Date: 3 months ago   Category: Hi-Tech

OpenSSH 7.8 release


After five months of development the release of OpenSSH 7.8 open for realization of the client and the server for work on the SSH 2.0 and SFTP protocols is presented.

Main innovations: In ssh-keygen transition to use by default of the OpenSSH format for storage of the closed keys, instead of the PEM format offered in OpenSSL is carried out. The OpenSSH format provides the best protection against search of passwords and supports placement of comments in the closed keys. For use of the PEM format it is obviously necessary to start ssh-keygen with an option "now - m PEM" at generation or updating of a key; In sshd the built-in support of multiple-factor authentication of S/Key (for use of S/Key it is necessary to use external realization through PAM or BSD auth now) is removed; The ssh code is cleaned from components for performance in the setuid mode. The attempt of start of ssh leads to an exit with a mistake conclusion now if on the executable file the flag of setuid is set or if uid isn't equal to effective uid; Semantics of the options PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes for sshd in which it is necessary to specify also an algorithm of formation of the digital signature, primenyamy for authentication now Is changed (for example, "rsa-sha2-256" or "rsa-sha2-512"); The priority of processing of variables of an environment for sshd Is changed: ~ / .ssh/environment and options environment=". ." in files of authorized_keys don't redefine the variable environments of SSH_* which are obviously set for sshd now; IPQoS for ssh/sshd is By default changed: for interactive traffic DSCP AF21, and is applied now to package inquiries of CS1; New algorithms of digital signatures "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" which indicate the need of use only of RSA/SHA2 during authentication Are presented; The feature for obvious definition of the list of the resolved environment variables for sshd set through the option PermitUserEnvironment which allowed to resolve or forbid the user variable environments only in a general view earlier Is added; In sshd_config the new directive PermitListen and also the similar option "permitlisten=" is added to authorized_keys which allow to define the IP address and port for reception of connections at remote redirection of traffic (ssh - R); Protection against the attack allowing remote attacking is added to define whether there is a user with this name in system. The method of the attack is based on the difference of behavior when processing request for authentication for the existing and unknown user. Attacking can send an incorrect request to authentication (for example, to send the damaged package), in case of absence of the user in system performance of the userauth_pubkey function came to the end with sending the answer of SSH2_MSG_USERAUTH_FAILURE at once. If the user is present at system, there was a failure by a call of the sshpkt_get_u8 function and the server just silently closed connection. For counteraction to the similar attacks the casual delay in a size 5-9ms added at any failure of authentication is also added; For sshd реализо

URL:




Today

just now

Oil with a fat content less than 82.5% there. the Food industry develops prompt rates, every day on shelves of shops new products appear - they are stored longer, look more attractive, and smell as!...

just now

The soccer national team of Ukraine arrived in Slovakia where already on Friday, November 16, will play a match of the League of Nations against the local national team. Flight lasted an hour and a ha...

just now

Life accessories - easy-to-use, in tone to November, in cool light of the autumn sun. For example, in Chanel jack boots on flat the course infinitely long wants to walk on the autumn wood, the leather...

just now

Earlier the head Eppla criticized the company for "trade in personal data of users". according to The New York Times, the head of Facebook Mark Zuckerberg demanded from heads of the company to use o...

just now

Activists of the Profstazhirovki project of ONF organized 400 excursions for school students from 83 regions of Russia within the stock "Week in a Profession", the press service of ANO Russia-strana v...

just now

Physicians told fresh information on the state of health of the Ukrainian arm wrestler Oleg Zhokh who suffered in road accident and is in the Rivne central city hospital. The athlete actually is not i...

just now

In Strasbourg the Big chamber of the European Court of Human Rights made the decision on the claim of the oppositional politician Alexei Navalny against the Russian Federation. The court recognized as...

just now

As transfers The Daily Mail, the way allowing to get rid from toxic deposits of protein in a brain (Levi's little bodies) was found. These deposits do harm to neurons, causing death of nervous cages. came Under the spotlight molecule USP13. She does not allow an organism to distinguish Levi's little bodies as an aggressive element. Therefore, if...