OpenSSH 8.5 inosvika neKugadziridzaHostKeys, kugadzirisa uye nezvimwe

Mushure memwedzi mishanu yekukura, kuburitswa kweOpenSSH 8.5 kunoratidzwa pamwe nazvo Vagadziri veOpenSSH vakayeuka iko kuchinjisa kuri kuuya kuchikamu cheakagwinya algorithms anoshandisa SHA-1 hashes, nekuda kwekugona kukuru kwekurovera kurwisa nechakapihwa chirevo chekutanga (mutengo wesarudzo yekusangana unofungidzirwa kungangoita zviuru makumi mashanu zvemadhora).

Mune imwe yeshanduro dzinotevera, ronga kudzima nekutadza kugona kushandisa iyo yeruzhinji kiyi yedhijitari siginicha algorithm "ssh-rsa", iyo inotaurwa mune yekutanga RFC yeiyo SSH protocol uye ichiri kushandiswa zvakanyanya mukuita.

Kuti unyatso shandura shanduko kune itsva algorithms muOpenSSH 8.5, iyo yekumisikidza KwidziridzoHostKeys inogoneswa nekutadza, chii inokubvumidza iwe kushandura otomatiki vatengi kune mamwe akavimbika algorithms.

Uku kuseta kunogonesa yakasarudzika protocol yekuwedzera "hostkeys@openssh.com", iyo inobvumidza sevha, mushure mekupfuudza chokwadi, kuzivisa mutengi nezveese aripo makiyi evaenzi. Mutengi anogona kuratidza aya makiyi mune yavo ~ / .ssh / known_hosts faira, iyo inogonesa kuronga host kiyi inogadziridza uye inoita kuti zvive nyore kuchinja makiyi pane server.

Ukuwo, gadzirisa kushushikana kunokonzerwa nekusunungura zvekare iyo yakatosunungurwa memory memory nzvimbo mune ssh-mumiriri. Dambudziko rave pachena kubvira kuburitswa kweOpenSSH 8.2 uye inogona kushandiswa kana murwisi achiwana ssh mumiriri socket pane yemuno system. Kuomesa zvinhu, mudzi chete uye mushandisi wepakutanga ndiye anowana socket. Iyo ingangoitika mamiriro ekurwisa kuri kuendesa iye mumiririri kuaccount inodzorwa neanorwisa, kana kunzvimbo inomiririra uko iye anorwisa ane midzi yekuwana.

Uyewo, sshd yakawedzera dziviriro kubva kuhukuru kwazvo paramende ichipfuura iine zita rekushandisa kuPAM subsystem, iyo inobvumidza kuvharidzira kusagadzikana mumamojule ePAM system (Plugable Yekusimbisa Module). Semuenzaniso, shanduko inodzivirira sshd kubva pakushandiswa sevheji yekushandisa ichangoburwa midzi kutambura muSolaris (CVE-2020-14871).

Kune chikamu cheshanduko dzinogona kuputsa kuenderana zvinotaurwa izvo ssh uye sshd vakashandisazve nzira yekuyedza yekuchinjana kiyi iyo inopokana nekurwiswa nechisimba kurwisa pane yakawanda quantum komputa.

Maitiro anoshandiswa akavakirwa paNTRU Prime algorithm yakagadzirirwa post-quantum cryptosystems uye iyo X25519 elliptic curve kiyi nzira yekuchinjana. Panzvimbo pe sntrup4591761x25519-sha512@tinyssh.org, iyo nzira yave kuzivikanwa sntrup761x25519-sha512@openssh.com (sntrup4591761 algorithm yakatsiviwa ne sntrup761).

Pane dzimwe shanduko dzinobuda pachena:

  • Mu ssh uye sshd, marongero ekushambadzira akatsigira siginicha yedigital algorithms yakachinjwa. Yekutanga ikozvino ED25519 panzvimbo yeECDSA.
  • Mu ssh uye sshd, TOS / DSCP QoS marongero ezvikamu zvekudyidzana izvozvi zvagadzwa zvisati zvatanga kubatana kweTCP
  • Ssh uye sshd varega kutsigira rijndael-cbc@lysator.liu.se encryption, iyo yakafanana ne aes256-cbc uye yakashandiswa pamberi pe RFC-4253.
  • Ssh, nekugamuchira kiyi nyowani yekutambira, inoona kuti ese mazita evaiti uye IP kero dzakabatana nekiyi inoratidzwa.
  • Mu ssh yemakiyi eFIDO, chikumbiro chakadzokororwa chePIN chinopihwa kana paine kukundikana mune siginicha yedhijitari nekuda kwePIN isiriyo uye kushaikwa kwechikumbiro chePIN kubva kumushandisi (semuenzaniso, pazvaisakwanisika kuwana chaiyo biometric data uye chishandiso manyore zvakare kuisa PIN).
  • Sshd inowedzera rutsigiro rwekuwedzera system yekufona kune seccomp-bpf-based sandboxing mashini muLinux.

Maitiro ekuisa OpenSSH 8.5 paLinux?

Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.

Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane iyo kodhi kodhi, iwe unogona kuita kubva chinotevera chinongedzo.

Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera

tar -xvf inovhura-8.5.tar.gz

Isu tinopinda dhairekitori rakagadzirwa:

cd anovhura-8.5

Y tinogona kuumbiridza ne inotevera mirairo:

./configure --prefix = / opt --sysconfdir = / etc / ssh inogadzira gadzira

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako