Mushure memwedzi mitanhatu yebudiriro, kuburitswa kweOpenSSH 9.1 kwakabudiswa, iko kuvhurwa kwemutengi uye server yekushanda pamusoro peSSH 2.0 uye SFTP protocol. Kuburitswa kwacho kunoratidzwa kunge kuine kazhinji bug inogadzirisa, kusanganisira akati wandei angangoita kusagadzikana kunokonzerwa nenyaya dzekurangarira:
- Single-byte kufashukira muSSH banner kugadzirisa kodhi mune ssh-kiyi scan utility.
- Dana kaviri kune yemahara () basa kana paine chikanganiso paunenge uchiverenga hashes emafaira ari mukodhi yekugadzira uye kuona masiginecha edhijitari mune ssh-keygen utility.
- Kufona kaviri kune yemahara () basa kana uchibata zvikanganiso mu ssh-kiyi kiyi yekushandisa.
Shanduko huru:
- Iyo InodiwaRSAize dhairekitori yakawedzerwa kune ssh uye sshd, zvichikubvumidza kuti uone hudiki hunobvumidzwa saizi yemakiyi eRSA. Mu sshd, makiyi madiki anozoregeredzwa, uye mu ssh anozokonzeresa kuti kubatana kumiswe.
- Iyo inotakurika edition yeOpenSSH yakashandurwa kuti ishandise SSH makiyi kusaina nedhijitari macommits uye ma tag muGit.
- Iyo SetEnv dhairekitori mune ssh_config uye sshd_config configuration mafaira zvino shandisa kukosha kubva kutaurwa kwekutanga kwezvakatipoteredza kushanduka kana ichitsanangurwa kanopfuura kamwe mukugadzirisa (kare kutaurwa kwekupedzisira kwakashandiswa).
- Paunenge uchidaidza ssh-keygen utility ne "-A" mureza (inogadzira marudzi ese emakiyi anotsigirwa anotsigirwa nekusarudzika), chizvarwa cheDSA kiyi, iyo isina kushandiswa nekusarudzika kwemakore akati wandei, yakadzimwa.
- sftp-server uye sftp shandisa kuwedzera "[email inodzivirirwa]", ichipa mutengi kugona kukumbira mazita emushandisi uye eboka anoenderana neyakatsanangurwa seti yedhijitari identifiers (uid uye gid). Mune sftp, iyi yekuwedzera inoshandiswa kuratidza mazita paunenge uchiratidza zviri mukati medhairekitori.
- sftp-server inoshandisa iyo "imba-dhairekitori" yekuwedzera kuwedzera ~/ uye ~ mushandisi/ nzira, imwe nzira kune yakambotaurwa yekuwedzera "[email inodzivirirwa]"(iyo" imba-dhairekitori" yekuwedzera inokurudzirwa kuti igadziriswe uye yatotsigirwa nevamwe vatengi).
- ssh-keygen uye sshd wedzera kugona kutsanangura nguva muUTC nguva zone kana uchitarisa chitupa uye kiyi yechokwadi nguva, kuwedzera kune system nguva.
- sftp inobvumira dzimwe nharo kuti dzitsanangurwe ne "-D" sarudzo (semuenzaniso, "/usr/libexec/sftp-server -el debug3").
- ssh-keygen inobvumira kushandiswa kwe "-U" mureza (shandisa ssh-agent) pamwe chete ne "-Y sign" maitiro kuona kuti makiyi epachivande anobatwa ne ssh-agent.
Source: opennet.ru