ProHoster > Ibhulogi > Ulawulo > Iiprothokholi zeSFTP kunye neFTPS

Iiprothokholi zeSFTP kunye neFTPS

I ngcaciso

Kwiveki nje ephelileyo bendibhala isincoko ngesihloko esiboniswe kwisihloko kwaye bendijongene nenyaniso yokuba, masithi, akukho lwazi lungako lwemfundo kwi-Intanethi. Ubukhulu becala iinyani ezomileyo kunye nemiyalelo yokuseta. Ngoko ke, ndigqibe ekubeni ndilungise isicatshulwa kwaye ndisithumele njengenqaku.

Yintoni FTP

I-FTP (iProtocol yokuGqithisela iFayile) yiprothokholi yokudlulisa iifayile kuthungelwano. Yenye yeeprothokholi ezisisiseko ze-Ethernet. Uvele ngo-1971 kwaye waqala wasebenza kuthungelwano lwe-DARPA. Okwangoku, njenge-HTTP, ukuhanjiswa kwefayile kusekelwe kumzekelo oquka iseti ye-TCP/IP (iProtocol yoLawulo loThutho/iProtokholi ye-Intanethi). Ichazwe kwi-RFC 959.

Iprothokholi ichaza oku kulandelayo:

  • Ukuhlolwa kwempazamo kuya kwenziwa njani?
  • Indlela yokupakishwa kwedatha (ukuba ukupakishwa kuyasetyenziswa)
  • Isixhobo sokuthumela sibonisa njani ukuba siwugqibile umyalezo?
  • Isixhobo esifumanayo sibonisa njani ukuba sifumene umyalezo?

Unxibelelwano phakathi komxhasi kunye nomncedisi

Makhe sijonge ngakumbi kwiinkqubo ezenzeka ngexesha lokusebenza kweFTP. Umdibaniso uqalwa yitoliki yeprotocol yomsebenzisi. Utshintshiselwano lulawulwa ngejelo lolawulo kumgangatho we-TELNET. Imiyalelo yeFTP iveliswa yitoliki yeprotocol yomsebenzisi kwaye ithunyelwe kumncedisi. Iimpendulo zeseva nazo zithunyelwa kumsebenzisi ngejelo lolawulo. Ngokubanzi, umsebenzisi unakho ukuseka unxibelelwano kunye netoliki yeprotocol yomncedisi kwaye ngezinye iindlela ngaphandle kwetoliki yomsebenzisi.

Eyona nto iphambili ye-FTP kukuba isebenzisa imidibaniso emibini. Enye yazo isetyenziselwa ukuthumela imiyalelo kumncedisi kwaye yenzeka ngokungagqibekanga nge-TCP port 21, enokutshintshwa. Uqhagamshelwano lolawulo lukhona nje ukuba umxhasi enxibelelana nomncedisi. Ijelo lokulawula kufuneka livule xa udlulisela idatha phakathi koomatshini. Ukuba ivaliwe, ukuhanjiswa kwedatha kuyeka. Ngesibini, ukudluliselwa kwedatha ngokuthe ngqo kwenzeka. Ivula ngalo lonke ixesha ukuhanjiswa kwefayile kwenzeka phakathi komxhasi kunye nomncedisi. Ukuba iifayile ezininzi zithunyelwa ngaxeshanye, nganye kuzo ivula ijelo layo lothumelo.

I-FTP inokusebenza kwimo esebenzayo okanye yokwenziwa, ukhetho olumisela indlela uxhulumaniso olusekwe ngayo. Kwimowudi esebenzayo, umxhasi udala uxhulumaniso lolawulo lwe-TCP kunye nomncedisi kwaye athumele idilesi ye-IP kunye nenombolo ye-port yomxhasi engavumelekanga kumncedisi, kwaye ulinde umncedisi ukuba aqalise uxhulumaniso lwe-TCP nale dilesi kunye nenombolo ye-port. Kwimeko apho umxhasi usemva kwe-firewall kwaye akakwazi ukwamkela uqhagamshelo lwe-TCP olungenayo, imowudi yokwenziwa ingasetyenziswa. Kule ndlela, umxhasi usebenzisa ulawulo lokuhamba ukuthumela umyalelo we-PASV kumncedisi, kwaye emva koko ufumana kwi-server idilesi yayo ye-IP kunye nenombolo ye-port, apho umxhasi usebenzisa ukuvula ukuhamba kwedatha kwi-port yayo engafanelekanga.

