ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa OpenSSH 9.5

Kutulutsidwa kwa OpenSSH 9.5

Kutulutsidwa kwa OpenSSH 9.5 kwasindikizidwa, kukhazikitsa kotseguka kwa kasitomala ndi seva yogwira ntchito pogwiritsa ntchito ma protocol a SSH 2.0 ndi SFTP.

Zosintha zazikulu:

  • ssh-keygen mwachisawawa imaphatikizapo m'badwo wofunikira pogwiritsa ntchito siginecha ya digito ya Ed25519, yopangidwa ndi Daniel Bernstein ndi yovomerezeka mu RFC 8709. Zikudziwika kuti makiyi a Ed25519 amathandizidwa kuyambira kutulutsidwa kwa OpenSSH 6.5 (2014) ndipo ndi yabwino chifukwa chazing'ono zawo. kukula. Nthawi yomweyo, ma signature a digito a Ed25519 ali ndi chitetezo chapamwamba kuposa ECDSA ndi DSA, ndipo amawonetsa kuthamanga kwambiri pakutsimikizira ndi kupanga siginecha. Kukaniza kwa kubera kwa Ed25519 kuli pafupifupi 2 ^ 128 (pafupifupi, kuwukira kwa Ed25519 kudzafuna 2 ^ 140 ntchito pang'ono), zomwe zimagwirizana ndi kukana kwa ma aligorivimu monga NIST P-256 ndi RSA yokhala ndi kukula kofunikira kwa ma byte 375. kapena 128-bit block cipher. Ed25519 nawonso satengeka ndi vuto la kugunda kwa hashi, ndipo samakhudzidwa ndi kuukira kwa nthawi ya cache ndi kuwukira kwapambali.
  • ssh utility yawonjezera chitetezo motsutsana ndi mayendedwe am'mbali omwe amasanthula kuchedwa pakati pa makiyi a kiyibodi kuti akonzenso zolowetsa. Kuwukira kotereku kumatengera kuti kuchedwa pakati pa makiyi polemba kumadalira komwe makiyi ali pa kiyibodi (mwachitsanzo, kuyankha polemba "F" kumakhala mwachangu kuposa polemba "Q" kapena "X", popeza kusuntha kwa zala pang'ono kumafunika kukanikiza). SSH idakhudzidwa ndi ziwonetserozi chifukwa idatumiza zambiri za munthu woyipiridwa paketi yosiyana nthawi yomweyo ikangomenya makiyi, kotero kuchedwa pakati pa kutumiza mapaketi kumalumikizidwa ndi kuchedwa pakati pa makiyi.

    Kuti mubise mawonekedwe amomwe amalowetsamo mumsewu, zida za ssh zimatumiza deta osati monga momwe zimalembedwera, koma pakanthawi kochepa (20 ms mwachisawawa). Kuphatikiza apo, kuti asokoneze omwe akuukira, kudina kopeka kumatumizidwa mwachisawawa pambuyo potumiza deta yeniyeni. Kuti mukonzekere chitetezo, gawo la "ObscureKeystrokeTiming" lawonjezedwa ku ssh_config.

  • ssh ndi sshd zimathandizira "ping@openssh.com" SSH protocol yowonjezera, yomwe imawonjezera mitundu yatsopano ya mauthenga, SSH2_MSG_PING ndi SSH2_MSG_PONG, potumiza mapaketi nthawi ndi nthawi pafupipafupi. Kuwonjezako ndikofunikira pachitetezo chomwe tatchulachi kumayendedwe apambali.
  • sshd imalola kuti malangizo a Sybsystem alembetsedwe kudzera pa Match blocks.
  • Mu sshd, malangizo a Subsystem asintha kasamalidwe ka mawu, omwe tsopano asungidwa ku malamulo ndi mikangano, zomwe zingayambitse kugwirizana ndi masinthidwe osowa kwambiri.

Source: opennet.ru

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster