Google ebipụtala koodu isi mmalite nke oru ngo HIBA (Host Identity Based Authorization), nke na-atụ aro mmejuputa usoro ikike maka ịhazi ohere onye ọrụ site na SSH n'ihe gbasara ndị ọbịa (na-enyocha ma anabataghị ohere ịnweta otu akụrụngwa ma ọ bụ na ọ bụghị mgbe ị na-enyocha ya. iji igodo ọha). A na-enye njikọta na OpenSSH site na ịkọwapụta onye na-ahụ maka HIBA na ntuziaka AuthorizedPrincipalsCommand na /etc/ssh/sshd_config. Edere koodu ọrụ ahụ na C wee kesaa n'okpuru ikikere BSD.
HIBA na-eji usoro nyocha ọkọlọtọ dabere na asambodo OpenSSH maka njikwa mgbanwe na nke etiti nke ikike onye ọrụ n'ihe metụtara ndị ọbịa, mana ọ chọghị mgbanwe oge ọ bụla na faịlụ ikike_keys na ikike_users n'akụkụ ndị ọbịa nke ejikọtara njikọ ahụ. Kama ịchekwaa ndepụta igodo ọha bara uru yana ọnọdụ nnweta na faịlụ ikike_(igodo | ndị ọrụ), HIBA na-ejikọta ozi gbasara njide ndị ọbịa ozugbo na asambodo n'onwe ha. Karịsịa, ewepụtala ndọtị maka asambodo nnabata na asambodo onye ọrụ, nke na-echekwa paramita ndị ọbịa na ọnọdụ maka inye ohere onye ọrụ.
A na-amalite ịlele n'akụkụ ndị ọbịa site n'ịkpọ onye na-ahụ maka hiba-chk nke akọwapụtara na ntuziaka AuthorizedPrincipalsCommand. Nke a processor decodes extensions agbakwunyere n'ime asambodo na, dabere na ha, na-eme mkpebi banyere inye ma ọ bụ igbochi ohere. A na-ekpebi iwu ịnweta na etiti na ọkwa ikike ikike (CA) ma tinye ya na asambodo na ọkwa nke ọgbọ ha.
N'akụkụ ebe asambodo, a na-edobe ndepụta zuru oke nke ikike dịnụ (ndị ọbịa nke anabatara njikọ) yana ndepụta nke ndị ọrụ enyere ikike iji ikike ndị a. Iji wepụta asambodo akwadoro nwere ozi agbakwunyere gbasara nzere, a na-atụpụta akụrụngwa hiba-gen, yana ọrụ dị mkpa iji mepụta ikike asambodo gụnyere n'edemede iba-ca.sh.
Mgbe onye ọrụ jikọtara, ikike akọwapụtara na asambodo na-akwado ya site na mbinye aka dijitalụ nke ikike asambodo, nke na-enye ohere ka emee ndenye ego niile kpamkpam n'akụkụ onye nnabata a na-eme njikọ, na-enweghị iji ọrụ mpụga. Edepụtara ndepụta igodo ọha nke ikike asambodo na-akwado asambodo SSH site na ntuziaka TrustedUserCAKeys.
Na mgbakwunye na ijikọ ndị ọrụ ozugbo na ndị ọbịa, HIBA na-enye gị ohere ịkọwapụta iwu ịnweta mgbanwe ndị ọzọ. Dịka ọmụmaatụ, enwere ike jikọta ozi dị ka ọnọdụ na ụdị ọrụ na ndị ọbịa, yana mgbe a na-akọwapụta iwu ịnweta onye ọrụ, enwere ike ịhapụ njikọ na ndị ọbịa niile nwere ụdị ọrụ enyere ma ọ bụ ndị ọbịa na ebe akọwapụtara.
isi: opennet.ru