Mushure memwedzi mitanhatu yebudiriro, kuburitswa kweOpenSSH 8.9, mutengi akavhurika uye kusetwa kwesevha yekushanda pamusoro peSSH 2.0 uye SFTP protocol, yakaunzwa. Iyo vhezheni itsva ye sshd inogadzirisa kusagadzikana kunogona kubvumidza kupinda kusina kutenderwa. Nyaya yacho inokonzerwa nekuwanda kwehuwandu mukodhi yechokwadi, asi inogona kushandiswa chete pamwe chete nezvimwe zvikanganiso zvine musoro mukodhi.
Mune chimiro chayo chazvino, kusazvibata hakugone kushandiswa kana iyo ropafadzo yekuparadzanisa modhi yakagoneswa, sezvo kuratidzwa kwayo kwakavharwa neakasiyana macheki anoitwa mune ropafadzo yekuparadzanisa kodhi yekutevera. Ropafadzo yekuparadzanisa maitiro yakagoneswa nekusarudzika kubva 2002 kubvira OpenSSH 3.2.2, uye yanga ichisungirwa kubva pakaburitswa OpenSSH 7.5 yakaburitswa muna 2017. Pamusoro pezvo, mushanduro dzinotakurika dzeOpenSSH kutanga nekuburitswa 6.5 (2014), kusazvibata kunovharwa nekubatanidzwa pamwe nekubatanidzwa kwemareza ekudzivirira kufashukira.
Dzimwe shanduko:
- Iyo inotakurika vhezheni yeOpenSSH mu sshd yakabvisa tsigiro yerudzi rwehashing password uchishandisa iyo MD5 algorithm (inobvumira kubatanidza nemaraibhurari ekunze senge libxcrypt kudzoka).
- ssh, sshd, ssh-add, uye ssh-agent shandisa subsystem kurambidza kutumira uye kushandiswa kwemakiyi akawedzerwa kune ssh-agent. Iyo subsystem inokutendera iwe kuseta mitemo inotarisisa kuti uye kupi makiyi anogona kushandiswa mu ssh-agent. Semuyenzaniso, kuwedzera kiyi inongo shandiswa kutsigira chero mushandisi akabatana neanotambira scylla.example.org, mushandisi perseus kune mugamuchiri cetus.example.org, uye mushandisi medea kumugadziri charybdis.example.org nekudzokorodza kuburikidza nepakati scylla.example.org, unogona kushandisa murairo unotevera: $ ssh-add -h "[email inodzivirirwa]" \ -h "scylla.example.org" \ -h "scylla.example.org>[email inodzivirirwa]\ ~/.ssh/id_ed25519
- Mu ssh uye sshd, hybrid algorithm yakawedzerwa nekusarudzika kune KexAlgorithms runyorwa, iyo inotaridza kurongeka uko nzira dzekuchinjana dzinosarudzwa dzinosarudzwa.[email inodzivirirwa]"(ECDH/x25519 + NTRU Prime), inopesana nesarudzo pamakomputa ehuwandu. MuOpenSSH 8.9, iyi nzira yekutaurirana yakawedzerwa pakati peECDH neDH nzira, asi inorongwa kuti igoneswe nekusarudzika mukuburitswa kunotevera.
- ssh-keygen, ssh, uye ssh-agent yakagadziridza mabatirwo eFIDO token kiyi dzinoshandiswa pakuongorora mudziyo, kusanganisira makiyi eiyo biometric authentication.
- Yakawedzerwa "ssh-keygen -Y match-principals" raira ku ssh-keygen kutarisa mazita ekushandisa mune inobvumirwanamelist faira.
- ssh-add uye ssh-agent inopa kugona kuwedzera makiyi eFIDO akachengetedzwa nePIN kodhi kune ssh-agent (chikumbiro chePIN chinoratidzwa panguva yekusimbisa).
- ssh-keygen inobvumira kusarudzwa kwehashing algorithm (sha512 kana sha256) panguva yekusaina chizvarwa.
- Mu ssh uye sshd, kuti uvandudze mashandiro, data yetiweki inoverengwa yakananga mubuffer yemapaketi anouya, ichipfuura yepakati buffering pane stack. Kuiswa kwakananga kweiyo data yakagamuchirwa muchiteshi buffer kunoitwa nenzira yakafanana.
- Mune ssh, iyo PubkeyAuthentication dhairekitori yakawedzera rondedzero yeanotsigirwa paramita (hongu|kwete|isina kusungwa|yakasungwa-yakasungwa) kupa kugona kusarudza iyo protocol yekuwedzera yekushandisa.
Mukuburitswa kweramangwana, tinoronga kushandura kusarudzika kwescp utility kushandisa SFTP pachinzvimbo chenhaka SCP/RCP protocol. SFTP inoshandisa nzira dzinofanotaurwa dzekubata mazita uye haishandise ganda kugadzirisa eglob mapatani mumazita emafaira kune rimwe divi remugamuchiri, izvo zvinogadzira matambudziko ekuchengetedza. Kunyanya, kana uchishandisa SCP neRCP, sevha inosarudza kuti ndeapi mafaera uye madhairekitori ekutumira kune mutengi, uye mutengi anongotarisa kurongeka kwemazita echinhu chakadzoserwa, icho, kana pasina cheki chaiyo padivi revatengi, inobvumira server kuendesa mamwe mazita emafaira akasiyana neakakumbirwa. Iyo SFTP protocol haina matambudziko aya, asi haitsigire kuwedzera kwenzira dzakakosha senge "~/". Kugadzirisa mutsauko uyu, kuburitswa kwapfuura kweOpenSSH kwakaunza itsva SFTP protocol yekuwedzera kune ~/ uye ~ mushandisi/ nzira muSFTP server kuita.
Source: opennet.ru