Kuyenzeka ukuba idatha idluliselwe kumatshini wesithathu. Kule meko, umsebenzisi uququzelela umzila wokulawula kunye neeseva ezimbini kwaye uququzelele ishaneli yedatha ngokuthe ngqo phakathi kwabo. Imiyalelo yokulawula idlula kumsebenzisi, kwaye idatha iya ngqo phakathi kweeseva.

Xa uhambisa idatha kwinethiwekhi, ukuboniswa kwedatha ezine kunokusetyenziswa:

  • I-ASCII – isetyenziselwa isicatshulwa. Idatha, ukuba kukho imfuneko, iguqulelwe kumelo loonobumba kumququzeleli othumelayo ukuya ku-"eight-bit ASCII" phambi kokudluliselwa, kwaye (kwakhona, ukuba kuyimfuneko) kumelo lomlinganiswa kumamkeli owamkelayo. Ngokukodwa, abalinganiswa bomgca omtsha bayatshintshwa. Ngenxa yoko, le ndlela ayifanelekanga kwiifayile eziqulathe ngaphezulu kokubhaliweyo okungenanto nje.
  • Imo ye-Binary - isixhobo sokuthumela sithumela ifayile nganye nge-byte, kwaye umamkeli ugcina umlambo wee-byte xa efunyenwe. Inkxaso yale modi iye yacetyiswa kulo lonke ukuphunyezwa kweFTP.
  • I-EBCDIC - isetyenziselwa ukudlulisa umbhalo ocacileyo phakathi kweenginginya kwi-encoding ye-EBCDIC. Kungenjalo, le mowudi iyafana nemo ye ASCII.
  • Imo yengingqi - ivumela iikhompyuter ezimbini ezinesetingi ezifanayo ukuba zithumele idatha kwifomathi yazo ngaphandle kokuguqula kwi-ASCII.

Ugqithiso lwedatha lunokwenziwa ngayo nayiphi na indlela ezintathu:

  • Imodi yokusakaza - idatha ithunyelwa njengomlambo oqhubekayo, ikhulula i-FTP ekwenzeni nayiphi na inkqubo. Endaweni yoko, yonke inkqubo yenziwa yi-TCP. Isalathisi sokuphela kwefayile ayidingeki ngaphandle kokwahlula idatha kwiirekhodi.
  • Imowudi yebhlokhi - i-FTP iphula idatha kwiibhloko ezininzi (ibhloko yentloko, inani leebhayithi, indawo yedatha) kwaye emva koko idlulisele kwi-TCP.
  • Imodi yoxinzelelo - idatha ixinzelelwe ngokusebenzisa i-algorithm eyodwa (ngokuqhelekileyo ngo-encoding run lengths).

Umncedisi we FTP ngumncedisi obonelela ngokukwazi ukusebenzisa iProtocol yokuGqithisela iFayile. Ineempawu ezithile eziyahlulayo kwiiseva zewebhu eziqhelekileyo:

  • Uqinisekiso lomsebenzisi luyafuneka
  • Yonke imisebenzi yenziwa ngaphakathi kwiseshoni yangoku
  • Ukukwazi ukwenza izenzo ezahlukeneyo ngenkqubo yefayile
  • Itshaneli eyahlukileyo isetyenziselwa uqhagamshelwano ngalunye

Umxhasi weFTP yinkqubo ekuvumela ukuba uqhagamshele kwiseva ekude ngeFTP kwaye wenze iintshukumo eziyimfuneko kuyo ngezinto zenkqubo yefayile. Umxhasi unokuba ngumkhangeli zincwadi, kwibar yedilesi onokuthi ufake idilesi, eyindlela eya kulawulo oluthile okanye ifayile kumncedisi okude, ngokuhambelana nomzobo webhloko we-URL ngokubanzi:

ftp://user:pass@address:port/directory/file

Nangona kunjalo, ukusebenzisa isikhangeli sewebhu kulo mxholo kuya kukuvumela ukuba ujonge okanye ukhuphele iifayile zomdla. Ukuze usebenzise ngokupheleleyo zonke izibonelelo ze-FTP, kufuneka usebenzise isoftware ekhethekileyo njengomthengi.

