Ho lokolloa ha OpenSSH 9.2 ho phatlalalitsoe, ts'ebetsong e bulehileng ea moreki le seva bakeng sa ho sebetsa ho sebelisa liprothokholo tsa SSH 2.0 le SFTP. Phetolelo e ncha e felisa ho ba kotsing e lebisang ho lokolloa ha mohopolo habeli sethaleng sa ho netefatsa pele. Ke tokollo ea OpenSSH 9.1 feela e amehang; bothata ha bo hlahe liphetolelong tsa pejana.
Ho theha maemo bakeng sa ponahalo ea tlokotsi, ho lekane ho fetola banner ea SSH ho "SSH-2.0-FuTTYSH_9.1p1" e le hore u behe lifolakha "SSH_BUG_CURVE25519PAD" le "SSH_OLD_DHGEX", tse itšetlehileng ka mofuta oa SSH. moreki. Kamora ho beha lifolakha tsena, memori ea "options.kex_algorithms" buffer e lokolloa habeli - ha ho etsoa do_ssh2_kex() ts'ebetso, e bitsang compat_kex_proposal(), le ha e etsa mosebetsi oa do_authentication2(), o bitsang input_userauth_request(), mm_getpwnamallow ), copy_set_server_options() hammoho le ketane , assemble_algorithms() le kex_assemble_names().
Ho theha ts'ebetso ea ts'ebetso bakeng sa tlokotsi ho nkoa e le ntho e ke keng ea etsahala, kaha ts'ebetso ea tlhekefetso e rarahane haholo - lilaebrari tsa sejoale-joale tsa kabo ea memori li fana ka tšireletso khahlano le ho lokolloa ha mohopolo habeli, mme ts'ebetso ea pre-auth moo phoso e leng teng e tsamaisana le litokelo tse fokotsehileng sebakeng se ka thoko. tikoloho ea sandbox.
Ntle le ts'ireletso e hlokomelehang, tokollo e ncha e boetse e lokisa litaba tse ling tse peli tsa ts'ireletso:
- Phoso e etsahetse ha ho sebetsoa "PermitRemoteOpen", e leng se etsang hore khang ea pele e hlokomolohuoe haeba e fapana le boleng "leha e le efe" le "none". Bothata bo hlaha liphetolelong tse ncha ho feta OpenSSH 8.7 mme e etsa hore cheke e tlosoe ha tumello e le 'ngoe e boletsoeng.
- Motho ea hlaselang ea laolang seva sa DNS se sebelisetsoang ho rarolla mabitso a ka khona ho fetolela litlhaku tse ikhethileng (mohlala, "*") ho lifaele tse tsebahalang_hosts haeba CanonicalizeHostname le CanonicalizePermittedCNAMEs likhetho li lumelletsoe ho hlophisoa, 'me mohlophisi oa sistimi ha a hlahlobe ho nepahala ha likarabo ho tsoa ho seva sa DNS. Tlhaselo ha e nkoe e le teng hobane mabitso a khutlisitsoeng a tlameha ho lumellana le maemo a boletsoeng ka CanonicalizePermittedCNAMEs.
Liphetoho tse ling:
- Setlhophiso sa EnableEscapeCommandline se kentsoe ho ssh_config bakeng sa ssh ho laola hore na ts'ebetso ea lehlakore la bareki ea "~C" ea tatelano ea phonyoho e fanang ka mohala oa taelo e lumelletsoe. Ka nako e sa lekanyetsoang, "~C" ts'ebetso e se e koetsoe ho sebelisa ho itšehla thajana ho thata, ho ka senyang litsamaiso tse sebelisang "~C" bakeng sa phetisetso ea boema-kepe nakong ea ts'ebetso.
- Taelo ea ChannelTimeout e kenyelelitsoe ho sshd_config bakeng sa sshd ho beha nako ea ho se sebetse ha mocha (liteishene tseo ho seng sephethephethe se rekotiloeng bakeng sa nako e boletsoeng ho taelo e tla koaloa ka bo eona). Linako tse fapaneng li ka hlophisoa bakeng sa seshene, X11, moemeli, le phetiso ea sephethephethe.
- Taelo ea UnusedConnectionTimeout e kentsoe ho sshd_config bakeng sa sshd, e u lumellang hore u behe nako ea ho felisa likhokahano tsa bareki tse neng li se na likanale tse sebetsang ka nako e itseng.
- Khetho ea "-V" e kentsoe ho sshd ho bonts'a mofuta, joalo ka khetho e ts'oanang ho moreki oa ssh.
- E kentse mohala "Host" ho tlhahiso ea "ssh -G", e bonts'ang boleng ba khang ea lebitso la moamoheli.
- Khetho ea "-X" e kentsoe ho scp le sftp ho laola liparamente tsa protocol tsa SFTP joalo ka boholo ba buffer ea kopi le palo ea likopo tse emetseng.
- ssh-keyscan e lumella ho hlahlojoa ha liaterese tse feletseng tsa CIDR, mohlala "ssh-keyscan 192.168.0.0/24".
Source: opennet.ru