La Uguqulelo lwe-OpenSSH 10.0 ngoku iyafumaneka ngenani lophuculo olubalulekileyo olunxulumene nokhuseleko, i-post-quantum cryptography kunye nokusebenza kakuhle kwenkqubo. Oku kusungulwa kubonisa inyathelo elibalulekileyo elibhekiselele ekomelezeni iziseko zonxibelelwano ezikhuselekileyo ngokuchasene nezoyikiso zangoku nezexesha elizayo. Ngaphaya koko, le nkqubela phambili igxininisa ukubaluleka kokuhambisana ne ufihlo kunye nezixhobo zokhuseleko kwihlabathi letekhnoloji elisoloko livela.
I-OpenSSH, enye yezona zinto zisetyenziswa kakhulu kwi-SSH esetyenziswayo kwihlabathi liphela, iyaqhubeka nokuguquka ukuze iqhelane nemingeni emitsha kwi-cybersecurity. Ngeli xesha, inguqulo ye-10.0 ayilungisi kuphela iimpazamo, kodwa yazisa utshintsho lwesakhiwo kunye ne-cryptographic ezinokuchaphazela abalawuli benkqubo kunye nabaphuhlisi ngokufanayo.
I-OpenSSH 10.0 yomeleza ukhuseleko lwe-cryptographic
Esinye sezona zigqibo ziphawulekayo Susa ngokupheleleyo inkxaso ye-DSA (i-Digital Signature Algorithm) ye-algorithm yesiginitsha, esele iphelelwe lixesha kwaye ithathwa njengesengozini yokuhlaselwa kwanamhlanje. I-OpenSSH yayisele irhoxisiwe, kodwa isaxhaswa, nto leyo emele umngcipheko ongeyomfuneko.
Ngokumalunga notshintshiselwano olungundoqo, I-algorithm ye-post-quantum ye-hybrid ikhethwe ngokungagqibekanga: mlkem768x25519-sha256. Olu kudibanisa ludibanisa iskimu se-ML-KEM (esilungelelanisiweyo yi-NIST) kunye ne-X25519 elliptic curve, enikezela ukuchasana nokuhlaselwa kwekhompyutheni ye-quantum ngaphandle kokuncama ukusebenza kakuhle kwiinkqubo zangoku. Olu tshintsho lubeka i-OpenSSH njengovulindlela ekwamkeleni iindlela ze-cryptographic ezilungiselelwe ixesha le-post-quantum.
I-OpenSSh 10.0 iyila ngokutsha uyilo loqinisekiso
Enye yezona nkqubela phambili zobugcisa kodwa ezifanelekileyo yi Ukwahlulwa kwekhowudi enoxanduva loqinisekiso lwexesha lexesha kwibinary entsha ebizwa ngokuba yi "sshd-auth". Olu lungiso lunciphisa ngokufanelekileyo indawo yokuhlaselwa phambi kokuba ungqinisiso lugqitywe, njengoko ibhinari entsha iqhuba ngokuzimeleyo kwinkqubo ephambili.
Ngolu tshintsho, usetyenziso lwenkumbulo lukwalungisiwe, njengoko ikhowudi yokuqinisekisa ikhutshelwa xa sele isetyenzisiwe, ukuphucula ukusebenza kakuhle ngaphandle kokuphazamisa ukhuseleko.
Inkxaso yeFIDO2 kunye nokuphuculwa koqwalaselo
I-OpenSSH 10.0 nayo yandisa inkxaso yeethokheni zokuqinisekisa zeFIDO2, ukwazisa amandla amatsha okuqinisekisa iiblobhu zobungqina beFIDO. Nangona olu setyenziso lusekwinqanaba lovavanyo kwaye alufakwanga ngokungagqibekanga, lumele inyathelo eliya kungqinisiso olomeleleyo nolusemgangathweni kwiimeko zangoku.