Uqinisekiso lwe-FTP lusebenzisa igama lomsebenzisi/inkqubo yegama lokugqithisa ukunika ufikelelo. Igama lomsebenzisi lithunyelwa kumncedisi ngomyalelo we-USER, kwaye igama lokugqitha lithunyelwa kunye nomyalelo wePASS. Ukuba ulwazi olunikezwa ngumxhasi luyamkelwa ngumncedisi, ngoko umncedisi uya kuthumela isimemo kumxhasi kwaye iseshoni iqala. Abasebenzisi, ukuba umncedisi uyalixhasa eli nqaku, ungene ngaphandle kokubonelela ngeenkcukacha, kodwa umncedisi unokunika kuphela ufikelelo olulinganiselweyo kwiiseshini ezinjalo.

Umamkeli obonelela ngenkonzo ye-FTP unokubonelela ngokungena kwiFTP ngokungaziwa. Abasebenzisi ngokuqhelekileyo bangena ngo "ongaziwayo" (inokuba novakalelo kwezinye iiseva zeFTP) njengegama labo lomsebenzisi. Nangona abasebenzisi bedla ngokucelwa ukuba banikeze idilesi ye-imeyile endaweni yegama lokugqitha, akukho siqinisekiso senziweyo. Iinginginya ezininzi ze-FTP ezibonelela ngohlaziyo lwesoftware zixhasa ukufikelela ngokungaziwa.

Umzobo weProtocol

Unxibelelwano lomxhasi-umncedisi ngexesha loqhagamshelo lweFTP lunokubonwa ngolu hlobo lulandelayo:

Iiprothokholi zeSFTP kunye neFTPS

Khusela i-FTP

I-FTP yayingajoliswanga ukuba ikhuseleke ekuqaleni, njengoko yayijoliswe kunxibelelwano phakathi kofakelo lwemikhosi emininzi kunye nee-arhente. Kodwa ngophuhliso kunye nokusasazeka kwe-Intanethi, ingozi yokufikelela okungagunyaziswanga iye yanda amaxesha amaninzi. Kwakukho imfuneko yokukhusela abancedisi kwiintlobo ezahlukeneyo zohlaselo. NgoMeyi ka-1999, ababhali be-RFC 2577 bashwankathela ubuthathaka kolu luhlu lulandelayo lwemiba:

  • Uhlaselo olufihlakeleyo (uhlaselo lwe-bounce)
  • Ukuhlaselwa ngobuqhophololo
  • Brute force uhlaselo
  • Ukuthathwa kwepakethi, ukuphunga
  • Ukubiwa kwezibuko

I-FTP eqhelekileyo ayinakho ukukwazi ukudlulisa idatha kwifom efihliweyo, ngenxa yoko amagama abasebenzisi, amagama ayimfihlo, imiyalelo kunye nolunye ulwazi lunokufunyanwa lula kwaye lula ngabahlaseli. Isisombululo esiqhelekileyo kule ngxaki kukusebenzisa "secure", TLS-protected versions of the risk protocol (FTPS) okanye enye, iprotocol ekhuseleke ngakumbi, efana neSFTP/SCP, ebonelelwe ngokuphunyezwa kweprotocol yeSecure Shell.

FTPS

I-FTPS (i-FTP + SSL) lulwandiso lweprothokholi yogqithiselo lwefayile olusemgangathweni olongeza kumsebenzi wayo osisiseko uyilo lweseshoni ezifihliweyo kusetyenziswa iSSL (Secure Sockets Layer) protocol. Namhlanje, ukhuseleko lubonelelwa nge-TLS yayo ephezulu ye-analogue (uKhuseleko lweNqanaba lezoThutho).

SSL

Iprotocol ye-SSL yaphakanyiswa yi-Netscape Communications ngo-1996 ukuqinisekisa ukhuseleko kunye nobumfihlo boqhagamshelwano lwe-Intanethi. Iprothokholi ixhasa uqinisekiso lomxumi kunye neseva, sisicelo esizimeleyo, kwaye siselubala kwi-HTTP, FTP, kunye neeprothokholi zeTelnet.

