Emva kweenyanga ezintandathu zophuhliso ukukhulula , umxhasi ovulekileyo kunye nokuphunyezwa kweseva yokusebenza nge-SSH 2.0 kunye ne-SFTP protocol.
Ingqwalasela ekhethekileyo ekukhutshweni okutsha kukupheliswa kobuthathaka obuchaphazela i-ssh, sshd, ssh-add kunye ne-ssh-keygen. Ingxaki ikhona kwikhowudi yokwahlulahlula izitshixo zabucala ngohlobo lwe-XMSS kwaye ivumela umhlaseli ukuba aqalise ukuphuphumala okupheleleyo. Ukuba sesichengeni kuphawulwe njengokusebenzisekayo, kodwa kusetyenziso oluncinci, kuba inkxaso yezitshixo ze-XMSS luphawu lokulinga olukhutshaziweyo ngokungagqibekanga (uguqulelo oluphathwayo alunalo nokhetho lokwakha kwi-autoconf ukwenza i-XMSS isebenze).
Utshintsho oluphambili:
- Kwi-ssh, sshd kunye ne-ssh-arhente ikhowudi ethintela ukubuyiswa kwesitshixo sabucala esibekwe kwi-RAM njengesiphumo sohlaselo lwejelo elisecaleni, njenge , ΠΈ . Izitshixo zabucala ngoku ziguqulelwe ngokuntsonkothileyo xa zilayishwe kwinkumbulo kwaye zikhutshiwe kuphela xa zisetyenziswa, zihleli zifihliwe lonke ixesha. Ngale ndlela, ukubuyisela ngempumelelo isitshixo sabucala, umhlaseli kufuneka aqale abuyise isitshixo esiphakathi esiveliswe ngokungacwangciswanga se-16 KB ngobukhulu, esisetyenziselwa ukubethela isitshixo esiphambili, esingenakufane sinikwe ireyithi yempazamo yokubuyisela eqhelekileyo kuhlaselo lwale mihla;
- Π Inkxaso yovavanyo eyongeziweyo yesikim esenziwe lula sokwenza kunye nokuqinisekisa utyikityo lwedijithali. Utyikityo lwedijithali lunokwenziwa kusetyenziswa izitshixo ze-SSH eziqhelekileyo ezigcinwe kwidiski okanye kwi-arhente ye-ssh, kwaye zingqinwe kusetyenziswa into efanayo nezitshixo ezigunyazisiweyo. . Ulwazi lwendawo yegama lwakhiwe kumsayino wedijithali ukuphepha ukudideka xa kusetyenziswa kwiindawo ezahlukeneyo (umzekelo, kwi-imeyile kunye neefayile);
- I-ssh-keygen iye yatshintshwa ngokungagqibekanga ukusebenzisa i-algorithm ye-rsa-sha2-512 xa iqinisekisa izatifikethi ngesignesha yedijithali esekelwe kwisitshixo se-RSA (xa usebenza kwimodi ye-CA). Izatifikethi ezinjalo azihambelani nokukhutshwa ngaphambi kwe-OpenSSH 7.2 (ukuqinisekisa ukuhambelana, uhlobo lwe-algorithm kufuneka lubhalwe ngaphezulu, umzekelo ngokubiza "ssh-keygen -t ssh-rsa -s ...");
- Kwi-ssh, intetho ye-ProxyCommand ngoku ixhasa ukwandiswa kwe-"%n" endaweni (igama lenginginya elichazwe kwibar yedilesi);
- Kuluhlu lwe-algorithms yoguqulelo oluntsonkothileyo lwe-ssh kunye ne-sshd, ungasebenzisa ngoku "^" uphawu ukufaka i-algorithms engagqibekanga. Umzekelo, ukongeza i-ssh-ed25519 kuluhlu olungagqibekanga, ungacacisa "HostKeyAlgorithms ^ssh-ed25519";
- I-ssh-keygen ibonelela ngemveliso yezimvo ezincanyathiselwe kwisitshixo xa ukhupha isitshixo sikawonke-wonke kwesabucala;
- Ukongezwa amandla okusebenzisa iflegi "-v" kwi-ssh-keygen xa usenza imisebenzi yokujonga isitshixo (umzekelo, "ssh-keygen -vF host"), ichaza ukuba yintoni ephumela kwisignesha yomninimzi obonakalayo;
- Yongeza amandla okusebenzisa njengenye ifomathi yokugcina izitshixo zabucala kwidiski. I-PEM ifomathi iyaqhubeka isetyenziswa ngokungagqibekanga, kwaye i-PKCS8 inokuba luncedo ekufezekiseni ukuhambelana nezicelo zomntu wesithathu.
umthombo: opennet.ru