Pambuyo pa miyezi isanu ndi umodzi yokonza, OpenSSH 10.3, yomwe ndi njira yotsegulira kasitomala, yatulutsidwa. Seva Kugwiritsa ntchito ndi ma protocol a SSH 2.0 ndi SFTP. Zosintha zazikulu:
- Kufooka kwakonzedwa komwe kungalole wowukira yemwe ali ndi ulamuliro pa dzina lolowera lomwe laperekedwa poyambitsa ssh utility kuti azitha kugwiritsa ntchito malamulo a shell mosasamala. Kufooka kumeneku kumachitika pamakina omwe amagwiritsa ntchito "%u" m'malo mwa malangizo ena a fayilo yosinthira, monga "Match exec." Vutoli limayambitsidwa ndi kutsimikizika kwa zilembo zapadera mu dzina lolowera pambuyo poti %-substitutions yachitika mu fayilo yosinthira ya ssh_config.
- Vuto lachitetezo mu sshd lomwe lachitika chifukwa cha kufananiza kolakwika kwa njira ya authorized_keys principals="" ndi mndandanda wa mayina (principals) mu satifiketi pomwe mayina ali ndi "," chakonzedwa. Kugwiritsa ntchito molakwika kwa kufooka kumafuna mayina angapo omwe atchulidwa mu njira ya authorized_keys principals="" ndi CA kuti apereke satifiketi yokhala ndi mayina angapo olekanitsidwa ndi ma koma (izi siziloledwa nthawi zambiri). Khalidwe la ma satifiketi okhala ndi dzina lopanda kanthu lasinthidwa: kale, dzina lopanda kanthu linkaphimbidwa ndi njira zonse za authorized_keys principals="", koma tsopano silikuphimbidwa.
- Konzani vuto mu scp pomwe kukweza fayilo ngati mizu yokhala ndi njira ya -O komanso yopanda njira ya -p sikungachotse mbendera za setuid/setgid.
- Mu sshd, vuto logwiritsa ntchito makiyi a ECDSA mu malangizo a PubkeyAcceptedAlgorithms ndi HostbasedAcceptedAlgorithms lakonzedwa, chifukwa chake, ngati algorithm iliyonse ya ECDSA yatchulidwa (mwachitsanzo, "ecdsa-sha2-nistp384"), ma algorithm ena onse ozikidwa pa ECDSA angavomerezedwenso, ngakhale atakhala kuti sanalembedwe momveka bwino kuti ndi ovomerezeka.
- Mukalumikizana ndi othandizira a SSH, ssh ndi sshd tsopano amathandizira zozindikiritsa (ma codepoints) omwe afotokozedwa ndi IANA mu specification ya draft-ietf-sshm-ssh-agent. Chithandizo cha zozindikiritsa zomwe zidagwiritsidwa ntchito kale monga "@openssh.com" chimasungidwa.
- ssh-agent imagwiritsa ntchito "query" extension, yomwe yafotokozedwa mu draft-ietf-sshm-ssh-agent specification, yomwe imalola kudziwa mawonekedwe omwe athandizidwa ndi wothandizirayo. Njira ya "-Q" yawonjezedwa ku ssh-add utility kuti ifunse mndandanda wa ma protocol extensions omwe athandizidwa.
- Mu sshd_config, mafayilo angapo amatha kutchulidwa mu malangizo a RevokedKeys, ndipo mu ssh_config, mafayilo angapo amatha kutchulidwa mu malangizo a RevokedHostKeys.
- SSH tsopano ili ndi lamulo loti "escape" "~I" ndi njira "-O conninfo" yowonetsera zambiri zokhudza kulumikizana komwe kulipo, komanso njira "-O channels" yowonetsera zambiri zokhudza njira zotseguka.
- Mu sshd, malangizo a PerSourcePenalties tsopano akuphatikizapo njira ya 'invaliduser' yowonjezera kuchedwa (masekondi 5 okhazikika) poyesa kulowa ndi wogwiritsa ntchito yemwe salipo. Kutha kutchula kuchuluka kwa kuchedwa komwe sikuli nambala yonse kwawonjezedwa.
- Njira ya GSSAPIDelegateCredentials yawonjezedwa ku sshd kuti iwongolere kuvomereza kwa ziphaso zoperekedwa ndi kasitomala.
- ssh-keygen tsopano ikuthandizira kulemba makiyi a ED25519 mu mtundu wa PKCS8.
- Thandizo la ed25519 lolembedwa pa digito, lomwe lakhazikitsidwa kudzera mu libcrypto.
Source: opennet.ru