Iprotocol ye-SSL Handshake inezigaba ezibini: uqinisekiso lomncedisi kunye noqinisekiso olukhethiweyo lomxhasi. Kwinqanaba lokuqala, umncedisi uphendula kwisicelo somthengi ngokuthumela isatifikethi sakhe kunye neeparitha zokubethela. Umxhasi ngoko uvelisa isitshixo esiyintloko, asifihle ngesitshixo sikawonke-wonke somncedisi, kwaye alithumele kumncedisi. Umncedisi ususa uguqulelo oluntsonkothileyo ngeqhosha labucala kwaye liziqinisekise ngokwalo kumxhasi ngokubuyisela umyalezo ongqiniswe liqhosha eliyintloko lomxhasi.

Idatha elandelayo iguqulelwe ngokuntsonkothileyo kwaye ingqinisiswe ngamaqhosha athathwe kweli qhosha eliyinkosi. Kwinqanaba lesibini, elikhethiweyo, umncedisi uthumela isicelo kumthengi, kwaye umxhasi uyaziqinisekisa kumncedisi ngokubuyisela isicelo kunye nesignesha yedijithali kunye nesatifikethi sesitshixo sikawonkewonke.

I-SSL ixhasa iindidi ngeendidi ze-cryptographic algorithms. Ngexesha lokusekwa konxibelelwano, i-cryptosystem ye-crypto yoluntu yase-RSA isetyenziswa. Emva kotshintshiselwano oluphambili, kusetyenziswa ii-ciphers ezininzi ezahlukeneyo: i-RC2, i-RC4, i-IDEA, i-DES kunye ne-TripleDES. I-MD5 ikwasetyenziswa - i-algorithm yokwenza umyalezo wokwetyisa. Isivakalisi sezatifikethi zesitshixo sikawonke-wonke sichazwe kwi-X.509.

Enye yeenzuzo ezibalulekileyo ze-SSL kukuzimela kwayo ngokupheleleyo kwe-software-platform. Iprotocol iphuhliswa kwimigaqo yokuthwala, kwaye ingcamango yokwakhiwa kwayo ayixhomekeke kwizicelo ezisetyenziswa kuyo. Ukongeza, kukwabalulekile ukuba ezinye iiprothokholi zibekwe elubala phezu kweprotocol ye-SSL; mhlawumbi ukunyusa ngakumbi iqondo lokhuseleko lokuhamba kolwazi ekujoliswe kulo, okanye ukulungelelanisa izakhono ze-cryptographic ze-SSL zomnye omnye, umsebenzi ochazwe kakuhle.

Uqhagamshelo lwe-SSL

Iiprothokholi zeSFTP kunye neFTPS

Isitishi esikhuselekileyo esibonelelwe yi-SSL sineempawu ezintathu eziphambili:

  • Ijelo libucala. Uguqulelo oluntsonkothileyo lusetyenziswa kuyo yonke imiyalezo emva kwencoko yababini elula esebenza ukumisela iqhosha eliyimfihlo.
  • Ijelo liqinisekisiwe. Icala lomncedisi wencoko lihlala linyanisekile, ngelixa icala lomxhasi liqinisekisiwe ngokukhetha.
  • Ijelo lithembekile. Uthutho lomyalezo lubandakanya ukujonga ingqibelelo (usebenzisa i-MAC).

Iimpawu zeFTPS

Kukho umiliselo olubini lweFTPS, kusetyenziswa iindlela ezahlukeneyo zokubonelela ngokhuseleko:

