ProHoster > Блог > ozi ịntanetị > Mwepụta nke OpenSSH 8.1

Mwepụta nke OpenSSH 8.1

Mgbe ọnwa isii nke mmepe ọkọnọ hapụ OpenSSH 8.1, onye ahịa mepere emepe na mmejuputa ihe nkesa maka ịrụ ọrụ site na SSH 2.0 na SFTP protocols.

Nlebara anya pụrụ iche na ntọhapụ ọhụrụ a bụ mkpochapụ nke adịghị ike na-emetụta ssh, sshd, ssh-add na ssh-keygen. Nsogbu a dị na koodu maka iji ụdị XMSS tụgharịa igodo nzuzo ma na-enye onye na-awakpo ohere ịkpalite integer njupụta. Akara adịghị ike ahụ dị ka ihe na-erigbu, mana ọ naghị eji ya eme ihe, ebe ọ bụ na nkwado maka igodo XMSS bụ njirimara nnwale nke ndabara nwere nkwarụ (ụdị a na-ebugharị anaghị enwe ọbụna nhọrọ nrụpụta na autoconf iji mee ka XMSS nwee ike).

Isi mgbanwe:

  • Na ssh, sshd na onye nnọchite ssh gbakwunyere koodu na-egbochi mgbake nke igodo nzuzo dị na RAM n'ihi mwakpo ọwa n'akụkụ, dịka Specter, Meltdown, Onyekwere и RAMBleed. A na-ezobe igodo nzuzo ugbu a mgbe etinyere ya na ebe nchekwa ma mebie ya naanị mgbe ejiri ya, ezoro ezoro oge fọdụrụnụ. Site na usoro a, iji nwetaghachi igodo nzuzo nke ọma, onye na-awakpo ahụ ga-ebu ụzọ nwetaghachi igodo etiti nke 16 KB na-enweghị usoro, nke a na-eji ezoro isi igodo, nke a na-atụghị anya ya nyere ọnụego mgbake mgbake nke ụdị ọgụ ọgbara ọhụrụ;
  • В ssh-keygen Nkwado nnwale agbakwunyere maka atụmatụ dị mfe maka imepụta na nyochaa mbinye aka dijitalụ. Enwere ike ịmepụta mbinye aka dijitalụ site na iji igodo SSH oge niile echekwara na diski ma ọ bụ na ssh-agent, wee nyochaa site na iji ihe yiri igodo ikike. ndepụta igodo dị irè. A na-ewunye ozi oghere n'ime mbinye aka dijitalụ iji zere mgbagwoju anya mgbe ejiri ya na mpaghara dị iche iche (dịka ọmụmaatụ, maka email na faịlụ);
  • ssh-keygen ejirila ndabara gbanwee iji rsa-sha2-512 algọridim mgbe ị na-akwado asambodo nwere mbinye aka dijitalụ dabere na igodo RSA (mgbe ị na-arụ ọrụ na ọnọdụ CA). Asambodo ndị dị otú ahụ adabaghị na mwepụta tupu OpenSSH 7.2 (iji hụ na ndakọrịta, ụdị algorithm ga-emerịrị, dịka ọmụmaatụ site na ịkpọ "ssh-keygen -t ssh-rsa -s...");
  • Na ssh, okwu ProxyCommand na-akwado mgbasawanye nke nnọchi "% n" (aha nnabata akọwapụtara na ogwe adreesị);
  • N'ime ndepụta nke algọridim nzuzo maka ssh na sshd, ị nwere ike iji agwa "^" ugbu a tinye algọridim ndabara. Dịka ọmụmaatụ, iji tinye ssh-ed25519 na ndepụta ndabara, ị nwere ike ezipụta "HostKeyAlgorithms ^ssh-ed25519";
  • ssh-keygen na-enye mmepụta nke okwu agbakwunyere na igodo mgbe ị na-ewepụ igodo ọha na nkeonwe;
  • Agbakwunyere ike iji ọkọlọtọ "-v" na ssh-keygen mgbe ị na-arụ ọrụ nyocha isi (dịka ọmụmaatụ, "ssh-keygen -vF host"), na-akọwapụta nke na-ebute mbinye aka onye ọbịa anya;
  • Agbakwunyere ike iji PKCS8 dị ka usoro ọzọ maka ịchekwa igodo nzuzo na diski. A na-aga n'ihu na-eji usoro PEM na ndabara, yana PKCS8 nwere ike ịba uru maka ịnweta ndakọrịta na ngwa ndị ọzọ.

isi: opennet.ru

Tinye a comment