ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > FurSSH 8.7

FurSSH 8.7

Ka dib afar bilood oo horumarin ah, siideynta OpenSSH 8.7, oo ah hirgelinta furan ee macmiilka iyo server-ka ee ka shaqeynaya borotokoolka SSH 2.0 iyo SFTP, ayaa la soo bandhigay.

Isbeddellada ugu waaweyn:

  • Habka wareejinta xogta tijaabada ah ayaa lagu daray scp iyadoo la isticmaalayo nidaamka SFTP halkii laga isticmaali lahaa nidaamka caadiga ah ee SCP/RCP. SFTP waxay isticmaashaa habab badan oo magaceed oo la saadaalin karo mana isticmaasho habaynta qolofka qaababka glob ee dhinaca kale ee martida loo yahay, taas oo abuurta dhibaatooyin amni. Si loo awood SFTP ee scp, calanka "-s" ayaa la soo jeediyay, laakiin mustaqbalka waxaa la qorsheeyay in loo beddelo borotokoolkan si caadi ah.
  • sftp-server waxay fulisaa kordhinta borotokoolka SFTP si ay u balaariso ~/iyo ~user/ waddooyinka, taas oo lagama maarmaan u ah scp.
  • Utility scp ayaa bedelay habdhaqanka marka la koobiyaynayo faylasha u dhexeeya laba martigaliyayaasha fog (tusaale, "scp host-a:/path host-b:"), kaas oo hadda lagu sameeyo si caadi ah iyada oo loo marayo martigeliyaha dhexdhexaadka ah, sida marka la tilmaamayo " -3" calanka. Habkani wuxuu kuu ogolaanayaa inaad iska ilaaliso inaad u gudbiso shahaadooyinka aan loo baahnayn martigeliyaha ugu horreeya iyo tarjumaadda saddex-geesoodka ah ee magacyada faylasha ee qolofka (ee isha, meesha loo socdo iyo dhinaca nidaamka deegaanka), iyo markaad isticmaalayso SFTP, waxay kuu ogolaaneysaa inaad isticmaasho dhammaan hababka xaqiijinta markaad geleyso meel fog. martigeliyaha, oo ma aha oo kaliya hababka aan is-dhexgalka ahayn. Xulashada "-R" ayaa lagu daray si loo soo celiyo dhaqankii hore.
  • Lagu darey ForkAfterAuthentication dejinta ssh oo u dhiganta calanka "-f".
  • Lagu darey StdinNull ssh, una dhiganta "-n" calanka.
  • Qaabka SessionType ayaa lagu daray ssh, kaas oo aad ku dejin karto habab u dhigma calanka "-N" (fadhi la'aan) iyo "-s" (subsystem).
  • ssh-keygen wuxuu kuu oggolaanayaa inaad qeexdo muddada ansaxnimada muhiimka ah ee faylasha muhiimka ah.
  • Lagu daray "-Oprint-pubkey" calanka ssh-keygen si loo daabaco furaha guud ee buuxa oo qayb ka ah saxiixa sshsig.
  • Gudaha ssh iyo sshd, macmiilka iyo server-ka labadaba waa loo raray si ay u isticmaalaan faylalka qaabaynta xaddidan ee isticmaala xeerar u eg sida wax looga qabanayo xigashooyinka, meelaha bannaan, iyo jilayaasha baxsadka ah. Falanqeeyaha cusub sidoo kale ma iska indhatiro malo-awaal hore loo sameeyay, sida ka saarida doodaha ikhtiyaaraadka (tusaale, dardaaranka DenyUsers mar dambe lagama tagi karo faaruq), xigashooyin aan la xirin, iyo qeexida dhowr = jilayaal.
  • Markaad isticmaalayso SSHFP diiwannada DNS marka la xaqiijinayo furayaasha, ssh hadda waxay hubisaa dhammaan diiwaanada u dhigma, kaliya maaha kuwa ka kooban nooc gaar ah oo saxeex dhijitaal ah.
  • Gudaha ssh-keygen, marka la soo saarayo furaha FIDO ee leh ikhtiyaarka -Ochallenge, lakabka la dhisay ayaa hadda loo isticmaalaa xashiish, halkii libfido2, taas oo u oggolaanaysa adeegsiga taxanaha tartanka ka weyn ama ka yar 32 bytes.
  • Gudaha sshd, marka deegaanka la farsameynayo = "..." dardaaranka ku jira faylalka furayaasha la oggol yahay, ciyaarta ugu horreysa hadda waa la aqbalay oo waxaa jira xaddid 1024 magacyo doorsoome deegaan ah.

