Isibikezelo

Esontweni eledlule nje bengibhala indaba ngesihloko esikhonjiswe esihlokweni futhi ngibhekene neqiniso lokuthi, ake sithi, alukho ulwazi olungako lwemfundo kwi-Intanethi. Ikakhulukazi amaqiniso awomile kanye nemiyalelo yokusetha. Ngakho-ke, nginqume ukulungisa kancane umbhalo futhi ngiwuthumele njengesihloko.

Yini i-FTP

I-FTP (i-File Transfer Protocol) iyiphrothokholi yokudlulisa amafayela ngenethiwekhi. Ingenye yezimiso eziyisisekelo ze-Ethernet. Uvele ngo-1971 futhi waqala wasebenza kumanethiwekhi e-DARPA. Okwamanje, njenge-HTTP, ukudluliswa kwefayela kusekelwe kumodeli ehlanganisa isethi yezivumelwano ze-TCP/IP (Transmission Control Protocol/Internet Protocol). Ichazwe ku-RFC 959.

Iphrothokholi ichaza okulandelayo:

• Ukuhlolwa kwephutha kuzokwenziwa kanjani?
• Indlela yokupakisha idatha (uma ukupakishwa kusetshenziswa)
• Ingabe idivayisi yokuthumela ibonisa kanjani ukuthi isiwuqedile umlayezo?
• Ingabe idivayisi eyamukelayo ikhombisa kanjani ukuthi ithole umlayezo?

Ukuxhumana phakathi kweklayenti neseva

Ake sihlolisise izinqubo ezenzeka ngesikhathi sokusebenza kwe-FTP. Uxhumano luqalwa umtoliki wephrothokholi yomsebenzisi. Ukushintshaniswa kulawulwa ngesiteshi esilawulayo esisezingeni le-TELNET. Imiyalo ye-FTP ikhiqizwa umhumushi wephrothokholi yomsebenzisi futhi ithunyelwa kuseva. Izimpendulo zeseva nazo zithunyelwa kumsebenzisi ngeshaneli yokulawula. Ngokuvamile, umsebenzisi unamandla okuthola ukuthintana notolika wephrothokholi yeseva futhi ngezinye izindlela ngaphandle komhumushi womsebenzisi.

Isici esiyinhloko se-FTP ukuthi isebenzisa ukuxhumana okukabili. Enye yazo isetshenziselwa ukuthumela imiyalo kuseva futhi yenzeka ngokuzenzakalelayo nge-TCP port 21, engashintshwa. Uxhumano lokulawula lukhona inqobo nje uma iklayenti lixhumana neseva. Ishaneli yokulawula kufanele ivuleke lapho udlulisela idatha phakathi kwemishini. Uma ivaliwe, ukudluliswa kwedatha kuyama. Ngesibili, ukudluliswa kwedatha okuqondile kwenzeka. Ivula njalo uma ukudlulisa ifayela kwenzeka phakathi kweklayenti neseva. Uma amafayela amaningana edluliswa kanyekanye, ngalinye livula ishaneli yalo yokudlulisela.

I-FTP ingasebenza kumodi esebenzayo noma ye-passive, ukukhetha kwayo okunquma ukuthi uxhumano lusungulwa kanjani. Kumodi esebenzayo, iklayenti lidala ukuxhumana kokulawula kwe-TCP neseva bese lithumela ikheli layo le-IP kanye nenombolo yembobo yeklayenti engahleliwe kuseva, bese ilinda iseva ukuthi iqale uxhumano lwe-TCP ngaleli kheli nenombolo yembobo. Esimeni lapho iklayenti lingemuva kwe-firewall futhi lingakwazi ukwamukela uxhumano lwe-TCP olungenayo, imodi yokwenziwa ingasetshenziswa. Kule modi, iklayenti lisebenzisa ukugeleza kokulawula ukuthumela umyalo we-PASV kuseva, bese lithola kusuka kuseva ikheli layo le-IP kanye nenombolo yembobo, iklayenti bese liyisebenzisa ukuze livule ukugeleza kwedatha kusuka embobeni yalo engafanele.

