Ebipụtala ntọhapụ nke OpenSSH 9.6, mmeghe mepere emepe nke onye ahịa na ihe nkesa maka iji SSH 2.0 na SFTP arụ ọrụ. Ụdị ọhụrụ ahụ na-edozi nsogbu nchekwa atọ:
- Ọdịmma dị na protocol SSH (CVE-2023-48795, “Terrapin” ọgụ), nke na-enye ohere mwakpo MITM tụgharịa njikọ ahụ iji jiri nyocha nyocha dị ala ma gbanyụọ nchebe megide mwakpo ọwa n'akụkụ nke na-emeghachi ntinye site na nyochaa igbu oge. n'etiti igodo igodo na ahụigodo . A kọwara usoro mwakpo ahụ n'ime akụkọ akụkọ dị iche.
- Ihe ọghọm dị na akụrụngwa ssh nke na-enye ohere iji dochie iwu shei aka ike site na iji nbanye na ụkpụrụ nnabata nwere mkpụrụedemede pụrụ iche. Enwere ike irigbu adịghị ike ahụ ma ọ bụrụ na onye mwakpo na-achịkwa nbanye na ụkpụrụ aha nnabata gafere na ssh, ProxyCommand na LocalCommand ntuziaka, ma ọ bụ “match exec” nke nwere mkpụrụedemede ọhịa dị ka%u na% h. Dịka ọmụmaatụ, enwere ike dochie nbanye na onye ọbịa na-ezighi ezi na sistemụ na-eji submodules na Git, ebe Git anaghị amachibido ịkọwapụta mkpụrụedemede pụrụ iche na onye ọbịa na aha njirimara. Ọdịmma yiri nke ahụ na-apụtakwa na libssh.
- Enwere mperi na ssh-agent ebe, mgbe ị na-agbakwunye PKCS#11 igodo nzuzo, etinyere mmachi naanị na igodo mbụ nke akara PKCS#11 weghachiri. Okwu a anaghị emetụta igodo nzuzo oge niile, akara FIDO, ma ọ bụ igodo anaghị egbochi.
Mgbanwe ndị ọzọ:
- Agbakwunyere nnọchi "% j" na ssh, gbasaa n'ime aha nnabata akọwapụtara site na ntuziaka ProxyJump.
- ssh agbakwunyela nkwado maka ịtọ ChannelTimeout n'akụkụ ndị ahịa, nke enwere ike iji kwụsị ọwa anaghị arụ ọrụ.
- Nkwado agbakwunyere maka ịgụ igodo nzuzo ED25519 na usoro PEM PKCS8 ka ssh, sshd, ssh-add na ssh-keygen (na mbụ naanị usoro OpenSSH ka akwadoro).
- Agbakwunyela mgbakwunye protocol na ssh na sshd iji megharịa algọridim mbinye aka dijitalụ maka nyocha igodo ọha ka enwetara aha njirimara. Dịka ọmụmaatụ, iji ndọtị ahụ, ị nwere ike họrọ iji algọridim ndị ọzọ gbasara ndị ọrụ site na ịkọwapụta PubkeyAcceptedAlgorithms na ngọngọ "Match user".
- Agbakwunyere mgbakwunye protocol na ssh-add na ssh-agent iji tọọ asambodo mgbe ị na-ebunye igodo PKCS#11, na-enye ohere iji asambodo ejikọtara na igodo nzuzo PKCS#11 na ngwa OpenSSH niile na-akwado ssh-agent, ọ bụghị naanị ssh.
- Nchọpụta emelitere nke ọkọlọtọ mkpokọta anaghị akwado ma ọ bụ akwụghị ụgwọ dịka "-fzero-call-used-regs" na clang.
- Iji kpachie ihe ùgwù nke usoro sshd, ụdị OpenSolaris na-akwado interface getpflags() na-eji ọnọdụ PRIV_XPOLICY kama PRIV_LIMIT.
isi: opennet.ru