Ka mor'a likhoeli tse tharo tsa tsoelo-pele lokolla , sebatli se bulehileng le ts'ebetsong ea seva bakeng sa ho sebetsa ka liprothokholo tsa SSH 2.0 le SFTP.
Phatlalatso e ncha e eketsa tšireletso khahlanong le litlhaselo tsa scp tse lumellang seva ho fetisa mabitso a mang a lifaele ho feta a kōptjoang (ho fapana le , tlhaselo ha e etse hore ho khonehe ho fetola directory e khethiloeng ke mosebedisi kapa mask a glob). Hopola hore ho SCP, seva se etsa qeto ea hore na ke lifaele le li-directory life tse lokelang ho romelloa ho mofani, 'me mofani o hlahloba feela ho nepahala ha mabitso a ntho e khutlisitsoeng. Moko oa bothata bo boletsoeng ke hore haeba mohala oa sistimi ea utimes o hloleha, litaba tsa faele li hlalosoa e le metadata ea faele.
Karolo ena, ha o hokela ho seva e laoloang ke mohlaseli, e ka sebelisoa ho boloka mabitso a mang a lifaele le litaba tse ling ho FS ea mosebelisi ha o kopitsa o sebelisa scp ho litlhophiso tse lebisang ho hloleheng ha nako ea ho letsetsa (mohlala, ha tšebeliso e thibetsoe ke leano la SELinux kapa filthara ea mohala oa sistimi). Monyetla oa litlhaselo tsa 'nete o hakanngoa hore o fokola, kaha litlhophisong tse tloaelehileng mohala oa utimes ha o hlolehe. Ho phaella moo, tlhaselo ha e hlokomeloe - ha o letsetsa scp, phoso ea ho fetisa data e bontšoa.
Liphetoho tse akaretsang:
- Ho sftp, ts'ebetso ea khang ea "-1" e emisitsoe, e tšoanang le ssh le scp, e neng e amoheloa pele empa e hlokomolohuoa;
- Ho sshd, ha u sebelisa IgnoreRhosts, hona joale ho na le likhetho tse tharo: "e" - hlokomoloha li-rhosts / shosts, "che" - hlompha li-rhosts / shosts, le "shosts-feela" - lumella ".shosts" empa u hane ".rhosts";
- Hona joale Ssh e ts'ehetsa % TOKEN sebakeng sa litlhophiso tsa LocalFoward le RemoteForward tse sebelisetsoang ho tsamaisa li-sockets tsa Unix hape;
- Lumella ho kenya linotlolo tsa sechaba ho tsoa faeleng e sa ngolisoang ka senotlolo sa lekunutu haeba ho se na faele e arohaneng e nang le senotlolo sa sechaba;
- Haeba libcrypto e fumaneha tsamaisong, ssh le sshd hona joale li sebelisa ts'ebetsong ea algorithm ea chacha20 ho tloha laebraring ena, ho e-na le ts'ebetsong e nkiloeng e hahiloeng, e sallang morao mosebetsing;
- E sebelisitse bokhoni ba ho lahla likahare tsa lenane la binary la mangolo a hlakotsoeng ha a phethahatsa taelo ea "ssh-keygen -lQf /path";
- Mofuta o nkehang habobebe o sebelisa litlhaloso tsa litsamaiso tseo ho tsona mats'oao a SA_RESTART a sitisang ts'ebetso ea khetho;
- Ho aha mathata ho litsamaiso tsa HP/UX le AIX li rarollotsoe;
- Mathata a tsitsitseng ka ho haha seccomp sandbox ho litlhophiso tse ling tsa Linux;
- E ntlafalitse ho fumana laebrari ea libfido2 le ho rarolla mathata a moaho ka khetho ea "------security-key-builtin".
Bahlahisi ba OpenSSH le bona ba ile ba boela ba lemosa ka ho senyeha ho tlang ha li-algorithms ho sebelisa SHA-1 hashes ka lebaka la katleho ea litlhaselo tsa ho thulana ka sehlomathiso se fanoeng (litšenyehelo tsa ho khetha ho thulana li hakanyetsoa ho lidolara tse likete tse 45). Ho e 'ngoe ea litokollo tse tlang, ba rera ho thibela ka ho sa feleng bokhoni ba ho sebelisa senotlolo sa sechaba sa signature algorithm "ssh-rsa", e boletsoeng ho RFC ea mantlha bakeng sa protocol ea SSH mme e ntse e atile ts'ebetsong (ho leka ts'ebeliso. ea ssh-rsa lits'ebetsong tsa hau, u ka leka ho hokahanya ka ssh ka khetho "-oHostKeyAlgorithms=-ssh-rsa").
Ho theola phetoho ho li-algorithms tse ncha ho OpenSSH, nakong e tlang tokollo ea UpdateHostKeys e tla nolofalloa ka ho sa feleng, e tla fallisetsa bareki ho li-algorithms tse tšepahalang haholoanyane. Mekhoa e khothaletsoang ea ho falla e kenyelletsa rsa-sha2-256/512 e thehiloeng ho RFC8332 RSA SHA-2 (e tšehelitsoe ho tloha OpenSSH 7.2 'me e sebelisoa ka mokhoa oa kamehla), ssh-ed25519 (e tšehelitsoe ho tloha OpenSSH 6.5) le ecdsa-sha2-nistp256/384 ho RFC521 ECDSA (e tšehelitsoe ho tloha OpenSSH 5656).
Ho tloha tokollong ea ho qetela, "ssh-rsa" le "diffie-hellman-group14-sha1" li tlositsoe lethathamong la CASignatureAlgorithms le hlalosang li-algorithms tse lumelletsoeng ho saena litifikeiti tse ncha, kaha ho sebelisa SHA-1 ho setifikeiti ho baka kotsi e eketsehileng. ka lebaka leo mohlaseli o na le nako e sa lekanyetsoang ea ho batla ho thulana ha setifikeiti se seng se ntse se le teng, ha nako ea tlhaselo ea linotlolo tsa moamoheli e fokotsoa ke nako ea khokahano (LoginGraceTime).
Source: opennet.ru