Kungenzeka ukuthi idatha ingase idluliselwe emshinini wesithathu. Kulesi simo, umsebenzisi uhlela isiteshi sokulawula esinamaseva amabili futhi ahlele isiteshi sedatha esiqondile phakathi kwabo. Imiyalo yokulawula idlula kumsebenzisi, futhi idatha ihamba ngokuqondile phakathi kwamaseva.

Lapho uthumela idatha ngenethiwekhi, izethulo zedatha ezine zingasetshenziswa:

• I-ASCII – isetshenziselwa umbhalo. Idatha, uma kudingekile, iguqulwa isuke ekumeleleni uhlamvu kumsingathi othumelayo ibe "i-ASCII yamabhithi ayisishiyagalombili" ngaphambi kokudluliselwa, futhi (futhi, uma kunesidingo) ibe isethulo somlingisi kumsingathi owamukelayo. Ikakhulukazi, izinhlamvu zomugqa omusha ziyashintshwa. Ngenxa yalokho, le modi ayiwafanele amafayela aqukethe okungaphezu nje kombhalo ongenalutho.
• Imodi kanambambili - idivayisi yokuthumela ithumela ifayela ngalinye byte byte, futhi umamukeli ugcina ukusakaza kwamabhayithi lapho ethola. Usekelo lwale modi lunconyiwe kukho konke ukusetshenziswa kwe-FTP.
• I-EBCDIC - isetshenziselwa ukudlulisa umbhalo ongenalutho phakathi kwabasingathi ekufakweni kwekhodi kwe-EBCDIC. Uma kungenjalo, le modi ifana nemodi ye-ASCII.
• Imodi yendawo - ivumela amakhompyutha amabili anezilungiselelo ezifanayo ukuthi athumele idatha ngefomethi yawo ngaphandle kokuguqulela ku-ASCII.

Ukudluliswa kwedatha kungenziwa nganoma yiziphi izindlela ezintathu:

• Imodi yokusakaza - idatha ithunyelwa njengokusakaza okuqhubekayo, ikhulula i-FTP ekwenzeni noma yikuphi ukucubungula. Kunalokho, konke ukucubungula kwenziwa yi-TCP. Inkomba yokuphela kwefayela ayidingeki ngaphandle kokuhlukanisa idatha ibe amarekhodi.
• Imodi yokuvimba - I-FTP iphula idatha ibe amabhulokhi ambalwa (i-header block, inombolo yamabhayithi, indawo yedatha) bese iwadlulisela ku-TCP.
• Imodi yokucindezela - idatha icindezelwa kusetshenziswa i-algorithm eyodwa (imvamisa ngokufaka ikhodi yobude bokugijima).

Iseva ye-FTP iyiseva enikeza amandla okusebenzisa Iphrothokholi Yokudlulisa Ifayela. Inezici ezithile eziyehlukanisa namaseva ewebhu avamile:

• Kudingeka ukuqinisekiswa komsebenzisi
• Yonke imisebenzi yenziwa ngaphakathi kweseshini yamanje
• Ikhono lokwenza izenzo ezihlukahlukene ngohlelo lwefayela
• Kusetshenziswa isiteshi esihlukile ekuxhumekeni ngakunye

Iklayenti le-FTP wuhlelo olukuvumela ukuthi uxhume kuseva ekude nge-FTP futhi wenze izenzo ezidingekayo kuyo ngezinto zesistimu yefayela. Iklayenti kungenzeka libe isiphequluli, kubha yekheli okufanele ufake ikheli layo, okuyindlela eya kuhla lwemibhalo oluthile noma ifayela kuseva ekude, ngokuhambisana nomdwebo webhulokhi ye-URL evamile:

ftp://user:pass@address:port/directory/file

Nokho, ukusebenzisa isiphequluli sewebhu kulo mongo kuzokuvumela kuphela ukuthi ubuke noma ulande amafayela owathandayo. Ukuze usebenzise ngokugcwele zonke izinzuzo ze-FTP, kufanele usebenzise isofthiwe ekhethekile njengeklayenti.