Horumarinta OpenSSH waxay sidoo kale ka digeen burburka algorithms ee isticmaalaya SHA-1 hashes sababtoo ah korodhka waxtarka weerarada isku dhaca ee horgale la bixiyay (kharashka xulashada isku dhaca waxaa lagu qiyaasaa ku dhawaad ​​50 kun oo doolar). Siideynta soo socota, waxaan qorsheyneynaa inaan si caadi ah u baabi'inno awoodda isticmaalka muhiimka ah ee saxiixa dhijitaalka ah algorithm "ssh-rsa", kaas oo lagu sheegay RFC asalka ah ee borotokoolka SSH oo weli si ballaaran loo isticmaalo ficil ahaan.

Si aad u tijaabiso isticmaalka ssh-rsa ee nidaamyadaaga, waxaad isku dayi kartaa inaad ku xidhid ssh ikhtiyaarka "-oHostKeyAlgorithms=-ssh-rsa". Isla mar ahaantaana, curyaaminta saxeexyada dhijitaalka ah ee "ssh-rsa" si caadi ah macnaheedu maaha in gebi ahaanba laga tagay isticmaalka furayaasha RSA, tan iyo marka lagu daro SHA-1, nidaamka SSH wuxuu ogolaanayaa isticmaalka algorithms xisaabinta xashiishka kale. Gaar ahaan, marka lagu daro "ssh-rsa", waxay ahaan doontaa suurtogalnimada isticmaalka "rsa-sha2-256" (RSA/SHA256) iyo "rsa-sha2-512" (RSA/SHA512).

Si loo fududeeyo u-guurka algorithms-yada cusub, OpenSSH waxay hore u lahayd dejinta UpdateHostKeys oo si toos ah u shaqaynaysa, taas oo u oggolaanaysa macaamiisha inay si toos ah ugu beddelaan algorithms la isku halleyn karo. Isticmaalka goobtan, borotokool gaar ah ayaa la furayaa "[emailka waa la ilaaliyay]", u oggolaanaya server-ka, xaqiijinta ka dib, inuu u sheego macmiilka dhammaan furayaasha martida loo heli karo. Macmiilku wuxuu ka turjumi karaa furayaashan faylka ~/ .ssh/known_hosts, kaas oo u oggolaanaya furayaasha martida loo yahay in la cusboonaysiiyo oo fududeeya in la beddelo furayaasha server-ka.

Isticmaalka UpdateHostKeys waxaa xadiday dhowr digniinood oo laga yaabo in mustaqbalka laga saaro: furaha waa in lagu tixraacaa UserKnownHostsFile oo aan loo isticmaalin GlobalKnownHostsFile; furuhu waa inuu ku jiraa hal magac oo keliya; shahaadada furaha martigeliyaha waa in aan la isticmaalin; maaskaro-masgarasyada caanka ah ee magaca martida loo yahay waa in aan la isticmaalin; goobta VerifyHostKeyDNS waa in la naafo; Halbeegga UserKnownHostsFile waa inuu ahaadaa mid firfircoon.

Algorithms-yada lagu taliyay ee socdaalka waxaa ka mid ah rsa-sha2-256/512 oo ku salaysan RFC8332 RSA SHA-2 (la taageeray ilaa OpenSSH 7.2 oo si caadi ah loo isticmaalo), ssh-ed25519 (taageeray tan iyo OpenSSH 6.5) iyo ecdsa-sha2-nistp256/384/521 ku salaysan on RFC5656 ECDSA (taageeray ilaa OpenSSH 5.7).

Source: opennet.ru

Add a comment