Date: 4 weeks ago   Category: Hi-Tech

OpenSSH 7.8 release


After five months of development the release of OpenSSH 7.8 open for realization of the client and the server for work on the SSH 2.0 and SFTP protocols is presented.

Main innovations: In ssh-keygen transition to use by default of the OpenSSH format for storage of the closed keys, instead of the PEM format offered in OpenSSL is carried out. The OpenSSH format provides the best protection against search of passwords and supports placement of comments in the closed keys. For use of the PEM format it is obviously necessary to start ssh-keygen with an option "now - m PEM" at generation or updating of a key; In sshd the built-in support of multiple-factor authentication of S/Key (for use of S/Key it is necessary to use external realization through PAM or BSD auth now) is removed; The ssh code is cleaned from components for performance in the setuid mode. The attempt of start of ssh leads to an exit with a mistake conclusion now if on the executable file the flag of setuid is set or if uid isn't equal to effective uid; Semantics of the options PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes for sshd in which it is necessary to specify also an algorithm of formation of the digital signature, primenyamy for authentication now Is changed (for example, "rsa-sha2-256" or "rsa-sha2-512"); The priority of processing of variables of an environment for sshd Is changed: ~ / .ssh/environment and options environment=". ." in files of authorized_keys don't redefine the variable environments of SSH_* which are obviously set for sshd now; IPQoS for ssh/sshd is By default changed: for interactive traffic DSCP AF21, and is applied now to package inquiries of CS1; New algorithms of digital signatures "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" which indicate the need of use only of RSA/SHA2 during authentication Are presented; The feature for obvious definition of the list of the resolved environment variables for sshd set through the option PermitUserEnvironment which allowed to resolve or forbid the user variable environments only in a general view earlier Is added; In sshd_config the new directive PermitListen and also the similar option "permitlisten=" is added to authorized_keys which allow to define the IP address and port for reception of connections at remote redirection of traffic (ssh - R); Protection against the attack allowing remote attacking is added to define whether there is a user with this name in system. The method of the attack is based on the difference of behavior when processing request for authentication for the existing and unknown user. Attacking can send an incorrect request to authentication (for example, to send the damaged package), in case of absence of the user in system performance of the userauth_pubkey function came to the end with sending the answer of SSH2_MSG_USERAUTH_FAILURE at once. If the user is present at system, there was a failure by a call of the sshpkt_get_u8 function and the server just silently closed connection. For counteraction to the similar attacks the casual delay in a size 5-9ms added at any failure of authentication is also added; For sshd реализо

URL:




Today

just now

The auction house of Aguttes will put up for sale the single existing copy of the AC Aceca-Bristol grand tourer of a sample of 1959 belonging personally to the head of the AC Cars company Charles Harl...

just now

The KAMAZ leasing company has financed purchase of Neo KAMAZ-5490 truck tractors in number of five units to the Integrated Automobile Technologies (IAT) enterprise. The last is included into structure...

just now

The girl didn't expect great interest from Andrey Kovalyov. 29-year-old Oksana Ryaska more than once tried to find the love in halls of "House-2", however, constantly the participant was left with n...

just now

On October 21, 1991 has divided history of laptops on "to" and "later". From this day, and still, all laptops in the world are under construction quite so. The era of creative search has ended as corr...

just now

It is known that already several comic books of one of the largest and most popular publishing houses DC have received the solo project. And have already chosen cast for one of them. of Kkinokompani...

just now

The spouse of the girl has lovely helped her to correct a hairstyle in fight against gusty wind. In Network video which has been shot during the picnic in honor of a release of the recipe-book of mo...

just now

The Swedish biathlonist, the Olympic champion of the Winter Olympic Games-2018 Sebastian Samuelson receives serious threats for the position concerning fight against dope. About threats which to Sam...

just now

The Russian campaign during the presidential elections of the USA of 2016 has been sent to Twitter also to 8203; & 8203; on support of weapon and the National Rifle Association (NRA) organization which advances his carrying in the United States. with "On all questions, beginning from race to health protection, the rights of women and cruelty of p...