Date: 5 months ago   Category: Hi-Tech

OpenSSH 7.8 release


After five months of development the release of OpenSSH 7.8 open for realization of the client and the server for work on the SSH 2.0 and SFTP protocols is presented.

Main innovations: In ssh-keygen transition to use by default of the OpenSSH format for storage of the closed keys, instead of the PEM format offered in OpenSSL is carried out. The OpenSSH format provides the best protection against search of passwords and supports placement of comments in the closed keys. For use of the PEM format it is obviously necessary to start ssh-keygen with an option "now - m PEM" at generation or updating of a key; In sshd the built-in support of multiple-factor authentication of S/Key (for use of S/Key it is necessary to use external realization through PAM or BSD auth now) is removed; The ssh code is cleaned from components for performance in the setuid mode. The attempt of start of ssh leads to an exit with a mistake conclusion now if on the executable file the flag of setuid is set or if uid isn't equal to effective uid; Semantics of the options PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes for sshd in which it is necessary to specify also an algorithm of formation of the digital signature, primenyamy for authentication now Is changed (for example, "rsa-sha2-256" or "rsa-sha2-512"); The priority of processing of variables of an environment for sshd Is changed: ~ / .ssh/environment and options environment=". ." in files of authorized_keys don't redefine the variable environments of SSH_* which are obviously set for sshd now; IPQoS for ssh/sshd is By default changed: for interactive traffic DSCP AF21, and is applied now to package inquiries of CS1; New algorithms of digital signatures "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" which indicate the need of use only of RSA/SHA2 during authentication Are presented; The feature for obvious definition of the list of the resolved environment variables for sshd set through the option PermitUserEnvironment which allowed to resolve or forbid the user variable environments only in a general view earlier Is added; In sshd_config the new directive PermitListen and also the similar option "permitlisten=" is added to authorized_keys which allow to define the IP address and port for reception of connections at remote redirection of traffic (ssh - R); Protection against the attack allowing remote attacking is added to define whether there is a user with this name in system. The method of the attack is based on the difference of behavior when processing request for authentication for the existing and unknown user. Attacking can send an incorrect request to authentication (for example, to send the damaged package), in case of absence of the user in system performance of the userauth_pubkey function came to the end with sending the answer of SSH2_MSG_USERAUTH_FAILURE at once. If the user is present at system, there was a failure by a call of the sshpkt_get_u8 function and the server just silently closed connection. For counteraction to the similar attacks the casual delay in a size 5-9ms added at any failure of authentication is also added; For sshd реализо

URL:




Today

just now

With small men's advantage Tom Hardy, Leonardo DiCaprio and others got to the rating of celebrities. However, it only proves that women do not pay attention to penis scales, and look first of all at c...

just now

Carlos Mini won SU10, but Nasser Toyota is the absolute leader of rally marathon Dakar in a class of vnedorozhnok (CAR): the results of final stage Dakar-2019 are summed up. MOTORCYCLE RACES .RU, on...

just now

Lawyers of the International Committee of the Red Cross studied the Ukrainian legislation and did not reveal any contradictions for realization in practice of the mechanism of payment of pensions offe...

just now

Deportation from Russia of the Lviv journalist Elena Boyko who was detained at once in Ukraine on a charge of infringement of territorial integrity beats reputation of the Russian Federation. About...

just now

Lionsgate Movies published the first trailer of the blockbuster "John Wyk: Part third is the Automatic pistol". The main character - the hitman who was expelled from league of killers for several offe...

just now

Residents who reported that the unknown malefactor fraudulently enticed at them money began to address the staff of the Izmail police station. to "The Odessa public" reported about it in the press s...

just now

Cup of Spain 2018/2019, 1/8 finals, a return match of Barcelona - Levant - 3:0 (the first match - 1:2) Goals: The demobee, 30, 31, Messi, 54 to Barcelona after the first match it was necessary t...

just now

The authoritative insider of OnLeaks famous to us for the exact forecasts shared new details about iPhone 11. According to him, the future novelties will get the improved modules of cameras - and chan...