  • Indlela ecacileyo ibandakanya ukusebenzisa i-protocol ye-SSL eqhelekileyo ukuseka iseshoni ngaphambi kokuthumela idatha, leyo, iphinda iphule ukuhambelana nabaxhasi be-FTP abaqhelekileyo kunye namaseva. Ukuhambelana ngasemva kunye nabaxhasi abangayixhasi i-FTPS, i-TCP port 990 isetyenziselwa uxhulumaniso lolawulo kwaye i-989 isetyenziselwa ukudluliselwa kwedatha. Oku kugcina i-port ye-21 ye-protocol ye-FTP. Le ndlela ithathwa njengento ephelelwe lixesha.
  • Okucacileyo kuluncedo kakhulu, kuba isebenzisa imiyalelo eqhelekileyo yeFTP, kodwa ifihla idatha xa uphendula, ekuvumela ukuba usebenzise uxhulumaniso lolawulo olufanayo kuzo zombini i-FTP kunye ne-FTPS. Umxhasi kufuneka acele ngokucacileyo ugqithiso lwedatha olukhuselekileyo kwiseva, kwaye emva koko avume indlela yoguqulelo oluntsonkothileyo. Ukuba umxhasi akaluceli ugqithiselo olukhuselekileyo, umncedisi we FTPS unelungelo lokugcina okanye lokuvala umdibaniso ongakhuselekanga. Indlela yokuqinisekisa kunye nokhuseleko lwedatha yongezwa phantsi kwe-RFC 2228 equka umyalelo omtsha we-FTP AUTH. Nangona lo mgangatho ungachazi ngokucacileyo iindlela zokhuseleko, ichaza ukuba uxhulumaniso olukhuselekileyo kufuneka luqaliswe ngumxhasi usebenzisa i-algorithm echazwe ngasentla. Ukuba uxhulumaniso olukhuselekileyo aluxhaswanga ngumncedisi, ikhowudi yempazamo ye-504 kufuneka ibuyiswe. Abaxhasi be-FTPS banokufumana ulwazi malunga neeprothokholi zokhuseleko ezixhaswa ngumncedisi usebenzisa umyalelo we-FEAT, nangona kunjalo, umncedisi akafuneki ukuba achaze ukuba ngawaphi amanqanaba okhuseleko. ixhasa. Ezona miyalelo zixhaphakileyo ze-FTPS yi-AUTH TLS kunye ne-AUTH SSL, ebonelela nge-TLS kunye nokhuseleko lwe-SSL, ngokulandelelanayo.

SFTP

I-SFTP (iProtokholi eKhuselekileyo yokuGqithiselwa kweFayile) yinkqubo yokudlulisa iifayile esebenza ngaphezulu kwetshaneli ekhuselekileyo. Ayinakubhidaniswa ne (iProtokholi yokuGqithisela iFayile eLula), enezishunqulelo ezifanayo. Ukuba i-FTPS lulwandiso nje lwe-FTP, ngoko ke i-SFTP yinkqubo eyahlukileyo nenganxulumananga esebenzisa i-SSH (iShell eKhuselekileyo) njengesiseko sayo.

Shell ekhuselekileyo

Inkqubo yaphuhliswa lelinye lamaqela e-IETF ebizwa ngokuba yiSecsh. Amaxwebhu asebenzayo eprothokholi entsha ye-SFTP ayizange ibe ngumgangatho osemthethweni, kodwa yaqala ukusetyenziswa ngokusebenzayo kuphuhliso lwesicelo. Emva koko, iinguqulelo ezintandathu zeprotocol zakhululwa. Nangona kunjalo, ukwanda kancinci komsebenzi kuyo kwakhokelela ekubeni ngo-Agasti 14, 2006, kwagqitywa ukuba kumiswe ukusebenza kuphuhliso lweprotocol ngenxa yokugqitywa komsebenzi oyintloko weprojekthi (uphuhliso lwe-SSH) kunye nokungabikho. yenqanaba elaneleyo lobuchwephesha ukuqhubela phambili kuphuhliso lwenkqubo yefayile ekude egcweleyo egcweleyo .

I-SSH yiprotocol yenethiwekhi evumela ulawulo olukude lwenkqubo yokusebenza kunye ne-tunneling ye-TCP uxhumano (umzekelo, ukuhanjiswa kwefayile). Ngokufana nokusebenza kwiTelnet kunye neeprothokholi ze-rlogin, kodwa, ngokungafaniyo nazo, ifihla zonke iitrafikhi, kubandakanywa amagama agqithisiweyo agqithisiweyo. I-SSH ivumela ukhetho lweealgorithms zoguqulelo oluntsonkothileyo. Abathengi be-SSH kunye neeseva ze-SSH ziyafumaneka kwiinkqubo ezininzi zokusebenza zenethiwekhi.

