Mushure memwedzi mitanhatu yebudiriro kusunungura , mutengi akavhurika uye server kuisirwa kushanda kuburikidza neSSH 2.0 uye SFTP protocol.
Kunyanya kutarisisa mukuburitswa kutsva ndiko kubviswa kwekusagadzikana kunobata ssh, sshd, ssh-add uye ssh-keygen. Dambudziko riripo mukodhi yekuisa makiyi akavanzika nerudzi rweXMSS uye inobvumira anorwisa kuti akonzerese kufashukira. Kusagadzikana kwacho kunoratidzwa sechishandiso, asi chekushandisa kushoma, sezvo rutsigiro rwemakiyi eXMSS chinhu chekuyedza chinovharwa nekusarudzika (iyo inotakurika vhezheni haina kana sarudzo yekuvaka mu autoconf yekugonesa XMSS).
Shanduko huru:
- Mune ssh, sshd uye ssh-agent kodhi inodzivirira kudzoreredzwa kwekiyi yakavanzika inowanikwa muRAM semhedzisiro yekurwiswa kwepadivi-chiteshi, senge , ΠΈ . Makiyi epachivande ikozvino akavharidzirwa kana akaiswa mundangariro uye akadhindwa chete kana achishandiswa, achisara akavharirwa nguva yese. Neiyi nzira, kuti ubudirire kudzoreredza kiyi yakavanzika, anorwisa anofanira kutanga atora isina kurongeka yepakati kiyi ye16 KB muhukuru, yakashandiswa encrypt kiyi huru, iyo isinga fanirwe kupihwa yekudzoreredza kukanganisa kunowanzo kurwiswa kwemazuva ano;
- Π Yakawedzera tsigiro yekuyedza yechirongwa chakarerutswa chekugadzira nekuona masiginecha edhijitari. Dhijitari masiginicha anogona kugadzirwa uchishandisa akajairwa SSH makiyi akachengetwa pa diski kana mu ssh-agent, uye kusimbiswa uchishandisa chimwe chinhu chakafanana nemvumo_kiyi. . Ruzivo rwenzvimbo yezita rwakavakwa mune siginecha yedhijitari kudzivirira nyonganiso kana ichishandiswa munzvimbo dzakasiyana (semuenzaniso, yeemail nemafaira);
- ssh-keygen yakashandurwa nekusarudzika kushandisa rsa-sha2-512 algorithm paunenge uchisimbisa zvitupa zvine siginecha yedhijitari yakavakirwa pakiyi yeRSA (kana uchishanda muCA mode). Zvitupa zvakadaro hazvienderane nekuburitswa pamberi peOpenSSH 7.2 (kuti ive nechokwadi chekuenderana, iyo algorithm mhando inofanirwa kudhindwa, semuenzaniso nekudana "ssh-keygen -t ssh-rsa -s ...");
- Mu ssh, chirevo cheProxyCommand ikozvino chinotsigira kuwedzera kwe "% n" inotsiva (zita remugamuchiri rakatsanangurwa mubhawa rekero);
- Mune zvinyorwa zve encryption algorithms ye ssh uye sshd, iwe unogona ikozvino kushandisa iyo "^" hunhu kuisa iyo default algorithms. Semuenzaniso, kuwedzera ssh-ed25519 kune iyo default list, unogona kutsanangura "HostKeyAlgorithms ^ssh-ed25519";
- ssh-keygen inopa kuburitsa kwechirevo chakasungirirwa kune kiyi kana uchibvisa kiyi yeruzhinji kubva kune yakavanzika;
- Yakawedzera kugona kushandisa iyo "-v" mureza mu ssh-keygen paunenge uchiita makiyi ekutarisisa mabasa (semuenzaniso, "ssh-keygen -vF host"), ichitsanangura izvo zvinoguma mune inooneka host siginecha;
- Yakawedzera kugona kushandisa seimwe nzira yekuchengetedza makiyi ega pa diski. Iyo PEM fomati inoramba ichishandiswa neyakagadzika, uye PKCS8 inogona kubatsira pakuwana kuenderana neyechitatu-bato zvikumbiro.
Source: opennet.ru