ProHoster > Blog > litaba tsa inthanete > Ho lokolloa ha OpenSSH 9.1

Ho lokolloa ha OpenSSH 9.1

Kamora likhoeli tse ts'eletseng tsa nts'etsopele, tokollo ea OpenSSH 9.1 e phatlalalitsoe, ts'ebetsong e bulehileng ea moreki le seva bakeng sa ho sebetsa holim'a liprothokholo tsa SSH 2.0 le SFTP. Tokollo e tšoauoa e na le litokiso tse ngata tsa liphoso, ho kenyelletsa le likotsi tse 'maloa tse ka bakoang ke mathata a mohopolo:

  • Khoutu ea ts'ebetso ea banner e le 'ngoe ka har'a sesebelisoa sa ssh-keyscan.
  • Ho letsetsa habeli ho ts'ebetso ea mahala () ha ho ka ba le phoso ha ho baloa li-hashes bakeng sa lifaele khoutu bakeng sa ho theha le ho netefatsa li-signature tsa dijithale ts'ebelisong ea ssh-keygen.
  • Ho letsetsa habeli ho ts'ebetso ea mahala () ha u sebetsana le liphoso ho sesebelisoa sa ssh-keysign.

Liphetoho tse kholo:

  • Taelo e RequiredRSASize e kentsoe ho ssh le sshd, e u lumellang ho tseba boholo bo lumelletsoeng ba linotlolo tsa RSA. Ho sshd, linotlolo tse nyane li tla hlokomolohuoa, 'me ka ssh li tla etsa hore khokahano e felisoe.
  • Khatiso e nkehang ea OpenSSH e fetotsoe ho sebelisa linotlolo tsa SSH ho saena li-commit le li-tag ho Git.
  • Litaelo tsa SetEnv ho lifaele tsa ssh_config le sshd_config hona joale li sebelisa boleng ho tloha ha ho buuoa ka lekhetlo la pele la phetoho ea tikoloho haeba e hlalosoa ka makhetlo a fetang le le leng ha ho etsoa tlhophiso (pele ho buuoa ka ho qetela ho sebelisitsoe).
  • Ha o bitsa ssh-keygen utility ka "-A" folakha (ho hlahisa mefuta eohle ea linotlolo tsa moeti tse tšehetsoeng ke kamehla), moloko oa linotlolo tsa DSA, tse sa kang tsa sebelisoa ka ho feletseng ka lilemo tse 'maloa, li holofetse.
  • sftp-server le sftp sebelisa katoloso "[imeile e sirelelitsoe]", ho fa moreki bokhoni ba ho kopa mabitso a basebelisi le sehlopha a tsamaellanang le sete e boletsoeng ea li-identifiers tsa dijithale (uid le gid). Ho sftp, katoloso ena e sebelisoa ho bonts'a mabitso ha o bonts'a litaba tsa bukana.
  • sftp-server e sebelisa katoloso ea "home-directory" ho holisa ~/ le ~user/ litsela, mokhoa o mong oa katoloso e reriloeng pele "[imeile e sirelelitsoe]"(katoloso ea "home-directory" e khothalelitsoe bakeng sa maemo 'me e se e tšehetsoa ke bareki ba bang).
  • ssh-keygen le sshd li eketsa bokhoni ba ho hlalosa nako sebakeng sa nako sa UTC ha ho khethoa setifikeiti le linako tsa bohlokoa tsa bohlokoa, ho phaella ho nako ea tsamaiso.
  • sftp e lumella likhang tse eketsehileng hore li hlalosoe ka khetho ea "-D" (mohlala, "/usr/libexec/sftp-server -el debug3").
  • ssh-keygen e lumella ts'ebeliso ea "-U" folakha (sebelisa ssh-agent) hammoho le "-Y sign" ts'ebetso ho fumana hore linotlolo tsa poraefete li tsamaisoa ke ssh-agent.

    Source: opennet.ru

Eketsa ka tlhaloso