Pambuyo pa miyezi itatu ya chitukuko
Kutulutsidwa kwatsopano kumawonjezera chitetezo ku ziwopsezo za scp zomwe zimalola seva kuti idutse mafayilo ena kuposa omwe adafunsidwa (kusiyana ndi
Izi, polumikizana ndi seva yoyendetsedwa ndi wowukira, zitha kugwiritsidwa ntchito kusunga mayina ena afayilo ndi zina zomwe zili mu FS ya wogwiritsa ntchito pokopera pogwiritsa ntchito scp pamasinthidwe omwe amalepheretsa kuyimba foni (mwachitsanzo, nthawi ikaletsedwa ndi ndondomeko ya SELinux kapena fyuluta yoyimba foni) . Kuthekera kwa kuukiridwa kwenikweni kukuyerekezeredwa kukhala kochepa, chifukwa m'makonzedwe anthawi zonse kuyimba kwa utimes sikulephera. Kuphatikiza apo, kuwukirako sikudziwika - poyimba scp, cholakwika chosinthira deta chikuwonetsedwa.
Zosintha zonse:
- Mu sftp, kukonza kwa mkangano wa "-1" kwayimitsidwa, mofanana ndi ssh ndi scp, zomwe zinavomerezedwa kale koma sizinanyalanyazidwe;
- Mu sshd, pogwiritsira ntchito IgnoreRhosts, tsopano pali zosankha zitatu: "inde" - kunyalanyaza ma rhosts / shosts, "ayi" - kulemekeza ma rhosts / shosts, ndi "shosts-only" - kulola ".shosts" koma kulepheretsa ".rhosts";
- Ssh tsopano imathandizira %TOKEN kulowetsa m'malo mwa LocalFoward ndi RemoteForward omwe amagwiritsidwa ntchito kuwongolera soketi za Unix;
- Lolani kutsitsa makiyi apagulu kuchokera pafayilo yosalembetsedwa ndi kiyi yachinsinsi ngati palibe fayilo yosiyana ndi kiyi yapagulu;
- Ngati libcrypto likupezeka mu dongosolo, ssh ndi sshd tsopano amagwiritsa ntchito kukhazikitsidwa kwa chacha20 aligorivimu kuchokera ku laibulale iyi, m'malo mwa kukhazikitsidwa kunyamula zomangidwa, zomwe zimatsalira kumbuyo;
- Kutha kutaya zomwe zili pamndandanda wamabizinesi omwe adachotsedwa popereka lamulo la "ssh-keygen -lQf /path";
- Mtundu wonyamulika umagwiritsa ntchito matanthauzidwe a makina omwe ma siginecha okhala ndi njira ya SA_RESTART amasokoneza magwiridwe antchito;
- Mangani mavuto pa machitidwe a HP/UX ndi AIX athetsedwa;
- Kuthetsa mavuto pomanga sandbox ya seccomp pamasinthidwe ena a Linux;
- Kusintha kwa laibulale ya libfido2 ndikuthana ndi zovuta zomanga ndi "----security-key-builtin".
Madivelopa a OpenSSH adachenjezanso za kuwonongeka komwe kukubwera kwa ma algorithms pogwiritsa ntchito SHA-1 hashes chifukwa cha
Kuti musinthe kusintha kwa ma aligorivimu atsopano mu OpenSSH, m'tsogolomu zosintha za UpdateHostKeys zidzayatsidwa mwachisawawa, zomwe zimasamutsa makasitomala ku ma algorithms odalirika. Ma aligorivimu omwe akulimbikitsidwa kusamuka akuphatikiza rsa-sha2-256/512 kutengera RFC8332 RSA SHA-2 (yothandizidwa kuyambira OpenSSH 7.2 ndipo imagwiritsidwa ntchito mosakhazikika), ssh-ed25519 (yothandizidwa kuyambira OpenSSH 6.5) ndi ecdsa-sha2-nistp256/384 based pa RFC521 ECDSA (yothandizidwa kuyambira OpenSSH 5656).
Potulutsidwa komaliza, "ssh-rsa" ndi "diffie-hellman-group14-sha1" achotsedwa pamndandanda wa CASignatureAlgorithms womwe umatanthawuza ma aligorivimu omwe amaloledwa kusaina ziphaso zatsopano, popeza kugwiritsa ntchito SHA-1 mu satifiketi kumabweretsa chiopsezo china. chifukwa chakuti wowukirayo ali ndi nthawi yopanda malire kuti afufuze kugunda kwa satifiketi yomwe ilipo, pomwe nthawi yowukira makiyi olandila imachepetsedwa ndi nthawi yolumikizira (LoginGraceTime).
Source: opennet.ru