Kadib lix bilood oo horumar ah sii daayo , macmiil furan iyo hirgelinta server si loogu shaqeeyo SSH 2.0 iyo SFTP.
Dareenka gaarka ah ee sii daynta cusub waa baabi'inta dayacanka saameeya ssh, sshd, ssh-add iyo ssh-keygen. Dhibaatadu waxay ku jirtaa koodka sifaynta furayaasha gaarka ah nooca XMSS waxayna u ogolaataa weeraryahanku inuu kiciyo qulqulka xad dhaafka ah. Nuglaanta waxaa loo calaamadeeyay mid laga faa'iidaysan karo, laakiin aan la isticmaalin, maadaama taageerada furayaasha XMSS ay tahay muuqaal tijaabo ah oo naafo ah (nooca la qaadi karo xitaa ma haysto ikhtiyaarka dhismaha autoconf si uu awood ugu yeesho XMSS).
Isbeddellada ugu waaweyn:
- In ssh, sshd iyo ssh-wakiil code ka hortagaya dib u soo kabashada furaha gaarka ah ee ku yaala RAM taas oo ka dhalatay weerarrada kanaalka, sida , ΠΈ . Furayaasha gaarka ah hadda waa la siray markii lagu shubo xusuusta waxaana la dejiyaa kaliya marka la isticmaalayo, inta hartayna waa la sir qaadayaa inta ka hartay. Habkan, si uu si guul leh u soo kabsado furaha gaarka ah, weeraryahanku waa inuu marka hore soo kabsado furaha dhexdhexaadka ah ee 16 KB ee cabbirka, oo loo isticmaalo in lagu xafido furaha muhiimka ah, taas oo aan u badnayn in la siiyo heerka qaladka soo kabashada ee caadiga ah ee weerarrada casriga ah;
- Π Taageero tijaabo ah oo lagu daray nidaamka la fududeeyay ee abuurista iyo xaqiijinta saxeexyada dhijitaalka ah. Saxeexa dhijitaalka ah ayaa la abuuri karaa iyadoo la isticmaalayo furayaasha SSH ee caadiga ah ee lagu kaydiyo saxanka ama wakiilka ssh-ka, waxaana lagu xaqiijin karaa iyadoo la isticmaalayo wax la mid ah furayaasha la oggolaaday . Macluumaadka booska magaca waxa lagu dhisay saxeexa dhijitaalka ah si looga fogaado jahawareer marka loo isticmaalo meelo kala duwan (tusaale ahaan, iimaylka iyo faylasha);
- ssh-keygen si caadi ah ayaa loo beddelay si loo isticmaalo rsa-sha2-512 algorithm marka la ansixinayo shahaadooyin saxeexa dhijitaalka ah oo ku salaysan furaha RSA (marka lagu shaqeynayo qaabka CA). Shahaadooyinka noocan oo kale ah kuma habboona sii daynta ka hor inta aan la furin OpenSSH 7.2 (si loo hubiyo iswaafajinta, nooca algoorithm waa in la tirtiraa, tusaale ahaan adoo wacaya "ssh-keygen -t ssh-rsa -s...");
- Gudaha ssh, odhaahda ProxyCommand hadda waxay taageertaa balaadhinta "%n" beddelka (magaca martida loo yahay ee lagu cayimay barta ciwaanka);
- Liisaska sirta algorithms ee ssh iyo sshd, waxaad hadda isticmaali kartaa "^" si aad u geliso algorithms-yada caadiga ah. Tusaale ahaan, si loogu daro ssh-ed25519 liiska caadiga ah, waxaad qeexi kartaa "HostKeyAlgorithms ^ssh-ed25519";
- ssh-keygen wuxuu bixiyaa soo-saarka faallooyinka ku xiran furaha marka furaha guud laga soo saarayo mid gaar ah;
- Waxaa lagu daray awoodda lagu isticmaalo calanka "-v" ee ssh-keygen marka la fulinayo hawlgallada raadinta muhiimka ah (tusaale, "ssh-keygen -vF host"), taasoo caddaynaysa natiijada saxiixa martigeliyaha muuqaalka;
- Lagu daray awoodda isticmaalka oo ah qaab kale oo lagu kaydiyo furayaasha gaarka ah ee diskka. Qaabka PEM wuxuu ku sii socdaa in si caadi ah loo isticmaalo, PKCS8-na waxa laga yaabaa inay faa'iido u leedahay gaaritaanka ku habboonaanta codsiyada qolo saddexaad.
Source: opennet.ru