Uhlobo olusha lweklayenti elincanyana le-SSH lifika, iDropbear 2020.7

Darkcrizt

Imizuzu ye-4

Muva nje kukhishwe inguqulo entsha yeseva ezacile neklayenti le-SSH "iDropbear 2020.79", Eqokomisa ukusetshenziswa okuthile kwama-algorithm amasha wesiginesha yedijithali, kanye nezinye izivumelwano ezintsha.

Kulabo abangajwayele iDropbear, kufanele bazi ukuthi lena yiphakheji yesoftware leyo ihlinzeka ngeseva ehambisana ne-Secure Shell neklayenti. Kuyinto yakhelwe esikhundleni se-OpenSSH okujwayelekile kwezindawo ezinemithombo ephansi yememori neprosesa, njengamasistimu ashumekiwe. Kuyingxenye esemqoka ye-OpenWrt nokunye ukusatshalaliswa kwe-router.

Mayelana neDropbear

Le phakheji isatshalaliswa ngaphansi kwelayisense ye-MIT. I-Dropbear ebonakala ngokusetshenziswa kwememori ephansi (ngesixhumanisi esimile ku-eClibc esidinga kuphela i-110kB), amandla okukhubaza ukusebenza okungadingekile esigabeni sokuhlanganiswa, nokusekelwa kokuhlanganisa iklayenti neseva kufayela elisebenzisekayo, elifana ne-busybox.

I-Dropbear isekela ukuqondiswa kabusha kwe-X11, isekela ifayela lokhiye le-OpenSSH (~ / .ssh / Authorizedkeys) futhi ingadala ukuxhumana okuningi ngokudlulisa nge-host ye-passthrough.

I-Dropbear isebenzisa umthetho olandelwayo ogcwele weSSH version 2 kuwo womabili amaklayenti neseva. Akuhambisani nenguqulo 1 yokuhambisana nokubuyela emuva kwe-SSH ukonga isikhala nezinsizakusebenza, nokugwema ukuba sengozini kwezokuphepha okuvela kuhlobo lwe-SSH nakho kuyasetshenziswa.

Ukusekelwa kwe-SFTP kusekelwe kufayela kanambambili elinganikezwa yi-OpenSSH noma izinhlelo ezifanayo. I-FISH isebenza noma kanjani futhi iyahambisana ne-Konqueror.

Izindaba eziyinhloko zeDropbear 2020.79

Kule nguqulo entsha, kuyabonakala Isixazululo sengozi ye-CVE-2018-20685, eyayilungiswe ku-SCP, okuyi kuvunyelwe ukushintsha amalungelo okufinyelela kumkhombandlela wendawo lapho iseva ibuyisa inkomba enegama elingenalutho noma isikhathi. Lapho sithola umyalo "D0777 0 \ n" noma "D0777 0. \ N" kusuka kuseva, iklayenti lisebenzise ushintsho lwamalungelo okufinyelela enkombeni yamanje.

Ngokuqondene nezinguquko ezethulwe, singakuthola lokho kungezwe ukusekelwa kwe-algorithm yesiginesha yedijithali ye-Ed25519 kukhiye wokusingathwa nokhiye abagunyaziwe.

Kungeziwe ukusekelwa kwe-ChaCha20 stream encryption algorithm based authentication protocol kanye nokuqinisekiswa komyalezo wePoly1305 okwenziwe nguDaniel Bernstein.

Kanye ne ukusekelwa kwefomethi yesiginesha ye-rsa-sha2 digital, okuthi, ngenxa yokumiswa kokuxhaswa kwe-ssh-1, maduze kuzoba yisibopho se-OpenSSH (okhiye be-RSA abakhona bangasebenza namafomethi amasha ngaphandle kokushintsha okhiye bokubamba / okhiye_ukhiye).

Kwezinye izinguquko okwethulwe kule nguqulo entsha:

  • Ukuqaliswa kwejikave25519 kuthathelwe indawo yinguqulo ehlanganiswe kakhudlwana yephrojekthi yeTweetNaCl.
  • Kungezwe ukusekelwa kwe-AES GCM (kukhutshazwe ngokuzenzakalela).
  • I-CBC, i-3DES, i-hmac-sha1-96, ne-x11 yokuqondisa kabusha ama-cipher akhutshaziwe ngokuzenzakalela.
  • Izingqinamba ezihambisanayo zokuhambisana nohlelo lokusebenza lwe-IRIX.
  • Kungezwe i-API ukucacisa okhiye abasesidlangalaleni ngqo esikhundleni sokusebenzisa amakhekhe_agunyaziwe.

Ekugcineni, uma unentshisekelo yokwazi kabanzi ngakho, ungabheka imininingwane yalokhu kwethulwa ngesihloko Kulandelayo isixhumanisi

Ungayifaka kanjani iDropbear kuLinux?

Kulabo abanentshisekelo yokukwazi ukufaka le phakheji kusistimu yabo, kufanele bakwazi lokho inguqulo yamanje itholakala kuphela kukhodi yomthombo ukulanda nokuhlanganiswa.

Uma ufuna ukuzihlanganisa, ungathola ikhodi yomthombo kusuka ku- isixhumanisi esilandelayo.

Noma, kubalulekile futhi ukukusho lokho iphakethe lingaphakathi kokunye ukusatshalaliswa kweLinux, okungeke kuthathe isikhathi eside ukuthi ivuselelwe (indaba yezinsuku).

Endabeni yalabo abangabasebenzisi be-Arch Linux, kanye nokuphuma kwayo (njengeManjaro, Arco Linux, ArchBang, Netrunner, njll).

Bangakwazi ukufaka iphakheji ngqo kusuka ezinqolobaneni ze-Arch Linux, ungakwenza lokhu ngokuthayipha umyalo olandelayo:

sudo pacman -S dropbear

Endabeni ye I-Debian, Ubuntu kanye nokuphuma kwalokhu:

sudo apt install dropbear

Endabeni yalabo abakhona Abasebenzisi beFedora:

sudo dnf install dropbear


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   U-Alfredo Pons Menargues kusho
    kwenza iminyaka 4

    Sawubona,

    isihloko asilungile. IDropbear yiseva ezacile, hhayi iklayenti.

    Ukubingelela

    Phendula u-Alfredo Pons Menargues