Ukuqinisekisa kwe-FTP kusebenzisa igama lomsebenzisi/uhlelo lwephasiwedi ukunikeza ukufinyelela. Igama lomsebenzisi lithunyelwa kuseva ngomyalo we-USER, futhi iphasiwedi ithunyelwa nomyalo we-PASS. Uma ulwazi oluhlinzekwe yiklayenti lwamukelwa iseva, iseva izothumela isimemo kuklayenti futhi iseshini iqale. Abasebenzisi, uma iseva isekela lesi sici, bangakwazi ukungena ngaphandle kokuhlinzeka ngemininingwane, kodwa iseva inganikeza ukufinyelela okulinganiselwe kumaseshini anjalo.

Umsingathi ohlinzeka ngesevisi ye-FTP anganikeza ukufinyelela kwe-FTP ngokungaziwa. Abasebenzisi ngokuvamile bangena ngokuthi "abangaziwa" (kungase kube bucayi kwamanye amaseva e-FTP) njengegama labo lomsebenzisi. Nakuba abasebenzisi ngokuvamile becelwa ukuthi banikeze ikheli labo le-imeyili esikhundleni sephasiwedi, akukho ukuqinisekiswa okwenziwayo. Abasingathi abaningi be-FTP abahlinzeka ngezibuyekezo zesofthiwe basekela ukufinyelela ngokungaziwa.

Umdwebo wephrothokholi

Ukusebenzisana kweklayenti neseva ngesikhathi soxhumano lwe-FTP kungabonwa ngale ndlela elandelayo:

Vikela i-FTP

I-FTP yayingahloselwe ukuthi ivikeleke ekuqaleni, njengoba yayihloselwe ukuxhumana phakathi kokufakwa okuningi kwezempi nama-ejensi. Kodwa ngokuthuthuka nokusabalala kwe-inthanethi, ingozi yokufinyelela okungagunyaziwe iye yanda izikhathi eziningi. Bekunesidingo sokuvikela amaseva ezinhlotsheni ezahlukahlukene zokuhlaselwa. NgoMeyi 1999, ababhali be-RFC 2577 bafingqa ubungozi ohlwini olulandelayo lwezinkinga:

• Ukuhlasela okufihliwe (ukuhlaselwa kwe-bounce)
• Ukuhlasela kwe-Spoof
• Brute force attack
• Ukuthwebula iphakethe, ukuhogela
• Ukwebiwa kwetheku

I-FTP evamile ayinalo ikhono lokudlulisa idatha ngefomu elibethelwe, ngenxa yalokho amagama abasebenzisi, amaphasiwedi, imiyalo nolunye ulwazi olungabanjwa kalula futhi kalula ngabahlaseli. Isixazululo esivamile sale nkinga ukusebenzisa izinguqulo "ezivikelekile", ezivikelwe yi-TLS zephrothokholi esengozini (FTPS) noma enye, iphrothokholi evikeleke kakhulu, njenge-SFTP/SCP, ehlinzekwa ngokusetshenziswa okuningi kwephrothokholi ye-Secure Shell.

I-FTPS

I-FTPS (FTP + SSL) iyisandiso sephrothokholi yokudlulisa ifayela ejwayelekile enezela ekusebenzeni kwayo okuyisisekelo ukudalwa kwamaseshini abethelwe kusetshenziswa iphrothokholi ye-SSL (Secure Sockets Layer). Namuhla, isivikelo sinikezwa yi-TLS yayo ethuthuke kakhulu ye-analogue (Transport Layer Security).

I-SSL

Iphrothokholi ye-SSL yahlongozwa yi-Netscape Communications ngo-1996 ukuze kuqinisekiswe ukuvikeleka nobumfihlo boxhumo lwe-inthanethi. Iphrothokholi isekela ukuqinisekiswa kweklayenti neseva, izimele ngohlelo lokusebenza, futhi isobala ku-HTTP, i-FTP, ne-Telnet protocol.

