ProHoster > Блог > ozi ịntanetị > Mwepụta nke OpenSSH 8.0

Mwepụta nke OpenSSH 8.0

Mgbe ọnwa ise nke mmepe ọkọnọ hapụ OpenSSH 8.0, onye ahịa mepere emepe na mmejuputa ihe nkesa maka ịrụ ọrụ site na SSH 2.0 na SFTP protocols.

Isi mgbanwe:

  • Nkwado nnwale maka usoro mgbanwe isi nke na-eguzogide mwakpo ike na kọmpụta quantum na ssh na sshd. Kọmputa nke Quantum na-agba ọsọ ngwa ngwa n'ịgbazi nsogbu nke ibibi ọnụọgụ eke n'ime ihe ndị bụ isi, nke na-adabere na algọridim nzuzo asymmetric nke ọgbara ọhụrụ na enweghị ike idozi ya nke ọma na ndị nhazi oge gboo. Usoro a tụrụ aro dabere na algọridim Ọnụ ego nke NTRU (ọrụ ntrup4591761), mepụtara maka post-quantum cryptosystems, na elliptical curve isi mgbanwe usoro X25519;
  • Na sshd, ntuziaka ListenAddress na PermitOpen anaghịzi akwado syntax "onye ọbịa/ọdụ ụgbọ mmiri" nke e mere na 2001 dị ka ihe ọzọ na "onye ọbịa: ọdụ ụgbọ mmiri" iji mee ka ọrụ na IPv6 dị mfe. N'ọnọdụ ọgbara ọhụrụ, e guzobewo syntax "[:: 6]: 1" maka IPv22, na "onye ọbịa / ọdụ ụgbọ mmiri" na-enwekarị mgbagwoju anya na-egosi subnet (CIDR);
  • ssh, ssh-agent na ssh-gbakwunye igodo na-akwado ugbu a ECDSA na PKCS # 11 akara;
  • Na ssh-keygen, abawanyela nha igodo RSA ndabara gaa na 3072, dị ka ndụmọdụ NIST ọhụrụ siri dị;
  • ssh na-enye ohere iji ntọala "PKCS11Provider = ọ nweghị" iji mebie ntuziaka PKCS11 Onye na-enye akọwapụtara na ssh_config;
  • sshd na-enye ihe ngosi ndekọ nke ọnọdụ mgbe njikọ kwụsịrị mgbe ị na-achọ ime iwu nke mmachi "ForceCommand=internal-sftp" na sshd_config;
  • Na ssh, mgbe ị na-egosipụta arịrịọ iji kwado nnabata nke igodo nnabata ọhụrụ, kama nzaghachi “ee”, a na-anabata akara mkpịsị aka ziri ezi nke igodo ahụ (na nzaghachi nye oku iji kwado njikọ ahụ, onye ọrụ nwere ike idetuo ya. hash akwụkwọ ntụaka enwetara iche iche site na klipbọọdụ, ka ị ghara iji aka tulee ya;
  • ssh-keygen na-enye mmụba akpaaka nke nọmba usoro asambodo mgbe ị na-eke mbinye aka dijitalụ maka ọtụtụ asambodo na ahịrị iwu;
  • agbakwunyere nhọrọ ọhụrụ "-J" na scp na sftp, nke dabara na ntọala ProxyJump;
  • Na ssh-agent, ssh-pkcs11-helper na ssh-add, agbakwunyere nhazi nhọrọ ahịrị iwu "-v" iji mee ka ọdịnaya ozi dị na mmepụta (mgbe akọwapụtara, a na-enyefe nhọrọ a na usoro ụmụaka, maka ihe atụ, mgbe ssh-pkcs11-enyere aka na-akpọ si ssh-agent);
  • Agbakwunyere nhọrọ "-T" na ssh-add iji nwalee ịdị mma nke igodo na ssh-agent maka ịrụ ọrụ mbinye aka dijitalụ na nkwenye;
  • sftp-server na-arụ ọrụ nkwado maka "lsetstat na openssh.com" protocol extension, nke na-agbakwụnye nkwado maka ọrụ SSH2_FXP_SETSTAT maka SFTP, mana na-esoghị njikọ ihe atụ;
  • agbakwunyere nhọrọ "-h" ka sftp mee iwu chown/chgrp/chmod na arịrịọ na-adịghị eji njikọ ihe atụ;
  • sshd na-enye ntọala mgbanwe gburugburu $SSH_CONNECTION maka PAM;
  • Maka sshd, agbakwunyere ọnọdụ ndakọrịta “Match final” na ssh_config, nke yiri “Match canonical”, mana ọ chọghị ka e mee ka aha nnabata ahaziri ahaziri;
  • agbakwunyere nkwado maka prefix '@' ka sftp iji gbanyụọ ntụgharị asụsụ nke ewepụtara n'iwu egburu na ọnọdụ ogbe;
  • Mgbe ị gosipụtara ọdịnaya nke asambodo site na iji iwu
    "ssh-keygen -Lf /path/certificate" na-egosiputa algọridim nke CA na-eji kwado asambodo;