I-SSH ikuvumela ukuba udlulise ngokukhuselekileyo phantse nayiphi na enye iprotocol yenethiwekhi kwindawo engakhuselekanga. Ke, awunosebenza kuphela ukude kwikhompyuter yakho usebenzisa iqokobhe lomyalelo, kodwa nokuhambisa umsinga womsindo okanye ividiyo (umzekelo, kwikhamera yewebhu) ngaphezulu kwetshaneli efihliweyo. I-SSH inokusebenzisa ucinezelo lwedatha egqithisiweyo yoguqulelo oluntsonkothileyo olulandelayo, olulungeleyo, umzekelo, ukundulula ukude i-X WindowSystem abathengi.

Inguqulelo yokuqala yeprotocol, i-SSH-1, yaphuhliswa kwi-1995 ngumphandi uTatu UlΓΆnen waseHelsinki University of Technology (Finland). I-SSH-1 yabhalelwa ukunika ubumfihlo obukhulu kune-rlogin, i-telnet, kunye ne-rsh protocol. Kwi-1996, inguqu ekhuselekileyo yeprotocol, i-SSH-2, yaphuhliswa, engahambelani ne-SSH-1. Iprothokholi yafumana ukuthandwa ngakumbi, kwaye ngo-2000 yayinabasebenzisi abamalunga nezigidi ezibini. Okwangoku, igama elithi "SSH" lidla ngokuthetha i-SSH-2, kuba Inguqulelo yokuqala yeprotocol ngoku ayisetyenziswanga ngenxa yeentsilelo ezibalulekileyo. Ngo-2006, iprotocol yamkelwa liqela elisebenzayo le-IETF njengomgangatho we-Intanethi.

Kukho ukuphunyezwa okubili okuqhelekileyo kwe-SSH: urhwebo lwabucala kunye nomthombo ovulekileyo wasimahla. Ukuphunyezwa simahla kubizwa ngokuba yi-OpenSSH. Ngo-2006, i-80% yeekhompyuter ezikwi-Intanethi zasebenzisa i-OpenSSH. Uzalisekiso lobunikazi luphuhliswa nguKhuseleko loNxibelelwano lwe-SSH, i-subsidiary epheleleyo ye-Tectia Corporation, kwaye isimahla ukuba ingasetyenziselwa urhwebo. Olu phumezo luqulathe phantse isethi yemiyalelo efanayo.

Iprotocol ye-SSH-2, ngokungafaniyo neprotocol ye-telnet, iyaxhathisa ukuhlaselwa kwe-traffic eavesdropping ("ukuphunga"), kodwa ayixhathisi ukuhlaselwa komntu phakathi. Iprotocol ye-SSH-2 nayo iyaxhathisa kuhlaselo lokuxhwilwa kweseshoni, kuba akunakwenzeka ukujoyina okanye ukuqweqwedisa iseshoni esele isekiwe.

Ukuthintela ukuhlaselwa kwendoda-ephakathi xa udibanisa nomninimzi oyisitshixo esingaziwa kumxhasi, isofthiwe yeklayenti ibonisa umsebenzisi "iminwe engundoqo". Kucetyiswa ukuba ujonge ngononophelo "i-snapshot engundoqo" eboniswe yi-software yomxhasi kunye ne-snapshot yesitshixo se-server, ekhethiweyo efunyenwe ngeendlela zonxibelelwano ezithembekileyo okanye kumntu.

Inkxaso ye-SSH iyafumaneka kuzo zonke iinkqubo ezifana ne-UNIX, kwaye uninzi lunomthengi we-ssh kunye neseva njengezinto ezisetyenziswayo eziqhelekileyo. Kukho ukuphunyezwa okuninzi kwabathengi be-SSH kwii-OS ezingezizo eze-UNIX. Iprotocol yafumana ukuthandwa okukhulu emva kophuhliso olubanzi lwabahlalutyi bezithuthi kunye neendlela zokuphazamisa ukusebenza kothungelwano lwendawo, njengenye isisombululo kwi-protocol yeTelnet engakhuselekanga yokulawula iindawo ezibalulekileyo.

