Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kusintha kwa OpenSSH 9.3 ndi zosintha zachitetezo

Kusintha kwa OpenSSH 9.3 ndi zosintha zachitetezo

Kutulutsidwa kwa OpenSSH 9.3 kwasindikizidwa, kukhazikitsidwa kotseguka kwa kasitomala ndi seva yogwira ntchito pogwiritsa ntchito ma protocol a SSH 2.0 ndi SFTP. Mtundu watsopano umakonza zovuta zachitetezo:

  • Cholakwika chomveka chidapezeka mu ssh-add utility chifukwa, powonjezera makiyi a makadi anzeru kwa ssh-agent, zoletsa zomwe zidanenedwa pogwiritsa ntchito njira ya "ssh-add -h" sizinaperekedwe kwa wothandizira. Chotsatira chake, fungulo linawonjezeredwa kwa wothandizira, zomwe palibe zoletsa zomwe zinagwiritsidwa ntchito, kulola kugwirizana kokha kuchokera kwa makamu ena.
  • Chiwopsezo chadziwika mu ssh utility chomwe chingatsogolere kuwerenga deta kuchokera kumalo osungira kunja kwa buffer yomwe mwapatsidwa pokonza mayankho opangidwa mwapadera a DNS, ngati zosintha za VerifyHostKeyDNS zayatsidwa mufayilo yosinthira. Vuto liri pakukhazikitsa kokhazikika kwa getrrsetbyname() ntchito, yomwe imagwiritsidwa ntchito m'matembenuzidwe osunthika a OpenSSH opangidwa popanda kugwiritsa ntchito laibulale yakunja ya ldns (-with-ldns) komanso pamakina okhala ndi malaibulale okhazikika omwe sagwirizana ndi getrrsetbyname( ) kuitana. Kuthekera kwa kugwiritsidwa ntchito pachiwopsezo, kupatula kuyambitsa kukana ntchito kwa kasitomala wa ssh, kumayesedwa ngati kosatheka.

Kuphatikiza apo, mutha kuzindikira chiwopsezo mulaibulale ya libskey yophatikizidwa mu OpenBSD, yomwe imagwiritsidwa ntchito mu OpenSSH. Vutoli lidakhalapo kuyambira 1997 ndipo limatha kupangitsa kuti zinyalala zisefukire mukakonza mayina osankhidwa mwapadera. Zadziwika kuti ngakhale chiwonetsero cha chiwopsezocho chikhoza kuyambika patali kudzera pa OpenSSH, m'mene chiwopsezocho chilibe ntchito, chifukwa kuti chidziwonetsere chokha, dzina la wolandirayo (/etc/hostname) liyenera kukhala ndi zambiri kuposa Zilembo 126, ndipo buffer imatha kungosefukira ndi zilembo zokhala ndi ziro code ('\0').

Zosintha zopanda chitetezo zikuphatikiza:

  • Thandizo lowonjezera la "-Ohashalg=sha1|sha256" parameter ku ssh-keygen ndi ssh-keyscan kuti musankhe SSHFP nugget display algorithm.
  • sshd yawonjezera njira ya "-G" kuti muyike ndikuwonetsa kasinthidwe kogwira ntchito popanda kuyesa kuyika makiyi achinsinsi komanso osachita macheke owonjezera, omwe amakulolani kuti muwone kasinthidwe pa siteji isanachitike m'badwo waukulu ndikuyendetsa cheke ndi ogwiritsa ntchito opanda mwayi.
  • sshd imathandizira kudzipatula pa nsanja ya Linux pogwiritsa ntchito seccomp ndi seccomp-bpf system sefa njira. Mbendera za mmap, madvise ndi futex zawonjezedwa pamndandanda wama foni ololedwa.

Source: opennet.ru

Kuwonjezera ndemanga