Pambuyo pa miyezi isanu ndi umodzi ya chitukuko kumasula , kasitomala wotseguka ndi kukhazikitsa seva kuti agwire ntchito kudzera pa SSH 2.0 ndi ma protocol a SFTP.
Chisamaliro chapadera pakumasulidwa kwatsopano ndikuchotsa chiwopsezo chokhudza ssh, sshd, ssh-add ndi ssh-keygen. Vuto likupezeka mu code yoyika makiyi achinsinsi ndi mtundu wa XMSS ndipo imalola wowukira kuyambitsa kusefukira kwathunthu. Chiwopsezochi chimadziwika kuti ndi chosavuta kugwiritsa ntchito, koma chosagwiritsidwa ntchito pang'ono, popeza kuthandizira makiyi a XMSS ndi chinthu choyesera chomwe chimayimitsidwa mwachisawawa (mtundu wosunthika ulibe ngakhale njira yomanga mu autoconf kuti athe XMSS).
Zosintha zazikulu:
- Mu ssh, sshd ndi ssh-agent code yomwe imalepheretsa kubwezeretsedwa kwa kiyi yachinsinsi yomwe ili mu RAM chifukwa cha kuwukira kwapambali, monga , ΠΈ . Makiyi achinsinsi tsopano amalembedwa mwachinsinsi akalowetsedwa m'makumbukidwe ndikusinthidwa pokhapokha ngati akugwiritsidwa ntchito, amasungidwa nthawi yonseyi. Ndi njira iyi, kuti mubwezeretse kiyi yachinsinsi, wowukirayo ayenera kuyambiranso kiyi yapakati yopangidwa mwachisawawa ya 16 KB kukula kwake, yomwe imagwiritsidwa ntchito kubisa fungulo lalikulu, lomwe silingachitike chifukwa cha kulakwitsa kwachiwopsezo komwe kumachitika masiku ano;
- Π Anawonjezera thandizo loyesera lachiwembu chosavuta popanga ndi kutsimikizira siginecha ya digito. Ma signature a digito amatha kupangidwa pogwiritsa ntchito makiyi a SSH okhazikika osungidwa pa disk kapena mu ssh-agent, ndikutsimikiziridwa pogwiritsa ntchito zofanana ndi authorized_keys. . Chidziwitso cha malo a mayina chimapangidwa ndi siginecha ya digito kuti zisasokonezeke zikagwiritsidwa ntchito m'malo osiyanasiyana (mwachitsanzo, maimelo ndi mafayilo);
- ssh-keygen yasinthidwa mwachisawawa kuti igwiritse ntchito rsa-sha2-512 algorithm potsimikizira ziphaso zokhala ndi siginecha ya digito yozikidwa pa kiyi ya RSA (pogwira ntchito mu CA mode). Zikalata zotere sizigwirizana ndi zotulutsidwa zisanachitike OpenSSH 7.2 (kuti zitsimikizire kuti zimagwirizana, mtundu wa algorithm uyenera kuchotsedwa, mwachitsanzo potcha "ssh-keygen -t ssh-rsa -s ...");
- Mu ssh, mawu a ProxyCommand tsopano amathandizira kukulitsa kwa "%n" m'malo (dzina la omvera lotchulidwa mu bar adilesi);
- M'ndandanda wa ma algorithms a encryption a ssh ndi sshd, mutha kugwiritsa ntchito "^" zilembo kuti muyike ma algorithms okhazikika. Mwachitsanzo, kuti muwonjezere ssh-ed25519 pamndandanda wokhazikika, mutha kutchula "HostKeyAlgorithms ^ssh-ed25519";
- ssh-keygen imapereka ndemanga yolumikizidwa ku kiyi pochotsa kiyi yapagulu kuchokera pachinsinsi;
- Anawonjezera kuthekera kogwiritsa ntchito mbendera ya "-v" mu ssh-keygen pochita zinthu zazikulu zoyang'ana (mwachitsanzo, "ssh-keygen -vF host"), kutanthauza zomwe zimabweretsa siginecha yowonetsera;
- Adawonjezera mwayi wogwiritsa ntchito ngati njira ina yosungira makiyi achinsinsi pa disk. Mawonekedwe a PEM akupitilizabe kugwiritsidwa ntchito mwachisawawa, ndipo PKCS8 ikhoza kukhala yothandiza kuti igwirizane ndi mapulogalamu a chipani chachitatu.
Source: opennet.ru