Google yatulutsa kachidindo ka pulojekiti ya HIBA (Host Identity Based Authorization), yomwe ikufuna kukhazikitsidwa kwa njira yowonjezera yololeza anthu kuti azitha kugwiritsa ntchito SSH mogwirizana ndi makamu (kuyang'ana ngati mwayi wopita kuzinthu zinazake ndikololedwa kapena ayi pamene mukutsimikizira. pogwiritsa ntchito makiyi a anthu onse). Kuphatikizana ndi OpenSSH kumaperekedwa pofotokoza wogwirizira HIBA mu AuthorizedPrincipalsCommand malangizo mu /etc/ssh/sshd_config. Khodi ya projekitiyo idalembedwa mu C ndikugawidwa pansi pa layisensi ya BSD.
HIBA imagwiritsa ntchito njira zovomerezeka zozikidwa pa satifiketi za OpenSSH zosinthika komanso zapakati pazovomerezeka za ogwiritsa ntchito mogwirizana ndi makamu, koma sizifuna kusintha kwanthawi ndi nthawi kwa authorized_keys ndi authorized_users mafayilo kumbali ya makamu komwe kulumikizana kumapangidwira. M'malo mosunga mndandanda wa makiyi ovomerezeka a anthu onse ndi njira zolowera m'mafayilo a authorized_(keys|users), HIBA imaphatikizanso zambiri zokhudzana ndi zomangira za ogwiritsa ntchito m'masatifiketi okha. Makamaka, zowonjezera zaperekedwa kwa ziphaso zokhala ndi satifiketi ya ogwiritsa ntchito, zomwe zimasunga magawo ndi mikhalidwe yopatsa mwayi wogwiritsa ntchito.
Kuyang'ana kumbali ya wolandirayo kumayambika ndikuyimbira chogwirizira hiba-chk chotchulidwa mu AuthorizedPrincipalsCommand malangizo. Purosesa iyi imasankha zowonjezera zophatikizidwira mu satifiketi ndipo, kutengera iwo, amapanga chisankho chopereka kapena kuletsa mwayi. Malamulo ofikira amatsimikiziridwa pakati pa gawo la certification Authority (CA) ndipo amaphatikizidwa mu satifiketi pamlingo wa m'badwo wawo.
Kumbali ya certification center, mndandanda wambiri wa mphamvu zomwe zilipo zimasungidwa (makamu omwe maulumikizano amaloledwa) ndi mndandanda wa ogwiritsa ntchito omwe amaloledwa kugwiritsa ntchito mphamvuzi. Kuti apange ziphaso zovomerezeka zokhala ndi chidziwitso chophatikizika chokhudza zidziwitso, ntchito ya hiba-gen ikufunsidwa, ndipo magwiridwe antchito ofunikira kuti apange olamulira a certification akuphatikizidwa mu iba-ca.sh script.
Wogwiritsa ntchito akalumikizana, ulamuliro womwe wafotokozedwa mu satifiketi umatsimikiziridwa ndi siginecha ya digito yaulamuliro wa certification, womwe umalola macheke onse kuti achitidwe kumbali ya omwe akutsata omwe akulumikizidwako, osagwiritsa ntchito ntchito zakunja. Mndandanda wa makiyi agulu la akuluakulu a certification omwe amatsimikizira ziphaso za SSH amatchulidwa kudzera mu malangizo a TrustedUserCAKeys.
Kuphatikiza pakulumikiza mwachindunji ogwiritsa ntchito ku makamu, HIBA imakulolani kufotokozera malamulo osavuta ofikira. Mwachitsanzo, zambiri monga malo ndi mtundu wa ntchito zitha kulumikizidwa ndi olandira, ndipo pofotokoza malamulo ofikira ogwiritsa ntchito, kulumikizana kutha kuloledwa kwa onse omwe ali ndi mtundu wautumiki womwe wapatsidwa kapena kwa omwe amalandila pamalo enaake.
Source: opennet.ru