OpenSSH 9.8 inogadzirisa kusakwana kuviri, inoti zvakanaka kuDSA, inogadzirisa kuvandudza uye nezvimwe.

Darkcrizt

4 maminitsi

OpenSSH inopa yakapfuma seti yezvakachengeteka tunnel kugona

Iyo itsva vhezheni yeOpenSSH 9.8 yakatoburitswa uye mune iyi vhezheni itsva inounzwa haingogadzirisi njodzi. regreSSHIon (CVE-2024-6387), asi zvakare inogadzirisa kumwe kusadzika kwakakomba uye inopa shanduko dzakati wandei dzekuvandudza chengetedzo.

Pakati pekuchinja kwakakosha kunomira mushanduro itsva, semuenzaniso, iyo DSA kubviswa. Tsigiro yemasiginecha edhijitari yakavakirwa paiyo DSA algorithm hachisi chinhu chakanangana neiyo vhezheni itsva, asi nekudaro yakanga yatorongwa kuvharwa nekusarudzika mune iyi vhezheni. Urongwa hwekubvisa kuisirwa kweDSA kubva pachigadziko chekodhi huchaiswa mukutanga kwe2025 nekuda kwekusakwana kwayo kwekuchengetedza nhanho yekusangana nezviyero zvemazuva ano. Ichi chiyero chichakurudzira kuderedzwa kwerutsigiro rweDSA mune mamwe maSSH maitirwo uye cryptographic library.

Imwe yeshanduko iyo OpenSSH 9.8 inopa ndeye dziviriro pakurwisa otomatiki, sezvo itsva default dziviriro modhi yaitwa uye yaitwa kudzikisira nzira dzekubiridzira dzinoedza kumisikidza dzakawanda kubatana kune sshd. Iyi modhi zvakare inobatsira kuvharira otomatiki password kufungidzira kurwiswa nekutarisa kwakakundikana kuedza kwechokwadi uye kumisa zvisiri izvo kwemaitiro emwana. Parameters inogona kugadzirwa senge PerSourcePenalties, PerSourceNetBlockSize uye PerSourcePenaltyExemptList kuseta chikumbaridzo chekuvharira, yakavharika subnet mask, uye yakasarudzika runyorwa.

Kunze kwaizvozvo, sshd yakakamurwa kuita akati wandei akazvimirira executable. Iyo nzira sshd-session ikozvino yakaparadzaniswa kubva sshd kubata chaiwo mabasa ane chekuita neseshini kugadzirisa, uku sshd inochengetedza mabasa kugamuchira network yekubatanidza, simbisa zvigadziriso, takura makiyi ekugamuchira, uye maneja maitiro ekutanga zvichienderana neMaxStartups parameter.

Mune inotakurika vhezheni ye sshd, Mabatirwo emafaira anogadzirwa otomatiki akagadziridzwa uye inova nechokwadi chekuti dzakachengetwa kubazi reGit rine mavhezheni chaiwo (semuenzaniso, V_9_8), zvichiita kuti zvive nyore kuwiriranisa neyakasainwa tar yakagadzirwa nemapazi muGit.

Kana ari kusagadzikana kwechipiri iyo inogadzirisa OpenSSH 9.8, inotaurwa kuti izvi inobvumirwa kunzvenga dziviriro yakaitwa muOpenSSH 9.5 pakurwisa chiteshi chiteshi iyo inoongorora nguva dziri pakati pemakiyi ekiyibhodhi kuti ivakezve mapindiro. Kusagadzikana uku inokutendera iwe kusiyanisa pakati pemapakeji anoburitsa kumashure chiitiko nekutevedzera dummy keystrokes uye mapaketi anotumirwa kana makiyi chaiwo akatsikirirwa, nokudaro zvichideredza kushanda kwemeshini yekuvanza inopindirana yekupinda maficha muSSH traffic.

The data of keystrokes inogona kushandiswa mukurwisa iyo inovakazve mapindiro nekuongorora nguva dziri pakati pemakiyi ekutsikirira, ayo anosiyana zvichienderana neiyo keyboard marongerwo (somuenzaniso, mhinduro kana uchinyora vara "F" inokurumidza kupfuura kana uchinyora "Q" kana "X", nekuda kwekuiswa kiyi uye kufamba kwemunwe).

Uyewo, Zvakaonekwa kuti algorithm yakashandiswa kutumira mapaketi ane chaiwo uye dummy keystrokes zvakakanganisa kuvimbika kweimwe nzira yekudzivirira kubva pakurwisa kwenzira. Kubva pakaburitswa OpenSSH 2.9.9, sevha yakatumira mapaketi ane dummy keystrokes yekuisa console muecho shutdown mode, inoshandiswa semuenzaniso paunopinda mapassword muSUDO.

Iyo pfungwa nyowani yekutumira dummy mapaketi anotenderwa, panguva yekungoita yekuongorora traffic, kusarudza mapaketi ane chaiwo makiyi mu echo shutdown mode yekuongorora kwakasiyana. Nekudaro, iko kurongeka kweruzivo nezve nguva dziri pakati pekiyi makiyi kushoma, sezvo mapaketi haatumirwe pakarepo mushure mekunyora, asi panguva dzakatarwa (nedefault, 20 ms).

Of the Dzimwe shanduko dzakaitwa muOpenSSH 9.8, tinogona kuwana zvinotevera:

  • Yakagadziridza mavara emamwe mameseji ezvikanganiso mulog. Mazita ekugadzira akadai se "sshd-session" ave kushandiswa pachinzvimbo che "sshd" kujekesa zvirinani uye kuteedzera.
  • Iyo ssh-keyscan utility ikozvino inoburitsa hostname uye protocol vhezheni ruzivo mune yakajairwa rwizi pane STDERR. Izvo zvinobuda zvinogona kuvharwa uchishandisa iyo "-q" sarudzo.
  • Mu ssh, zvinokwanisika kudzima kudzoreredza kushandiswa kwechitupa kiyi yekugamuchira kune akareruka makiyi ekutambira uchishandisa iyo HostkeyAlgorithms kuraira.
  • Iyo inotakurika vhezheni ye sshd ikozvino inotsigira kutumira zviziviso kune systemd paunenge uchigadzira kana kutangazve yekuteerera network socket, uchishandisa yakaparadzana kodhi isingaenderane ne libsystemd raibhurari.

Chekupedzisira, kana iwe uchida kuziva zvakawanda nezvazvo, unogona kubvunza iwo maficha mu inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako