{"id":125590,"date":"2024-09-22T10:03:11","date_gmt":"2024-09-22T01:03:11","guid":{"rendered":"https:\/\/softantenna.com\/blog\/?p=125590"},"modified":"2024-09-22T10:03:11","modified_gmt":"2024-09-22T01:03:11","slug":"openssh-9-9","status":"publish","type":"post","link":"https:\/\/softantenna.com\/blog\/openssh-9-9\/","title":{"rendered":"OpenSSH 9.9\/9.9p1\u304c\u30ea\u30ea\u30fc\u30b9 - \u65b0\u3057\u3044\u30dd\u30b9\u30c8\u91cf\u5b50\u6697\u53f7\u6a19\u6e96\u3078\u306e\u5bfe\u5fdc\u3084\u3001DSA\u306e\u30b3\u30f3\u30d1\u30a4\u30eb\u6642\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u7121\u52b9\u5316\u306a\u3069"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/softantenna.com\/blog\/wp-content\/uploads\/2024\/09\/s_20240922_093626.jpg\" alt=\"\" width=\"1060\" height=\"662\" class=\"aligncenter size-full wp-image-125591\" \/><\/p>\n<p>OpenSSH\u958b\u767a\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306f9\u670819\u65e5(\u73fe\u5730\u6642\u9593)\u3001SSH\u30b5\u30fc\u30d0\u30fc\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u300cOpenSSH\u300d\u306e\u6700\u65b0\u7248\u300cOpenSSH 9.9\/9.9p1\u300d\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u307e\u3057\u305f(<a href=\"https:\/\/www.openssh.com\/releasenotes.html\">Release Notes<\/a>)\u3002OpenSSH\u306f100%\u5b8c\u5168\u306aSSH\u30d7\u30ed\u30c8\u30b3\u30eb 2.0\u306e\u5b9f\u88c5\u3067\u3001sftp \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u30b5\u30fc\u30d0\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u6700\u65b0\u7248\u306essh\u3001sshd\u306b\u306f\u3001FIPS 203\u30e2\u30b8\u30e5\u30fc\u30eb\u30fb\u30e9\u30c6\u30a3\u30b9\u9375\u30ab\u30d7\u30bb\u30eb\u5316\u6a5f\u69cb(ML-KEM)\u3068 X25519 ECDH \u3092\u7d44\u307f\u5408\u308f\u305b\u305f\u65b0\u3057\u3044\u30cf\u30a4\u30d6\u30ea\u30c3\u30c9\u30dd\u30b9\u30c8\u91cf\u5b50\u9375\u4ea4\u63db\u306e\u30b5\u30dd\u30fc\u30c8\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>ssh\u3067\u306fssh_config\u306e<code>Include<\/code>\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u304c\u74b0\u5883\u3092\u5c55\u958b\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u3001sshd\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30ebsshd_config\u306b\u306f<code>RefuseConnection<\/code>\u306e\u30b5\u30dd\u30fc\u30c8\u304c\u8ffd\u52a0\u3055\u308c\u307e\u3057\u305f\u3002RefuseConnection\u304c\u30bb\u30c3\u30c8\u3055\u308c\u305f\u5834\u5408\u3001\u6700\u521d\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u8981\u6c42\u6642\u306b\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u304c\u7d42\u4e86\u3057\u307e\u3059\u3002<\/p>\n<p>\u65b0\u6a5f\u80fd\u306e\u30ea\u30b9\u30c8\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\u3002<\/p>\n<blockquote>\n<p> * ssh(1), sshd(8): add support for a new hybrid post-quantum key<br \/>\n   exchange based on the FIPS 203 Module-Lattice Key Enapsulation<br \/>\n   mechanism (ML-KEM) combined with X25519 ECDH as described by<br \/>\n   https:\/\/datatracker.ietf.org\/doc\/html\/draft-kampanakis-curdle-ssh-pq-ke-03<br \/>\n   This algorithm \"mlkem768x25519-sha256\" is available by default.<\/p>\n<p> * ssh(1): the ssh_config \"Include\" directive can now expand<br \/>\n   environment as well as the same set of %-tokens \"Match Exec\"<br \/>\n   supports.<\/p>\n<p> * sshd(8): add a sshd_config \"RefuseConnection\" option that, if set<br \/>\n   will terminate the connection at the first authentication request.<\/p>\n<p> * sshd(8): add a \"refuseconnection\" penalty class to sshd_config<br \/>\n   PerSourcePenalties that is applied when a connection is dropped by<br \/>\n   the new RefuseConnection keyword.<\/p>\n<p> * sshd(8): add a \"Match invalid-user\" predicate to sshd_config Match<br \/>\n   options that matches when the target username is not valid on the<br \/>\n   server.<\/p>\n<p> * ssh(1), sshd(8): update the Streamlined NTRUPrime code to a<br \/>\n   substantially faster implementation.<\/p>\n<p> * ssh(1), sshd(8): the hybrid Streamlined NTRUPrime\/X25519 key<br \/>\n   exchange algorithm now has an IANA-assigned name in addition to<br \/>\n   the \"@openssh.com\" vendor extension name. This algorithm is now<br \/>\n   also available under this name \"sntrup761x25519-sha512\"<\/p>\n<p> * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being<br \/>\n   included in core dump files for most of their lifespans. This is<br \/>\n   in addition to pre-existing controls in ssh-agent(1) and sshd(8)<br \/>\n   that prevented coredumps. This feature is supported on OpenBSD,<br \/>\n   Linux and FreeBSD.<\/p>\n<p> * All: convert key handling to use the libcrypto EVP_PKEY API, with<br \/>\n   the exception of DSA.<\/p>\n<p> * sshd(8): add a random amount of jitter (up to 4 seconds) to the<br \/>\n   grace login time to make its expiry unpredictable.<\/p>\n<\/blockquote>\n<p>OpenSSH\u306f2025\u5e74\u521d\u982d\u306bDSA\u7f72\u540d\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306e\u30b5\u30dd\u30fc\u30c8\u3092\u7d42\u4e86\u3059\u308b\u4e88\u5b9a\u3067\u3001\u3053\u306e\u30ea\u30ea\u30fc\u30b9\u3067\u306f\u3001\u30b3\u30f3\u30d1\u30a4\u30eb\u6642\u306b\u30c7\u30d5\u30a9\u30eb\u30c8\u3067DSA\u3092\u7121\u52b9\u306b\u3059\u308b\u5909\u66f4\u304c\u884c\u308f\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u5909\u66f4\u70b9\u306e\u8a73\u7d30\u306e\u78ba\u8a8d\u3084\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u306f<a href=\"https:\/\/www.openssh.com\/\">openssh.com<\/a>\u304b\u3089\u53ef\u80fd\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenSSH\u958b\u767a\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306f9\u670819\u65e5(\u73fe\u5730\u6642\u9593)\u3001SSH\u30b5\u30fc\u30d0\u30fc\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u300cOpenSSH\u300d\u306e\u6700\u65b0\u7248\u300cOpenSSH 9.9\/9.9p1\u300d\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u307e\u3057\u305f(Release Notes)\u3002OpenS [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":125591,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"swell_btn_cv_data":"","footnotes":""},"categories":[75],"tags":[1439],"class_list":["post-125590","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software","tag-ssh"],"_links":{"self":[{"href":"https:\/\/softantenna.com\/blog\/wp-json\/wp\/v2\/posts\/125590","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/softantenna.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/softantenna.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/softantenna.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/softantenna.com\/blog\/wp-json\/wp\/v2\/comments?post=125590"}],"version-history":[{"count":0,"href":"https:\/\/softantenna.com\/blog\/wp-json\/wp\/v2\/posts\/125590\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/softantenna.com\/blog\/wp-json\/wp\/v2\/media\/125591"}],"wp:attachment":[{"href":"https:\/\/softantenna.com\/blog\/wp-json\/wp\/v2\/media?parent=125590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/softantenna.com\/blog\/wp-json\/wp\/v2\/categories?post=125590"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/softantenna.com\/blog\/wp-json\/wp\/v2\/tags?post=125590"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}