ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > FurSSH 8.3 oo leh hagaajin dayacanka scp

FurSSH 8.3 oo leh hagaajin dayacanka scp

Saddex bilood oo horumar ah ka dib soo bandhigay sii daayo OpenSSH 8.3, macmiil furan iyo hirgelinta server si loogu shaqeeyo SSH 2.0 iyo SFTP.

Siideynta cusub waxay ku darsataa ilaalinta weerarrada scp ee u oggolaanaya server-ku inuu gudbiyo magacyo kale oo fayl ah oo aan ahayn kuwa la codsaday (oo lid ku ah nuglaanta hore, weerarku ma suura galin in la beddelo tusaha isticmaaluhu doortay ama maaskarada glob). Xusuusnow in SCP, server-ku uu go'aamiyo faylalka iyo hagayaasha loo dirayo macmiilka, macmiilkuna wuxuu hubiyaa kaliya saxnaanta magacyada shayga la soo celiyay. Nuxurka dhibaatada la aqoonsaday ayaa ah in haddii wicitaanka nidaamka utimes uu ku guuldareysto, ka dibna waxa ku jira faylka waxaa loo tarjumay sida faylka metadata.

Tilmaamahan, marka lagu xidho server-ka uu gacanta ku hayo weeraryahan, waxa loo isticmaali karaa in lagu badbaadiyo magacyada kale ee faylalka iyo waxyaabaha kale ee ku jira isticmaalaha FS marka la koobiyeeyo iyada oo la isticmaalayo scp qaabaynta u horseedaysa fashil marka la wacayo utimes (tusaale, marka utimes mamnuuco nidaamka SELinux ama nidaamka call filter). Suurtagalnimada weerarrada dhabta ah waxaa lagu qiyaasaa inay aad u yar tahay, maadaama qaabeynta caadiga ah wicitaanka utimes uusan guuldareysan. Intaa waxaa dheer, weerarku maaha mid aan la ogaan karin - marka la wacayo scp, qalad wareejinta xogta ayaa la muujiyay.

Isbeddellada guud:

  • sftp, habaynta dooda "-1" waa la joojiyay, oo la mid ah ssh iyo scp, oo hore loo aqbalay laakiin la iska indhatiray;
  • Gudaha sshd, marka la isticmaalayo IgnoreRhosts, hadda waxaa jira saddex doorasho: "haa" - iska illow rhosts/shoss, "maya" - ixtiraam rhosts/shoss, iyo "shots-only" - u oggolow ".shosts" laakiin diido ".rhosts";
  • Ssh hadda waxay taageertaa % TOKEN beddelka goobaha LocalFoward iyo RemoteForward ee loo isticmaalo in lagu hagaajiyo saldhigyada Unix;
  • Oggolow in furaha dadweynaha laga soo raro faylka aan qarsoodi ahayn oo wata fure gaar ah haddii aanu jirin fayl gaar ah oo leh furaha dadweynaha;
  • Haddii libcrypto ay ku jirto nidaamka, ssh iyo sshd hadda waxay adeegsadaan hirgelinta chacha20 algorithm ee maktabaddan, halkii ay ka ahaan lahaayeen hirgelinta la qaadi karo ee la dhisay, taas oo ka dambeysa waxqabadka;
  • Hirgeliyay awoodda lagu daadinayo waxa ku jira liiska binary ee shahaadooyinka la buriyay markii la fulinayay amarka "ssh-keygen -lQf /path";
  • Nooca la qaadan karo wuxuu fuliyaa qeexitaannada nidaamyada kaas oo calaamadaha leh ikhtiyaarka SA_RESTART ay joojiyaan hawlgalka xulashada;
  • Ku dhis dhibaatooyinka nidaamyada HP/UX iyo AIX waa la xaliyay;
  • Dhibaatooyinka go'an ee ku saabsan dhismaha seccomp sandbox ee qaar ka mid ah qaabeynta Linux;
  • Ogaanshaha maktabadda libfido2 oo la hagaajiyay oo la xaliyay arrimaha dhismaha ikhtiyaarka "--leh-security-key-builtin".

Horumarinta OpenSSH waxay sidoo kale mar kale ka digeen burburka soo socda ee algorithms iyagoo isticmaalaya SHA-1 hashes sababtoo ah dallacaad waxtarka weerarrada isku dhaca oo leh horgale la bixiyay (kharashka xulashada isku dhaca waxaa lagu qiyaasaa ku dhawaad ​​45 kun oo doolar). Mid ka mid ah siidaynta soo socota, waxay qorsheynayaan inay si caadi ah u baabi'iyaan awoodda isticmaalka furaha dadweynaha ee saxeexa dhijitaalka ah algorithm "ssh-rsa", kaas oo lagu sheegay RFC asalka ah ee borotokoolka SSH oo weli ku baahsan ficil ahaan (si loo tijaabiyo isticmaalka ee ssh-rsa ee nidaamyadaaga, waxaad isku dayi kartaa inaad ku xirto ssh ikhtiyaarka "-oHostKeyAlgorithms = -ssh-rsa").

Si loo fududeeyo u gudubka algorithms-yada cusub ee OpenSSH, mustaqbalka sii daynta dejinta UpdateHostKeys waxaa loo suurtagelin doonaa si caadi ah, kaas oo si toos ah macaamiisha ugu guuri doona algorithms la isku halayn karo. Algorithms-yada lagu taliyay ee socdaalka waxaa ka mid ah rsa-sha2-256/512 oo ku salaysan RFC8332 RSA SHA-2 (la taageeray ilaa OpenSSH 7.2 oo si caadi ah loo isticmaalo), ssh-ed25519 (taageeray tan iyo OpenSSH 6.5) iyo ecdsa-sha2-nistp256/384/521 ku salaysan on RFC5656 ECDSA (taageeray ilaa OpenSSH 5.7).

Siidaynta u dambaysay, "ssh-rsa" iyo "diffie-hellman-group14-sha1" ayaa laga saaray liiska CASigntureAlgorithms ee qeexaya algorithms-yada loo oggol yahay inay si dhijitaal ah u saxeexaan shahaadooyin cusub, maadaama isticmaalka SHA-1 shahaadooyinka ay keenayso khatar dheeraad ah taas oo ay sabab u tahay in weerarku uu haysto wakhti aan xadidnayn oo uu ku raadiyo shil shahaado jirta, halka wakhtiga la weerarayo furayaasha martida loo yahay ay xadidan tahay wakhtiga xidhiidhka (LoginGraceTime).

Source: opennet.ru

Add a comment