Date: 8 months ago   Category: Hi-Tech

OpenSSH 7.8 release


After five months of development the release of OpenSSH 7.8 open for realization of the client and the server for work on the SSH 2.0 and SFTP protocols is presented.

Main innovations: In ssh-keygen transition to use by default of the OpenSSH format for storage of the closed keys, instead of the PEM format offered in OpenSSL is carried out. The OpenSSH format provides the best protection against search of passwords and supports placement of comments in the closed keys. For use of the PEM format it is obviously necessary to start ssh-keygen with an option "now - m PEM" at generation or updating of a key; In sshd the built-in support of multiple-factor authentication of S/Key (for use of S/Key it is necessary to use external realization through PAM or BSD auth now) is removed; The ssh code is cleaned from components for performance in the setuid mode. The attempt of start of ssh leads to an exit with a mistake conclusion now if on the executable file the flag of setuid is set or if uid isn't equal to effective uid; Semantics of the options PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes for sshd in which it is necessary to specify also an algorithm of formation of the digital signature, primenyamy for authentication now Is changed (for example, "rsa-sha2-256" or "rsa-sha2-512"); The priority of processing of variables of an environment for sshd Is changed: ~ / .ssh/environment and options environment=". ." in files of authorized_keys don't redefine the variable environments of SSH_* which are obviously set for sshd now; IPQoS for ssh/sshd is By default changed: for interactive traffic DSCP AF21, and is applied now to package inquiries of CS1; New algorithms of digital signatures "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" which indicate the need of use only of RSA/SHA2 during authentication Are presented; The feature for obvious definition of the list of the resolved environment variables for sshd set through the option PermitUserEnvironment which allowed to resolve or forbid the user variable environments only in a general view earlier Is added; In sshd_config the new directive PermitListen and also the similar option "permitlisten=" is added to authorized_keys which allow to define the IP address and port for reception of connections at remote redirection of traffic (ssh - R); Protection against the attack allowing remote attacking is added to define whether there is a user with this name in system. The method of the attack is based on the difference of behavior when processing request for authentication for the existing and unknown user. Attacking can send an incorrect request to authentication (for example, to send the damaged package), in case of absence of the user in system performance of the userauth_pubkey function came to the end with sending the answer of SSH2_MSG_USERAUTH_FAILURE at once. If the user is present at system, there was a failure by a call of the sshpkt_get_u8 function and the server just silently closed connection. For counteraction to the similar attacks the casual delay in a size 5-9ms added at any failure of authentication is also added; For sshd реализо

URL:




Today

just now

On April 18 at the Moscow movie theater "Russia" the ceremony of opening of the 41st Moscow international Film Festival was held. The festival which was traditionally taking place in the beginning of...

just now

The match began at very slow speed without special sharpness from both teams. In the first 25 minutes the goalkeeper of Jerónimo Rulla who over and over again left gate and intercepted banal giving of...

just now

On Friday, April 19, on a debate between Poroshenko and Zelensky there was a lot of talk on the Governor of Chechnya Kadyrov. The current president of Ukraine reproached Zelensky that like, that, alle...

just now

Epic Games started the World Cup in Fortnite: Battle Royale in which everyone can take part. Now there passes the stage of open online tournaments: every weekend - one short competition with prize fun...

just now

After "Country" reported that Vlada Karpenko, the wife of the radical people's deputy Igor Mosiychuk brought down the scooter driver near Kiev, the politician admitted about the road accident event. A...

just now

The joint mission for a research of the satellite of Earth can begin in 2023. In the center of researches of the Moon and space of the Chinese national space administration said that China plans res...

just now

Lofans costs less than 2 thousand rubles and has distinctive functions, analysts say. the Xiaomi Company released in Celestial Empire the steam wireless Lofans iron. There is a novelty about 30 doll...

just now

They say that to see a rainbow - a good sign which foretells happiness. Residents of our city will be able shortly to check effectiveness of this sign on themselves. So, recently in our city recorded...