  • Nkwado emelitere maka gburugburu Cygwin, dịka ọmụmaatụ inye ntụnyere otu na aha njirimara na-enweghị mmetụta. Usoro sshd dị na ọdụ ụgbọ mmiri Cygwin ka agbanweela ka ọ bụrụ cygsshd iji zere ndabichi na ọdụ ụgbọ mmiri OpenSSH nke Microsoft na-enye;
  • Agbakwunyere ike iji wuo ụlọ ọrụ OpenSSL 3.x nnwale;
  • Ewepụrụ adịghị ike (CVE-2019-6111) na mmejuputa scp utility, nke na-enye ohere idegharị faịlụ aka ike na ndekọ ndekọ aha n'akụkụ ndị ahịa mgbe ị na-enweta ihe nkesa nke onye na-awakpo na-achịkwa. Nsogbu bụ na mgbe ị na-eji scp, ihe nkesa na-ekpebi faịlụ na akwụkwọ ndekọ aha ga-ezigara onye ahịa, na onye ahịa na-enyocha izi ezi nke aha ihe eweghachiri. Nleba anya n'akụkụ ndị ahịa bụ naanị igbochi njem gafere akwụkwọ ndekọ aha ugbu a (“../”), mana anaghị eburu n'uche ịnyefe faịlụ nwere aha dị iche na nke a rịọrọ na mbụ. N'ihe banyere nnomigharị recursive (-r), na mgbakwunye na aha faịlụ, ị nwekwara ike ijikwa aha subdirectories n'otu ụzọ ahụ. Dịka ọmụmaatụ, ọ bụrụ na onye ọrụ na-ebipụta faịlụ na ndekọ ụlọ, ihe nkesa nke onye na-awakpo na-achịkwa nwere ike ịmepụta faịlụ nwere aha .bash_aliases ma ọ bụ .ssh/authorized_keys kama faịlụ ndị a rịọrọ, a ga-echekwa ha site na scp utility na onye ọrụ. ndekọ ụlọ.

    Na ntọhapụ ọhụrụ ahụ, emelitere scp utility iji lelee ozi dị n'etiti aha faịlụ a rịọrọ na nke ihe nkesa zitere, nke a na-eme n'akụkụ ndị ahịa. Nke a nwere ike ịkpata nsogbu na nhazi nkpuchi, ebe ọ bụ na enwere ike ịhazi mkpụrụedemede mgbasawanye nkpuchi dị iche iche na sava na akụkụ ndị ahịa. Ọ bụrụ na ndịiche dị otú ahụ na-eme ka onye ahịa kwụsị ịnakwere faịlụ na scp, agbakwunyere nhọrọ "-T" iji gbanyụọ nlele n'akụkụ ndị ahịa. Iji dozie nsogbu ahụ n'ụzọ zuru ezu, a chọrọ nhazigharị echiche nke protocol scp, nke n'onwe ya adịlarị, yabụ a na-atụ aro ka iji usoro ọgbara ọhụrụ dị ka sftp na rsync kama.

isi: opennet.ru

Tinye a comment