Emva kweenyanga ezintandathu zophuhliso, ukukhutshwa kwe-OpenSSH 9.1 kushicilelwe, ukuphunyezwa okuvulekileyo komxhasi kunye nomncedisi wokusebenzela i-SSH 2.0 kunye ne-SFTP protocol. Ukhupho luphawulwe njengoluqulathe uninzi lolungiso lwe-bug, kubandakanya nokuba semngciphekweni okuninzi okubangelwa yimiba yenkumbulo:
- Ukuphuphuma kwebhayithi enye kwikhowudi yokusetyenzwa kwebhena ye-SSH kusetyenziso lwe-ssh-keyscan.
- Ukufowuna kabini kwi-free () umsebenzi kwimeko yemposiso xa kubalwa i-hashes yeefayile kwikhowudi yokudala kunye nokuqinisekisa utyikityo lwedijithali kusetyenziso lwe-ssh-keygen.
- Ukufowuna kabini kwi free () umsebenzi xa uphethe iimpazamo kuphawu oluluncedo lwe-ssh-key.
Utshintsho oluphambili:
- I-RequiredRSASize Directive yongezwe kwi-ssh kunye ne-sshd, ikuvumela ukuba ubone ubuncinci bobungakanani obuvumelekileyo bamaqhosha e-RSA. Kwi-sshd, izitshixo ezincinci aziyi kuhoywa, kwaye kwi-ssh ziyakukhokelela ekuyekisweni koqhakamshelwano.
- Uhlelo oluphathwayo lwe-OpenSSH luguqulelwe ukusebenzisa izitshixo ze-SSH ukuze usayine ukuzinikela kunye neethegi kwi-Git.
- Izikhokelo ze-SetEnv kwi-ssh_config kunye ne-sshd_config iifayile zoqwalaselo ngoku zisebenzisa ixabiso ukusuka kukhankanywa lokuqala lwemeko-bume eguquguqukayo ukuba ichazwe ngaphezu kwesihlandlo esinye kuqwalaselo (ngaphambili ukukhankanywa kokugqibela kwasetyenziswa).
- Xa ubiza i-ssh-keygen utility kunye ne "-A" iflegi (ukuvelisa zonke iintlobo zezitshixo ze-host ezixhaswa ngokungagqibekanga), isizukulwana sezitshixo ze-DSA, ezingasetyenziswanga ngokungagqibekanga iminyaka emininzi, zivaliwe.
- sftp-server kwaye sftp sebenzisa ulwandiso "[imeyile ikhuselwe]", ukunika umxhasi amandla okucela amagama abasebenzisi kunye neqela ahambelana neseti echaziweyo yezazisi zedijithali (uid kunye negid). Kwi-sftp, olu lwandiso lusetyenziselwa ukubonisa amagama xa ubonisa imixholo yolawulo.
- sftp-server iphumeza βuvimba weefayili wasekhayaβ ulwandiso lokwandisa ~/ kunye ~umsebenzisi/ iindlela, enye indawo kulwandiso olucetywayo ngaphambili β[imeyile ikhuselwe]"(i"home-directory" ulwandiso lundululwe ukubekwa emgangathweni kwaye sele luxhaswe ngabanye abaxumi).
- I-ssh-keygen kunye ne-sshd yongeza ukukwazi ukucacisa ixesha kwindawo yexesha le-UTC xa umisela isatifikethi kunye namaxesha okuqinisekisa okubalulekileyo, ngaphezu kwexesha lenkqubo.
- I-sftp ivumela iimpikiswano ezongezelelweyo ukuba zichazwe ngo-"-D" ukhetho (umzekelo, "/usr/libexec/sftp-server -el debug3").
- ssh-keygen ivumela usebenziso lwe "-U" iflegi (sebenzisa i-ssh-arhente) kunye ne "-Y sign" imisebenzi ukumisela ukuba izitshixo zabucala zibanjwe yi-ssh-arhente.
umthombo: opennet.ru