Olunye ulongezo oluphawulekayo yi ubhetyebhetye olukhulu kwiinketho zoqwalaselo ezingqamene nomsebenzisi. Iikhrayitheriya zokuthelekisa ezichane ngakumbi zinokuchazwa ngoku, kuvunyelwa imithetho yegranular engaphezulu malunga nokuba kusetyenziswe nini kwaye njani uqwalaselo oluthile lwe-SSH okanye lweSFTP. Kulo mxholo, ukuvela kwamaqonga afana I-OpenSSH 9.0 imisela umzekelo obalulekileyo kuqwalaselo lwezi zixhobo.
Ukuphucula uguqulelo oluntsonkothileyo
Ngokumalunga noguqulelo oluntsonkothileyo lwedatha, Ukusetyenziswa kwe-AES-GCM ibekwe phambili kwi-AES-CTR, isigqibo esiphucula zombini ukhuseleko kunye nokusebenza kuqhagamshelwano olufihliweyo. Ngaphandle kwale nto, I-ChaCha20/Poly1305 ihlala iyi-algorithm ye-encryption ekhethiweyo, ngenxa yokusebenza kwayo okuphezulu kwizixhobo ezingenayo i-hardware ye-acceleration ye-AES.
Olunye utshintsho lobugcisa kunye neprotocol
Ngaphaya kokhuseleko, Utshintsho luye lwaziswa kulawulo lweseshoni, kunye nokuphuculwa kokuchongwa kohlobo lweseshoni esebenzayo. Olu hlengahlengiso lujolise ekwenzeni inkqubo ilungelelanise ngakumbi kunxibelelwano oluhlukeneyo kunye neemeko zokusetyenziswa.
Ngaphezu koko, kuye kwenziwa ulungelelwaniso lokuphatheka kwekhowudi kunye nokugcinwa, njengentlangano engcono yokusingatha imodyuli yeefayile zeparameter ye-cryptographic (imoduli), iququzelele ukuhlaziywa kwexesha elizayo kunye nophicotho.
Ukulungiswa kwebug kunye nokusebenziseka
Njengakuko nakuphi na ukukhutshwa okukhulu, i-OpenSSH 10.0 idibanisa izilungiso ezahlukeneyo zebug ingxelo ngabasebenzisi okanye efunyenwe kuphicotho lwangaphakathi. Enye yeempazamo ezilungisiweyo inxulumene no "DisableForwarding" ukhetho, olungakhange luvale ngokuchanekileyo i-X11 kunye nokuthunyelwa kwe-arhente, njengoko kubonisiwe kumaxwebhu asemthethweni.
Uphuculo lwenziwe kwakhona kwi ujongano lomsebenzisi ukuze ufumane amava ahambelanayo, kubandakanywa ukufunyanwa kweseshoni okanye xa usebenzisa izicwangciso ezithile. Ezi nkcukacha, nangona zobugcisa, zinempembelelo ngokuthe ngqo ekuzinzeni nasekuthembekeni kwesofthiwe kwiindawo zokuvelisa.
Enye ingcaciso ephawulekayo yile inkangeleko yesixhobo somgca womyalelo, nangona ikwisigaba sovavanyo, ijolise ekuqinisekiseni amabhlobhu obungqina be-FIDO. Oku kufumaneka koovimba bangaphakathi beprojekthi, kodwa ayifakelwanga ngokuzenzekelayo.
I-OpenSSH iyaqhubeka nokuvela kwayo njengentsika ephambili kukhuseleko lonxibelelwano olukude. Olu hlaziyo lwamva nje aluphenduli kuphela kwiimfuno zangoku kodwa lulindele nemingeni yexesha elizayo njengokuvela kwe-quantum computing. Ngokuyeka itekhnoloji ephelelwe lixesha kunye nokwamkela imigangatho evelayo, iprojekthi iyaqhubeka nokuqinisa indima yayo ephambili ekukhuseleni. iziseko ezingundoqo zedijithali.
