Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa OpenSSH 9.1

Kutulutsidwa kwa OpenSSH 9.1

Pambuyo pa miyezi isanu ndi umodzi yachitukuko, kutulutsidwa kwa OpenSSH 9.1 kwasindikizidwa, kukhazikitsidwa kotseguka kwa kasitomala ndi seva yogwira ntchito pa SSH 2.0 ndi SFTP protocol. Kutulutsidwaku kumadziwika kuti kumakhala ndi zosintha zambiri, kuphatikiza zofooka zingapo zomwe zimayambitsidwa ndi kukumbukira kukumbukira:

  • Single-byte kusefukira mu kachidindo ka SSH banner mu ssh-keyscan utility.
  • Imbani kawiri ku ntchito yaulere () ngati pangakhale cholakwika powerengera ma hashes a mafayilo mu code popanga ndi kutsimikizira siginecha ya digito mu ssh-keygen utility.
  • Imbani kawiri ku ntchito yaulere () mukamagwira zolakwika mu ssh-keysign utility.

Zosintha zazikulu:

  • Dongosolo la RequiredRSASize lawonjezedwa ku ssh ndi sshd, kukulolani kuti muwone kukula kovomerezeka kwa makiyi a RSA. Mu sshd, makiyi ang'onoang'ono adzanyalanyazidwa, ndipo mu ssh apangitsa kuti kulumikizana kuthe.
  • Mtundu wosunthika wa OpenSSH wasinthidwa kuti ugwiritse ntchito makiyi a SSH kusaina ndi ma tag mu Git.
  • Malangizo a SetEnv mu ssh_config ndi sshd_config mafayilo osintha tsopano akugwiritsa ntchito mtengo kuchokera kutchulidwa koyamba kwa kusintha kwa chilengedwe ngati kumatanthauzidwa kangapo pakukonzekera (poyamba kutchulidwa komaliza kunagwiritsidwa ntchito).
  • Mukayitana ssh-keygen utility ndi "-A" mbendera (kutulutsa mitundu yonse ya makiyi olandila omwe amathandizidwa ndi kusakhazikika), m'badwo wa makiyi a DSA, omwe sanagwiritsidwe ntchito mwachisawawa kwa zaka zingapo, amalephereka.
  • sftp-server ndi sftp gwiritsani ntchito zowonjezera "[imelo ndiotetezedwa]", kupatsa kasitomala mwayi wopempha mayina a ogwiritsa ntchito ndi gulu lolingana ndi zizindikiritso za digito (uid ndi gid). Mu sftp, kukulitsa uku kumagwiritsidwa ntchito kuwonetsa mayina powonetsa zomwe zili mu bukhu.
  • sftp-server imagwiritsa ntchito "cholozera chakunyumba" kukulitsa ~/ ndi ~user/ njira, m'malo mwazowonjezera zomwe zidanenedwa kale "[imelo ndiotetezedwa]"(chiwongolero cha "home-directory" chaperekedwa kuti chiyimitsidwe ndipo chimathandizidwa kale ndi makasitomala ena).
  • ssh-keygen ndi sshd onjezerani luso lofotokozera nthawi mu nthawi ya UTC posankha satifiketi ndi nthawi zovomerezeka, kuwonjezera pa nthawi yadongosolo.
  • sftp imalola mikangano yowonjezera kuti ifotokozedwe ndi "-D" njira (mwachitsanzo, "/usr/libexec/sftp-server -el debug3").
  • ssh-keygen imalola kugwiritsa ntchito mbendera ya "-U" (gwiritsani ntchito ssh-agent) pamodzi ndi "-Y sign" ntchito kuti mudziwe kuti makiyi achinsinsi ali ndi ssh-agent.

    Source: opennet.ru

Kuwonjezera ndemanga