Unxibelelwano usebenzisa i-SSH

Ukuze usebenze nge-SSH, udinga iseva ye-SSH kunye nomxhasi we-SSH. Umncedisi umamela uqhagamshelo olusuka koomatshini bomthengi kwaye, xa uqhagamshelo lusekiwe, lwenze uqinisekiso, emva koko luqalisa ukusevisa umxhasi. Umxhasi usetyenziselwa ukungena kumatshini okude kwaye enze imiyalelo.

Iiprothokholi zeSFTP kunye neFTPS

Ukuthelekisa kunye neFTPS

Eyona nto iphambili eyahlula i-SFTP kwi-FTP eqhelekileyo kunye ne-FTPS kukuba i-SFTP ifihla yonke imiyalelo, amagama omsebenzisi, amagama ayimfihlo kunye nolunye ulwazi oluyimfihlo.

Zombini iiprotocol ze-FTPS kunye ne-SFTP zisebenzisa indibaniselwano ye-algorithms ye-asymmetric (RSA, DSA), i-symmetric algorithms (DES / 3DES, AES, Twhofish, njl.), kunye ne-algorithm yokutshintshiselana okubalulekileyo. Ukuqinisekisa, i-FTPS (okanye ukuchaneka ngakumbi, i-SSL/TLS ngaphezulu kwe-FTP) isebenzisa izatifikethi ze-X.509, ngelixa i-SFTP (i-SSH protocol) isebenzisa izitshixo ze-SSH.

Izatifikethi ze-X.509 ziquka isitshixo sikawonke-wonke kunye nolunye ulwazi malunga nesatifikethi somnini. Olu lwazi luvumela, kwelinye icala, ukuqinisekisa ukuthembeka kwesatifikethi ngokwaso, ukunyaniseka kunye nomnini wesatifikethi. Izatifikethi ze-X.509 zineqhosha labucala elihambelanayo, elidla ngokugcinwa ngokwahlukileyo kwisatifikethi ngezizathu zokhuseleko.

Iqhosha le-SSH liqulethe kuphela isitshixo sikawonke-wonke (iqhosha labucala elihambelanayo ligcinwa ngokwahlukeneyo). Ayiqulathanga naluphi na ulwazi malunga nomnini wesitshixo. Olunye ufezekiso lwe-SSH lusebenzisa izatifikethi ze-X.509 zoqinisekiso, kodwa aluqinisekisi lonke ikhonkco lesatifikethi-kuphela isitshixo sikawonke-wonke esisetyenziswayo (esenza uqinisekiso olunjalo lungagqibekanga).

isiphelo

Iprotocol ye-FTP ngokungathandabuzekiyo isadlala indima ebalulekileyo ekugcinweni nasekuhanjisweni kolwazi kwinethiwekhi nangona ubudala bayo obuhloniphekileyo. Yiprothokholi efanelekileyo, esebenzayo kunye nesemgangathweni. Uninzi lweefayile zefayile zakhiwe kwisiseko sayo, ngaphandle kokuba umsebenzi wobugcisa ubungayi kusebenza. Ukongeza, kulula ukuseta, kwaye iinkqubo zeseva kunye nabaxumi zikhona phantse kuzo zonke iiplatifti zangoku kwaye azinjalo ngoku.

Ngapha koko, iinguqulelo zayo ezikhuselweyo zisombulula ingxaki yokugcinwa kwemfihlo kwedatha egciniweyo kunye nethunyelwa kwihlabathi lanamhlanje. Zombini iiprothokholi ezintsha zineenzuzo kunye nezibi kwaye zisebenza indima eyahlukileyo. Kuloo mimandla apho ugcino lwefayile lufuneka, kuyakhethwa ukusebenzisa i-FTPS, ngakumbi ukuba i-FTP yakudala sele isetyenziswe apho ngaphambili. I-SFTP ayiqhelekanga ngenxa yokungahambelani kwayo neprotocol endala, kodwa ikhuselekile ngakumbi kwaye inomsebenzi ongaphezulu, kuba iyinxalenye yenkqubo yokulawula kude.

Uluhlu lwemithombo

umthombo: www.habr.com

Yongeza izimvo