Kutulutsidwa kwa OpenSSH 9.2 kwasindikizidwa, kukhazikitsidwa kotseguka kwa kasitomala ndi seva yogwira ntchito pogwiritsa ntchito ma protocol a SSH 2.0 ndi SFTP. Mtundu watsopanowu umachotsa chiwopsezo chomwe chimatsogolera kumasula kukumbukira kawiri pagawo lotsimikizira. Kutulutsidwa kwa OpenSSH 9.1 kokha ndiko kumakhudzidwa; vuto silikuwoneka m'matembenuzidwe akale.
Kuti mupange mikhalidwe yowonekera pachiwopsezo, ndikokwanira kusintha chikwangwani cha kasitomala wa SSH kukhala "SSH-2.0-FuTTYSH_9.1p1" kuti muyike mbendera "SSH_BUG_CURVE25519PAD" ndi "SSH_OLD_DHGEX", zomwe zimadalira mtundu wa SSH. kasitomala. Mukakhazikitsa mbendera izi, kukumbukira kwa buffer ya "options.kex_algorithms" kumamasulidwa kawiri - pochita do_ssh2_kex() ntchito, yomwe imatcha compat_kex_proposal(), komanso pochita do_authentication2() ntchito, yomwe imayitanitsa input_userauth_request(), mm_getpwnamallow ), copy_set_server_options() motsatira unyolo, assemble_algorithms() ndi kex_assemble_names().
Kupanga chiwopsezo chogwirira ntchito pachiwopsezo kumawonedwa ngati kosatheka, chifukwa njira yopezerapo mwayi ndiyovuta kwambiri - malaibulale amakono ogawa zokumbukira amapereka chitetezo ku kumasulidwa kawiri kukumbukira, ndipo njira yolembera pomwe cholakwikacho chilipo chimakhala ndi mwayi wocheperako. chilengedwe cha sandbox.
Kuphatikiza pa chiwopsezo chodziwika, kutulutsidwa kwatsopanoku kumakonzansonso zina ziwiri zachitetezo:
- Cholakwika chidachitika pokonza zosintha za "PermitRemoteOpen", zomwe zimapangitsa kuti mkangano woyamba unyalanyazidwe ngati ukusiyana ndi "aliyense" ndi "palibe". Vutoli limapezeka m'matembenuzidwe atsopano kuposa OpenSSH 8.7 ndipo limapangitsa kuti chekecho chidumphe pomwe chilolezo chimodzi chokha chatchulidwa.
- Wowukira yemwe amayang'anira seva ya DNS yogwiritsidwa ntchito kuthetsa mayina amatha kusintha zilembo zapadera (mwachitsanzo, "*") m'mafayilo odziwika bwino ngati CanonicalizeHostname ndi CanonicalizePermittedCNAMEs zosankha zayatsidwa pakusinthidwe, ndipo wokonza makinawo sayang'ana kulondola kwa mayankho kuchokera ku seva ya DNS. Kuwukiraku sikutheka chifukwa mayina omwe abwezedwa akuyenera kufanana ndi zomwe zafotokozedwa kudzera mu CanonicalizePermittedCNAMEs.
Zosintha zina:
- Kukonzekera kwa EnableEscapeCommandline kwawonjezedwa ku ssh_config kwa ssh kuti ayang'anire ngati kachitidwe ka kasitomala ka "~C" katsatidwe kakuthawa komwe kamapereka mzere wolamula wayatsidwa. Mwachikhazikitso, "~C" kugwira ntchito tsopano kwayimitsidwa kugwiritsa ntchito kudzipatula kwa sandbox, komwe kungathe kuphwanya makina omwe amagwiritsa ntchito "~C" potumiza doko panthawi yothamanga.
- Lamulo la ChannelTimeout lawonjezedwa ku sshd_config kwa sshd kuti ikhazikitse nthawi yopuma ya tchanelo (njira zomwe palibe magalimoto ojambulidwa munthawi yomwe yafotokozedwa mu malangizowo azingotsekedwa). Nthawi zosiyanasiyana zimatha kukhazikitsidwa pagawo, X11, wothandizira, ndi kuwongolera magalimoto.
- Malangizo a UnusedConnectionTimeout awonjezedwa ku sshd_config kwa sshd, kukulolani kuti muyike nthawi yothetsa maulumikizidwe a kasitomala omwe akhala opanda njira zogwira ntchito kwa nthawi inayake.
- Njira ya "-V" yawonjezedwa ku sshd kuti iwonetse mtunduwo, wofanana ndi njira yofananira mu kasitomala wa ssh.
- Onjezani mzere "Host" pazotulutsa za "ssh -G", kuwonetsa kufunikira kwa mkangano wa dzina la alendo.
- Njira ya "-X" yawonjezedwa ku scp ndi sftp kuwongolera magawo a protocol a SFTP monga kukula kwa buffer ndi kuchuluka kwa zopempha zomwe zikudikirira.
- ssh-keyscan imalola kusanthula ma adilesi athunthu a CIDR, mwachitsanzo "ssh-keyscan 192.168.0.0/24".
Source: opennet.ru