La Inguqulo ye-OpenSSH 10.0 isiyatholakala ngenani lentuthuko ebalulekile ehlobene nokuphepha, i-post-quantum cryptography kanye nokusebenza kahle kwesistimu. Lokhu kwethulwa kumelela isinyathelo esibalulekile sokuqinisa ingqalasizinda yezokuxhumana evikelekile ngokumelene nezinsongo zamanje nezesikhathi esizayo. Ngaphezu kwalokho, le ntuthuko igqamisa ukubaluleka kokuhambisana nemithetho ukubethela kanye namathuluzi okuphepha emhlabeni wezobuchwepheshe oshintsha njalo.
I-OpenSSH, enye yezinhlelo ezisetshenziswa kakhulu ze-SSH emhlabeni jikelele, iyaqhubeka nokuthuthuka ukuze ivumelane nezinselele ezintsha ku-cybersecurity. Kulokhu, inguqulo 10.0 ayilungisi kuphela iziphazamisi, kodwa futhi yethula izinguquko zesakhiwo kanye ne-cryptographic ezingase zithinte abaphathi besistimu nabathuthukisi ngokufanayo.
I-OpenSSH 10.0 iqinisa ukuphepha kwe-cryptographic
Esinye sezinqumo eziphawuleka kakhulu kube Susa ngokuphelele usekelo lwe-algorithm yesiginesha ye-DSA (Digital Signature Algorithm)., osekuphele iminyaka ingasebenzi futhi ibhekwa njengesengozini yokuhlaselwa kwesimanje. I-OpenSSH yayisivele yehlisiwe, kodwa isasekelwa, okwakumele ubungozi obungadingekile.
Mayelana nokushintshisana okubalulekile, i-hybrid post-quantum algorithm ikhethwe ngokuzenzakalelayo: mlkem768x25519-sha256. Le nhlanganisela ihlanganisa isikimu se-ML-KEM (esilinganiswe yi-NIST) ne-X25519 elliptic curve, enikeza ukumelana nokuhlaselwa kwekhompyutha ye-quantum ngaphandle kokudela ukusebenza kahle ezinhlelweni zamanje. Lolu shintsho lubeka i-OpenSSH njengengqalabutho ekwamukeleni izindlela ze-cryptographic ezilungiselelwe inkathi ye-post-quantum.
I-OpenSSh 10.0 idizayina kabusha i-architecture yokuqinisekisa
Enye yentuthuko yezobuchwepheshe kodwa efanele Ukwehlukaniswa kwekhodi okunesibopho sokufakazela ubuqiniso besikhathi sokusebenza ibe kanambambili entsha ebizwa ngokuthi "sshd-auth". Lokhu kuguqulwa kunciphisa ngempumelelo indawo yokuhlasela ngaphambi kokuthi ukuqinisekiswa kuqedwe, njengoba kanambambili entsha isebenza ngokuzimela ngaphandle kwenqubo eyinhloko.
Ngalolu shintsho, ukusetshenziswa kwememori nakho kuthuthukisiwe, njengoba ikhodi yokuqinisekisa ilandwa uma isisetshenzisiwe, ithuthukisa ukusebenza kahle ngaphandle kokuphazamisa ukuphepha.
Ukusekelwa kwe-FIDO2 nokuthuthukiswa kokucushwa
I-OpenSSH 10.0 futhi inweba ukusekelwa kwamathokheni wokuqinisekisa we-FIDO2, sethula amakhono amasha okuqinisekisa amabhulogu wobufakazi be-FIDO. Nakuba lolu hlelo lokusebenza lusesesigabeni sokuhlola futhi alufakiwe ngokuzenzakalelayo, lumelela isinyathelo esiya ekuqinisekiseni okuqinile nokujwayelekile ezindaweni zesimanje.
Esinye isengezo esiphawulekayo yi- ukuguquguquka okukhulu kuzinketho zokumisa eziqondene nomsebenzisi. Imibandela yokufanisa enembe kakhudlwana manje ingachazwa, okuvumela imithetho yembudumbudu eyengeziwe yokuthi kunini futhi kanjani ukulungiselelwa okuthile kwe-SSH noma i-SFTP. Kulo mongo, ukuvela kwezinkundla ezifana I-OpenSSH 9.0 ubeka isibonelo esibalulekile ekucushweni kwalawa mathuluzi.
Ukuthuthukisa ama-algorithms wokubethela
Mayelana nokubethelwa kwedatha, Ukusetshenziswa kwe-AES-GCM kubekwa phambili kune-AES-CTR, isinqumo esithuthukisa kokubili ukuphepha nokusebenza ekuxhumekeni okubethelwe. Ngaphandle kwalokhu, I-ChaCha20/Poly1305 isalokhu iyi-algorithm yokubethela ethandwayo, ngenxa yokusebenza kwayo okuphezulu kumadivayisi angenakho ukusheshiswa kwehadiwe kwe-AES.
Ezinye izinguquko zezobuchwepheshe nezephrothokholi
Ngaphandle kokuphepha, Izinguquko zethulwe ekuphathweni kweseshini, kanye nokuthuthukiswa kokutholwa kohlobo lweseshini esebenzayo. Lezi zinguquko zihlose ukwenza isistimu ivumelane nezimo ezihlukene zokuxhuma nokusetshenziswa.
Ngaphezu kwalokho, kuye kwenziwa ukulungiswa kokuphatheka kwekhodi nokugcinwa, njengenhlangano engcono yokuphathwa kwe-modular yamafayela epharamitha ye-cryptographic (i-moduli), elungiselela izibuyekezo ezizayo nokuhlolwa kwamabhuku.
Ukulungiswa kweziphazamisi nokusebenziseka
Njenganoma yikuphi ukukhishwa okukhulu, i-OpenSSH 10.0 ihlanganisa ukulungiswa kweziphazamisi okuhlukahlukene kubikwe abasebenzisi noma kutholwe ekucwaningweni kwamabhuku kwangaphakathi. Enye yeziphazamisi ezilungisiwe ihlobene nenketho ethi "DisableForwarding", engazange ikhubaze kahle i-X11 kanye nokudluliselwa kwe-ejenti, njengoba kuboniswe kumadokhumenti asemthethweni.
Ukuthuthukiswa kwenziwe futhi interface yomsebenzisi ukuze uthole ukuzizwisa okungaguquki, okuhlanganisa ukutholwa kweseshini noma uma usebenzisa izilungiselelo ezithile. Le mininingwane, nakuba yezobuchwepheshe, inomthelela oqondile ekuzinzeni nasekuthembekeni kwesofthiwe ezindaweni zokukhiqiza.
Enye imininingwane ephawulekayo yi- ukubonakala kwethuluzi lomugqa womyalo, nakuba isesigabeni sokuhlola, ihloselwe ukuqinisekisa amabhulabhu obufakazi be-FIDO. Lokhu kuyatholakala kumakhosombe angaphakathi ephrojekthi, kodwa akufakwa ngokuzenzakalelayo.
I-OpenSSH iyaqhubeka nokuvela kwayo njengensika eyinhloko ekuvikelekeni kokuxhumana okukude. Lesi sibuyekezo sakamuva asiphenduli nje kuphela ezidingweni zamanje kodwa futhi silindele izinselele zesikhathi esizayo njengokuvela kwe-quantum computing. Ngokuyeka ubuchwepheshe obungasasebenzi kanye nokwamukela izindinganiso ezisafufusa, iphrojekthi iyaqhubeka nokuqinisa indima yayo eyinhloko ekuvikeleni ingqalasizinda yedijithali ebalulekile.
