ProHoster > Блог > ozi ịntanetị > Mwepụta nke OpenSSH 9.6 na mkpochapụ nke adịghị ike

Mwepụta nke OpenSSH 9.6 na mkpochapụ nke adịghị ike

Ebipụtala ntọhapụ nke OpenSSH 9.6, mmeghe mepere emepe nke onye ahịa na ihe nkesa maka iji SSH 2.0 na SFTP arụ ọrụ. Ụdị ọhụrụ ahụ na-edozi nsogbu nchekwa atọ:

  • Ọdịmma dị na protocol SSH (CVE-2023-48795, “Terrapin” ọgụ), nke na-enye ohere mwakpo MITM tụgharịa njikọ ahụ iji jiri nyocha nyocha dị ala ma gbanyụọ nchebe megide mwakpo ọwa n'akụkụ nke na-emeghachi ntinye site na nyochaa igbu oge. n'etiti igodo igodo na ahụigodo . A kọwara usoro mwakpo ahụ n'ime akụkọ akụkọ dị iche.
  • Ihe ọghọm dị na akụrụngwa ssh nke na-enye ohere iji dochie iwu shei aka ike site na iji nbanye na ụkpụrụ nnabata nwere mkpụrụedemede pụrụ iche. Enwere ike irigbu adịghị ike ahụ ma ọ bụrụ na onye mwakpo na-achịkwa nbanye na ụkpụrụ aha nnabata gafere na ssh, ProxyCommand na LocalCommand ntuziaka, ma ọ bụ “match exec” nke nwere mkpụrụedemede ọhịa dị ka%u na% h. Dịka ọmụmaatụ, enwere ike dochie nbanye na onye ọbịa na-ezighi ezi na sistemụ na-eji submodules na Git, ebe Git anaghị amachibido ịkọwapụta mkpụrụedemede pụrụ iche na onye ọbịa na aha njirimara. Ọdịmma yiri nke ahụ na-apụtakwa na libssh.
  • Enwere mperi na ssh-agent ebe, mgbe ị na-agbakwunye PKCS#11 igodo nzuzo, etinyere mmachi naanị na igodo mbụ nke akara PKCS#11 weghachiri. Okwu a anaghị emetụta igodo nzuzo oge niile, akara FIDO, ma ọ bụ igodo anaghị egbochi.

Mgbanwe ndị ọzọ:

  • Agbakwunyere nnọchi "% j" na ssh, gbasaa n'ime aha nnabata akọwapụtara site na ntuziaka ProxyJump.
  • ssh agbakwunyela nkwado maka ịtọ ChannelTimeout n'akụkụ ndị ahịa, nke enwere ike iji kwụsị ọwa anaghị arụ ọrụ.
  • Nkwado agbakwunyere maka ịgụ igodo nzuzo ED25519 na usoro PEM PKCS8 ka ssh, sshd, ssh-add na ssh-keygen (na mbụ naanị usoro OpenSSH ka akwadoro).
  • Agbakwunyela mgbakwunye protocol na ssh na sshd iji megharịa algọridim mbinye aka dijitalụ maka nyocha igodo ọha ka enwetara aha njirimara. Dịka ọmụmaatụ, iji ndọtị ahụ, ị ​​nwere ike họrọ iji algọridim ndị ọzọ gbasara ndị ọrụ site na ịkọwapụta PubkeyAcceptedAlgorithms na ngọngọ "Match user".
  • Agbakwunyere mgbakwunye protocol na ssh-add na ssh-agent iji tọọ asambodo mgbe ị na-ebunye igodo PKCS#11, na-enye ohere iji asambodo ejikọtara na igodo nzuzo PKCS#11 na ngwa OpenSSH niile na-akwado ssh-agent, ọ bụghị naanị ssh.
  • Nchọpụta emelitere nke ọkọlọtọ mkpokọta anaghị akwado ma ọ bụ akwụghị ụgwọ dịka "-fzero-call-used-regs" na clang.
  • Iji kpachie ihe ùgwù nke usoro sshd, ụdị OpenSolaris na-akwado interface getpflags() na-eji ọnọdụ PRIV_XPOLICY kama PRIV_LIMIT.

isi: opennet.ru

Tinye a comment