB), lub peev xwm los lov tes taw kev ua haujlwm tsis tsim nyog ntawm theem tsim, thiab txhawb kev tsim cov neeg siv khoom thiab cov neeg rau zaub mov hauv ib cov ntaub ntawv ua tiav, zoo ib yam li busybox. Dropbear txhawb nqa X11 xa mus, yog sib xws nrog OpenSSH cov ntaub ntawv tseem ceeb (~/.ssh/authorized_keys) thiab tuaj yeem tsim ntau qhov kev sib txuas nrog kev xa mus los ntawm tus tswv tsev.
Π :
- Ntxiv kev txhawb nqa rau Ed25519 digital kos npe algorithm hauv hostkeys thiab authorized_keys.
- Ntxiv kev txhawb nqa rau cov txheej txheem kev lees paub raws li ChaCha20 kwj cipher thiab Poly1305 cov lus lees paub qhov tseeb tsim los ntawm Daniel Bernstein.
- Ntxiv kev txhawb nqa rau rsa-sha2 digital kos npe hom, uas, vim qhov kawg ntawm sha-1 kev txhawb nqa, yuav sai sai no yuav tsum tau ua rau OpenSSH (cov yuam sij RSA uas twb muaj lawm yuav tuaj yeem ua haujlwm nrog cov hom tshiab yam tsis hloov hostkeys/authorized_keys).
- Qhov kev siv ntawm curve25519 tau raug hloov los ntawm ib qho kev sib cog lus ntau dua los ntawm TweetNaCl qhov project.
- Ntxiv kev txhawb nqa rau AES GCM (disabled los ntawm lub neej ntawd).
- Disabled los ntawm lub neej ntawd yog CBC ciphers, 3DES, hmac-sha1-96, thiab x11 xa mus.
- daws teeb meem kev sib raug zoo nrog IRIX OS.
- Ntxiv API los qhia cov yuam sij pej xeem ncaj qha es tsis txhob siv cov ntawv tso cai_keys.
- Vulnerability kho nyob rau hauv SCP , uas tso cai rau hloov txoj cai nkag mus rau lub hom phiaj directory thaum tus neeg rau zaub mov xa rov qab cov npe nrog lub npe khoob lossis lub sijhawm. Thaum tau txais cov lus txib "D0777 0 \n" lossis "D0777 0 .\n" los ntawm tus neeg rau zaub mov, tus neeg siv tau hloov pauv txoj cai nkag mus rau cov npe tam sim no.
Tau qhov twg los: opennet.ru