OpenSSH 8.5 ifika ndi UpdateHostKeys, kukonza ndi zina zambiri

Mdima wamdima | | Kusinthidwa pa | ofunsira

Palibe ndemanga

Pambuyo miyezi isanu chitukuko, kutulutsidwa kwa OpenSSH 8.5 kumayambitsidwa pamodzi ndi zomwe Otsatsa a OpenSSH amakumbukira kusunthidwa komwe kukubwera m'gulu lazinthu zosagwira ntchito zomwe zimagwiritsa ntchito ma SHA-1 hashes, chifukwa cha kuwombana kwamphamvu ndi chiwonetsero choyambirira (mtengo wosankha kugunda ukuyerekeza pafupifupi madola zikwi 50).

Mu mtundu umodzi wotsatira, konzani kulepheretsa mwachisawawa kuthekera kogwiritsa ntchito makina osindikizira a digito "ssh-rsa", zomwe zimatchulidwa mu RFC yoyambirira ya SSH protocol ndipo imagwiritsidwabe ntchito kwambiri pochita.

Pofuna kusinthira kusintha kwatsopano mu OpenSSH 8.5, kasinthidwe UpdateHostKeys imathandizidwa mwachisawawa, chani limakupatsani kusinthana basi makasitomala ma aligorivimu odalirika.

Kukhazikitsa kumeneku kumathandizira kufutukula kwapadera kwa "hostkeys@openssh.com", komwe kumalola seva, ikadatha kutsimikizika, kudziwitsa kasitomala zamakiyi onse omwe amapezeka. Wogula amatha kuwonetsa makiyi awa mu fayilo yake ya ~ / .ssh / known_hosts, yomwe imathandizira kukonza zosintha zazikulu ndikusungitsa makiyi pa seva.

Koma, Konzani chiopsezo chomwe chimayambitsidwa ndikumasuliranso kukumbukira komwe kumasulidwa kale mu ssh-wothandizila. Vutoli lakhala likuwonekera kuyambira kutulutsidwa kwa OpenSSH 8.2 ndipo itha kugwiritsidwa ntchito ngati wowombayo ali ndi mwayi wolumikizira ssh wothandizila pakadali pano. Pofuna kusokoneza zinthu, muzu ndi wogwiritsa ntchito woyambirira ndi omwe amakhala ndi chingwecho. Zomwe zikuchitika kwambiri ndikuwongolera wothandizirayo ku akaunti yoyang'aniridwa ndi wotsutsayo, kapena kwa wolandila komwe womenyerayo ali ndi mwayi wofikira.

Komanso, sshd yawonjezera chitetezo kumatenda akulu kwambiri osadutsa ndi dzina lolowera ku gawo la PAM, lomwe imalola kuletsa kufooka kwama module a PAM (Module Yotsimikizika Yosungika). Mwachitsanzo, kusinthaku kumalepheretsa sshd kuti isagwiritsidwe ntchito ngati vekitala kuti igwiritse ntchito zovuta zomwe zadziwika posachedwa ku Solaris (CVE-2020-14871).

Pazosintha zomwe zitha kusokoneza kutchulidwa kuti ssh ndi sshd agwiritsanso ntchito njira yoyesera yosinthira yomwe imagonjetsedwa ndi zida zopanda pake pamakompyuta a quantum.

Njira yomwe imagwiritsidwa ntchito idakhazikitsidwa ndi NTRU Prime algorithm idapangidwa kuti izikhala ndi ma cryptosystem aposachedwa kuchuluka kwake ndi njira yosinthira makiyi a X25519 elliptic curve. M'malo sntrup4591761x25519-sha512@tinyssh.org, njirayi tsopano yadziwika kuti sntrup761x25519-sha512@openssh.com (sntrup4591761 algorithm yasinthidwa ndi sntrup761).

Pazosintha zina zomwe zikuwonekera:

  • Mu ssh ndi sshd, dongosolo la kutsatsa lothandizidwa ndi siginecha ya digito lasinthidwa. Yoyamba tsopano ndi ED25519 m'malo mwa ECDSA.
  • Mu ssh ndi sshd, mayikidwe a TOS / DSCP QoS azigawo zokambirana tsopano akhazikitsidwa asanakhazikitse kulumikizana kwa TCP.
  • Ssh ndi sshd asiya kuthandiza rijndael-cbc@lysator.liu.se kubisa, komwe kuli kofanana ndi aes256-cbc ndipo kudagwiritsidwa ntchito RFC-4253 isanakwane.
  • Ssh, polola kiyi watsopano wokhala nawo, amaonetsetsa kuti mayina onse okhala ndi ma adilesi a IP okhudzana ndi kiyi akuwonetsedwa.
  • Mu ssh ya mafungulo a FIDO, pempho lobwereza PIN limaperekedwa ngati kulephera kwa siginecha ya digito kuli chifukwa cha PIN yolakwika komanso kusowa kwa pempho la PIN kuchokera kwa wogwiritsa ntchito (mwachitsanzo, pomwe sizinali zotheka kupeza biometric yolondola data ndi chipangizocho chidalowetsanso PIN).
  • Sshd ikuwonjezera kuthandizira kwamayendedwe owonjezera pamakina a seccomp-bpf-based sandboxing ku Linux.

Momwe mungayikitsire OpenSSH 8.5 pa Linux?

Kwa iwo omwe ali ndi chidwi chofuna kukhazikitsa mtundu watsopano wa OpenSSH pamakina awo, pakuti tsopano akhoza kutero kutsitsa nambala yachinsinsi ya izi ndi akupanga kuphatikiza pamakompyuta awo.

Izi ndichifukwa choti mtundu watsopanowu sunaphatikizidwe m'malo osungira zinthu zazikulu za Linux. Kuti mupeze nambala yoyambira, mungachite kuchokera ulalo wotsatirawu.

Ndachita kutsitsa, tsopano tikutsitsa phukusi ndi lamulo lotsatira:

tar -xvf yotsegula-8.5.tar.gz

Timalowetsa chikwatu chomwe chidapangidwa:

cd yotsegulira-8.5

Y tikhoza kulemba ndi malamulo awa:

./configure --prefix = / opt --sysconfdir = / etc / ssh pangani kukhazikitsa

Zomwe zili m'nkhaniyi zikutsatira mfundo zathu za malamulo okonzekera. Kuti mufotokoze cholakwika dinani Apa.

Khalani oyamba kuyankha

Siyani ndemanga yanu

Anu email sati lofalitsidwa. Amafuna minda amalembedwa ndi *

*

*

  1. Wotsogolera pazosankhazi: Miguel Ángel Gatón
  2. Cholinga cha deta: Control SPAM, kasamalidwe ka ndemanga.
  3. Kukhazikitsa: Kuvomereza kwanu
  4. Kulumikizana kwa zomwe zafotokozedwazo: Zomwezo siziziwululidwa kwa anthu ena kupatula pakukakamizidwa mwalamulo.
  5. Zosunga: Zosungidwa ndi Occentus Networks (EU)
  6. Ufulu: Nthawi iliyonse mutha kuchepetsa, kuchira ndikuchotsa zidziwitso zanu.