Bayan wata hudu na cigaba ƙaddamar da sabon salo na OpenSSH 8.4, abokin ciniki mai buɗewa da aiwatar da sabar don SSH 2.0 da SFTP.
A cikin sabon sigar ya fito don kasancewa cikakkiyar aiwatar 100% na yarjejeniyar SSH 2.0 kuma ban da haɗawa da canje-canje a cikin tallafi don sftp uwar garken da abokin ciniki, har ma ga FIDO, Ssh-keygen da wasu canje-canje.
Babban sabon fasali na OpenSSH 8.4
Ssh-wakili yanzu ya tabbatar da cewa za a sanya hannu a saƙon ta amfani da hanyoyin SSH lokacin amfani da maɓallan FIDO waɗanda ba a samar da su ba don tabbatarwar SSH (ID ɗin maɓalli ba ya fara da kirtani "ssh:").
Canji ba zai ba da izinin tura ssh-wakili zuwa rundunonin nesa waɗanda ke da maɓallan FIDO ba don toshe ikon amfani da waɗannan maɓallan don ƙirƙirar sa hannu don buƙatun tabbatarwar yanar gizo (in ba haka ba, lokacin da mai bincike zai iya sa hannu kan buƙatar SSH, an cire shi da farko saboda amfani da kari kafin "ssh:" a cikin maɓallin ganewa).
- ssh-keygen, lokacin samar da maɓallin zama, ya haɗa da tallafi don kayan aikin credProtect wanda aka bayyana a cikin bayanin FIDO 2.1, wanda ke ba da ƙarin kariya ga maɓallan ta hanyar buƙatar shigar da PIN kafin aiwatar da kowane aiki wanda zai iya haifar da cire mabuɗin mazaunin daga alamar.
Game da canje-canje da ke iya karya karfinsu:
Don dacewa tare da FIDO U2F, ana ba da shawarar yin amfani da labfido2 laburare na akalla da sigar 1.5.0. Yiwuwar amfani da tsofaffin ɗab'in an aiwatar da shi sashi, amma a wannan yanayin ayyuka kamar maɓallan mazaunin, buƙatar PIN da haɗin alamomi da yawa ba za su samu ba.
A cikin ssh-keygen, - a cikin tsarin bayanin tabbatarwa, wanda aka zaɓa da zaɓi yayin samar da maɓallin FIDO, an kara bayanan mai tantancewa, wanda ake buƙata don tabbatar da sa hannu na dijital.
Lokacin ƙirƙirar versionaukar hoto na OpenSSH, ana buƙatar automake yanzu don samar da rubutun sanyi da kuma fayilolin taro (idan kuna tattarawa daga fayil ɗin tar da aka buga, ba kwa buƙatar sake ginin saiti).
Supportara tallafi don maɓallan FIDO waɗanda ke buƙatar tabbacin PIN don ssh da ssh-keygen. Don samar da maɓallan tare da PIN, an ƙara zaɓi "tabbatar da buƙata" zuwa ssh-keygen. Game da amfani da waɗannan maɓallan, kafin aiwatar da aikin ƙirƙirar sa hannu, ana buƙatar mai amfani don tabbatar da ayyukansu ta shigar da lambar PIN.
A cikin sshd, a cikin tsarin izini_keys, an aiwatar da zaɓi "tabbatar da buƙata", wanda ke buƙatar amfani da damar don tabbatar da kasancewar mai amfani yayin ayyukan alama.
Sshd da ssh-keygen sun ƙara tallafi don tabbatar da sa hannu na dijital waɗanda ke bin ƙa'idodin FIDO Webauthn, wanda ke ba da damar amfani da maɓallan FIDO a masu bincike na yanar gizo.
Daga sauran canje-canjen da suka yi fice:
- Ara ssh da wakilin ssh-wakili don canjin yanayin $ SSH_ASKPASS_REQUIRE, wanda za'a iya amfani dashi don kunna ko kashe kiran ssh-askpass.
- A cikin ssh, a cikin ssh_config, a cikin umarnin AddKeysToAgent, an ƙara ikon iyakance lokacin inganci. Bayan iyakancen da aka ƙayyade ya ƙare, ana cire maɓallan ta atomatik daga ssh-agent.
- A cikin scp da sftp, ta amfani da tutar "-A", yanzu zaku iya ba da damar a bayyane kai tsaye a cikin scp da sftp ta amfani da ssh-agent (ta tsoho, ba a musanya maimaitawa ba).
- Supportara tallafi don sauya '% k' a cikin ssh config don sunan maɓallin mai masaukin baki.
- Sshd yana ba da log na farawa da ƙarshen tsarin sauke haɗin haɗi, wanda aka ƙaddara ta saitin MaxStartups.
Yadda ake girka OpenSSH 8.4 akan Linux?
Ga waɗanda suke da sha'awar iya shigar da wannan sabon sigar na OpenSSH akan tsarin su, don yanzu zasu iya yi sauke lambar tushe na wannan kuma suna yin tattara abubuwa akan kwamfutocin su.
Wannan shi ne saboda ba a haɗa sabon sigar a cikin ɗakunan manyan abubuwan rarraba Linux ba. Don samun lambar tushe, zaku iya yi daga mahada mai zuwa.
Anyi saukewar, yanzu zamu kwance kunshin tare da umarni mai zuwa:
tar -xvf budewa-8.4.tar.gz
Mun shigar da kundin adireshi:
cd bude-8.4
Y za mu iya tattarawa tare da dokokin nan masu zuwa:
./configure --prefix = / opt --sysconfdir = / sauransu / ssh sanya kafa