ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa kwe-OpenSSH 9.1

Ukukhutshwa kwe-OpenSSH 9.1

Emva kweenyanga ezintandathu zophuhliso, ukukhutshwa kwe-OpenSSH 9.1 kushicilelwe, ukuphunyezwa okuvulekileyo komxhasi kunye nomncedisi wokusebenzela i-SSH 2.0 kunye ne-SFTP protocol. Ukhupho luphawulwe njengoluqulathe uninzi lolungiso lwe-bug, kubandakanya nokuba semngciphekweni okuninzi okubangelwa yimiba yenkumbulo:

  • Ukuphuphuma kwebhayithi enye kwikhowudi yokusetyenzwa kwebhena ye-SSH kusetyenziso lwe-ssh-keyscan.
  • Ukufowuna kabini kwi-free () umsebenzi kwimeko yemposiso xa kubalwa i-hashes yeefayile kwikhowudi yokudala kunye nokuqinisekisa utyikityo lwedijithali kusetyenziso lwe-ssh-keygen.
  • Ukufowuna kabini kwi free () umsebenzi xa uphethe iimpazamo kuphawu oluluncedo lwe-ssh-key.

Utshintsho oluphambili:

  • I-RequiredRSASize Directive yongezwe kwi-ssh kunye ne-sshd, ikuvumela ukuba ubone ubuncinci bobungakanani obuvumelekileyo bamaqhosha e-RSA. Kwi-sshd, izitshixo ezincinci aziyi kuhoywa, kwaye kwi-ssh ziyakukhokelela ekuyekisweni koqhakamshelwano.
  • Uhlelo oluphathwayo lwe-OpenSSH luguqulelwe ukusebenzisa izitshixo ze-SSH ukuze usayine ukuzinikela kunye neethegi kwi-Git.
  • Izikhokelo ze-SetEnv kwi-ssh_config kunye ne-sshd_config iifayile zoqwalaselo ngoku zisebenzisa ixabiso ukusuka kukhankanywa lokuqala lwemeko-bume eguquguqukayo ukuba ichazwe ngaphezu kwesihlandlo esinye kuqwalaselo (ngaphambili ukukhankanywa kokugqibela kwasetyenziswa).
  • Xa ubiza i-ssh-keygen utility kunye ne "-A" iflegi (ukuvelisa zonke iintlobo zezitshixo ze-host ezixhaswa ngokungagqibekanga), isizukulwana sezitshixo ze-DSA, ezingasetyenziswanga ngokungagqibekanga iminyaka emininzi, zivaliwe.
  • I-sftp-server kunye ne-sftp ziphumeza "users-groups-by-id@openssh.com" ulwandiso, oluvumela umxhasi ukuba acele amagama abasebenzisi kunye neqela elihambelana neseti echaziweyo yezazisi zedijithali (uid kunye ne-gid). Kwi-sftp olu lwandiso lusetyenziselwa ukubonisa amagama xa udwelisa imixholo yolawulo.
  • I-sftp-server iphumeza "uluhlu lwasekhaya" ulwandiso lokwandisa i ~/ kunye ne ~umsebenzisi/ iindlela, enye indlela yolwandiso lwe "expand-path@openssh.com" olucetywe ngaphambili ngeenjongo ezifanayo (ulwandiso "lwe-home-directory" lwalucetyelwe ukubekwa emgangathweni kwaye sele luxhaswe ngabanye abaxumi).
  • I-ssh-keygen kunye ne-sshd yongeza ukukwazi ukucacisa ixesha kwindawo yexesha le-UTC xa umisela isatifikethi kunye namaxesha okuqinisekisa okubalulekileyo, ngaphezu kwexesha lenkqubo.
  • I-sftp ivumela iimpikiswano ezongezelelweyo ukuba zichazwe ngo-"-D" ukhetho (umzekelo, "/usr/libexec/sftp-server -el debug3").
  • ssh-keygen ivumela usebenziso lwe "-U" iflegi (sebenzisa i-ssh-arhente) kunye ne "-Y sign" imisebenzi ukumisela ukuba izitshixo zabucala zibanjwe yi-ssh-arhente.

    umthombo: opennet.ru