Pambuyo pa miyezi isanu ndi umodzi yachitukuko, kutulutsidwa kwa OpenSSH 8.9, kasitomala wotseguka ndi kukhazikitsa kwa seva kuti agwire ntchito pa SSH 2.0 ndi ma protocol a SFTP, adawonetsedwa. Mtundu watsopano wa sshd umakonza chiwopsezo chomwe chingalole mwayi wopezeka mosavomerezeka. Nkhaniyi imayamba chifukwa cha kuchuluka kwa chiwerengero mu code yotsimikizira, koma ikhoza kugwiritsidwa ntchito pamodzi ndi zolakwika zina zomveka mu code.
M'mawonekedwe ake apano, chiwopsezocho sichingagwiritsidwe ntchito pomwe njira yolekanitsa mwayi yayatsidwa, popeza mawonekedwe ake amatsekedwa ndi macheke osiyana omwe amachitidwa mu code yotsata kulekana kwa mwayi. Njira yolekanitsa mwayi idayatsidwa mwachisawawa kuyambira 2002 kuyambira OpenSSH 3.2.2, ndipo yakhala yovomerezeka kuyambira pomwe OpenSSH 7.5 idatulutsidwa mu 2017. Kuphatikiza apo, m'matembenuzidwe osunthika a OpenSSH kuyambira ndi kutulutsidwa kwa 6.5 (2014), chiwopsezocho chimatsekedwa ndikuphatikizanso mbendera zodzitchinjiriza zosefukira.
Zosintha zina:
- Mtundu wosunthika wa OpenSSH mu sshd wachotsa thandizo lakale la mawu achinsinsi a hashing pogwiritsa ntchito algorithm ya MD5 (loleza kulumikizana ndi malaibulale akunja monga libxcrypt kubwerera).
- ssh, sshd, ssh-add, ndi ssh-agent imagwiritsa ntchito kachitidwe kakang'ono kuti aletse kutumiza ndi kugwiritsa ntchito makiyi owonjezeredwa kwa ssh-agent. Dongosololi limakupatsani mwayi wokhazikitsa malamulo omwe amatsimikizira momwe makiyi angagwiritsidwe ntchito ndi ssh-agent. Mwachitsanzo, kuwonjezera kiyi yomwe ingagwiritsidwe ntchito kutsimikizira wogwiritsa ntchito aliyense wolumikizana ndi scylla.example.org, wogwiritsa ntchito perseus ku host cetus.example.org, ndipo wogwiritsa ntchito medea ku host charybdis.example.org ndikuwongoleranso kudzera pagulu lapakati scylla.example.org, mutha kugwiritsa ntchito lamulo ili: $ ssh-add -h "[imelo ndiotetezedwa]" \ -h "scylla.example.org" \ -h "scylla.example.org>[imelo ndiotetezedwa]\ ~/.ssh/id_ed25519
- Mu ssh ndi sshd, hybrid algorithm yawonjezedwa mwachisawawa pamndandanda wa KexAlgorithms, womwe umatsimikizira dongosolo lomwe njira zazikulu zosinthira zimasankhidwa.[imelo ndiotetezedwa]"(ECDH/x25519 + NTRU Prime), kusagwirizana ndi kusankha pamakompyuta a quantum. Mu OpenSSH 8.9, njira yolankhuliranayi idawonjezedwa pakati pa njira za ECDH ndi DH, koma ikukonzekera kuti iyambitsidwe mwachisawawa pakumasulidwa kotsatira.
- ssh-keygen, ssh, ndi ssh-agent athandizira bwino makiyi a zizindikiro za FIDO omwe amagwiritsidwa ntchito potsimikizira chipangizo, kuphatikizapo makiyi otsimikizira biometric.
- Wowonjezera "ssh-keygen -Y match-principals" lamulo ku ssh-keygen kuti muwone mayina olowera mufayilo yololedwa.
- ssh-add ndi ssh-agent imapereka mwayi wowonjezera makiyi a FIDO otetezedwa ndi PIN code kwa ssh-agent (pempho la PIN likuwonetsedwa panthawi yovomerezeka).
- ssh-keygen imalola kusankha kwa hashing algorithm (sha512 kapena sha256) panthawi ya siginecha.
- Mu ssh ndi sshd, kuti muwongolere magwiridwe antchito, data ya netiweki imawerengedwa mwachindunji muzotchinga zamapaketi omwe akubwera, ndikudutsa kusungitsa kwapakatikati pa stack. Kuyika kwachindunji kwa data yomwe yalandilidwa mu buffer ya tchanelo kumakhazikitsidwa chimodzimodzi.
- Mu ssh, chitsogozo cha PubkeyAuthentication chakulitsa mndandanda wa magawo omwe amathandizidwa (inde|ayi|osamangidwa|omangidwa) kuti apereke kuthekera kosankha kuwonjezera kwa protocol kuti mugwiritse ntchito.
M'tsogolomu, tikukonzekera kusintha scp kuti tigwiritse ntchito SFTP m'malo mwa protocol ya SCP/RCP. SFTP imagwiritsa ntchito njira zodziwikiratu za kasamalidwe ka mayina ndipo sigwiritsa ntchito zipolopolo za ma globu m'mayina a fayilo kumbali ina, zomwe zimabweretsa zovuta zachitetezo. Makamaka, pogwiritsa ntchito SCP ndi RCP, seva imasankha mafayilo ndi zolemba zomwe zingatumize kwa kasitomala, ndipo kasitomala amangoyang'ana kulondola kwa mayina azinthu zomwe zabwezedwa, zomwe, pakalibe macheke oyenerera kumbali ya kasitomala, amalola seva kusamutsa mafayilo ena omwe amasiyana ndi omwe afunsidwa. Protocol ya SFTP ilibe mavutowa, koma sichirikiza kufalikira kwa njira zapadera monga "~/". Kuti athetse kusiyanaku, kutulutsidwa koyambirira kwa OpenSSH kudayambitsa kukulitsa kwa protocol ya SFTP ku ~/ ndi ~user/ njira pakukhazikitsa seva ya SFTP.
Source: opennet.ru