Iphrothokholi ye-SSL Handshake iqukethe izigaba ezimbili: ukuqinisekiswa kweseva kanye nokuqinisekiswa kweklayenti ongakukhetha. Esigabeni sokuqala, iseva iphendula esicelweni seklayenti ngokuthumela isitifiketi sayo kanye nemingcele yokubethela. Iklayenti libe selikhiqiza ukhiye oyinhloko, liwubethele ngokhiye osesidlangalaleni weseva, bese liwuthumela kuseva. Iseva isusa ukubethela kokhiye oyinhloko ngokhiye wayo oyimfihlo futhi iziqinisekise kuklayenti ngokubuyisela umlayezo ogunyazwe ukhiye oyinhloko weklayenti.

Idatha elandelayo ibethelwe futhi yaqinisekiswa ngokhiye abathathwe kulo khiye oyinhloko. Esinyathelweni sesibili, esiwukuzikhethela, iseva ithumela isicelo kuklayenti, futhi iklayenti liziqinisekisa lona kuseva ngokubuyisela isicelo ngesignesha yalo yedijithali nesitifiketi sikakhiye womphakathi.

I-SSL isekela ama-cryptographic algorithms ahlukahlukene. Ngesikhathi sokusungulwa kokuxhumana, kusetshenziswa i-RSA public key cryptosystem. Ngemva kokushintshanisa ukhiye, kusetshenziswa ama-cipher amaningi ahlukene: RC2, RC4, IDEA, DES kanye ne-TripleDES. I-MD5 nayo iyasetshenziswa - i-algorithm yokwenza inhlabamkhosi yomlayezo. I-syntax yezitifiketi zokhiye womphakathi ichazwa ku-X.509.

Enye yezinzuzo ezibalulekile ze-SSL ukuzimela kwayo kwe-software-platform. Iphrothokholi ithuthukiswa ngezimiso zokuphatheka, futhi umbono wokwakhiwa kwayo awuncikile ekusetshenzisweni lapho isetshenziswa khona. Ukwengeza, kubalulekile futhi ukuthi ezinye izivumelwano zingambozwa ngokusobala phezu kwephrothokholi ye-SSL; noma ukuthuthukisa izinga lokuvikela lokugeleza kolwazi oluqondiwe, noma ukulungisa amakhono e-cryptographic we-SSL komunye umsebenzi othile, ochazwe kahle.

Ukuxhumeka kwe-SSL

Isiteshi esivikelekile esinikezwe i-SSL sinezakhiwo ezintathu ezibalulekile:

• Isiteshi siyimfihlo. Ukubethela kusetshenziswa kuyo yonke imilayezo ngemva kwengxoxo elula esebenza ukucacisa ukhiye oyimfihlo.
• Isiteshi sigunyaziwe. Uhlangothi lweseva lwengxoxo luhlala luqinisekisiwe, kuyilapho uhlangothi lweklayenti lugunyazwa ngokuzithandela.
• Isiteshi sithembekile. Ukuthuthwa komlayezo kufaka phakathi ukuhlola ubuqotho (usebenzisa i-MAC).

Izici ze-FTPS

Kukhona ukusetshenziswa okubili kwe-FTPS, kusetshenziswa izindlela ezihlukene zokuhlinzeka ngokuvikeleka:

• Indlela engacacile ihlanganisa ukusebenzisa iphrothokholi evamile ye-SSL ukuze kusungulwe iseshini ngaphambi kokuthumela idatha, yona, ephula ukuhambisana namaklayenti avamile we-FTP namaseva. Ekusebenzisaneni emuva namaklayenti angayisekeli i-FTPS, imbobo ye-TCP 990 isetshenziselwa uxhumo lokulawula futhi 989 isetshenziselwa ukudluliswa kwedatha. Lokhu kugcina imbobo evamile engu-21 yephrothokholi ye-FTP. Le ndlela ibhekwa njengengasebenzi.
• Ukucacisa kulula kakhulu, njengoba kusebenzisa imiyalo ye-FTP evamile, kodwa ibhala ngemfihlo idatha lapho iphendula, okukuvumela ukuthi usebenzise uxhumano olufanayo lokulawula kokubili i-FTP ne-FTPS. Iklayenti kufanele licele ngokucacile ukudluliswa kwedatha okuvikelekile kusuka kuseva, bese ligunyaza indlela yokubethela. Uma iklayenti lingakuceli ukudluliswa okuphephile, iseva ye-FTPS inelungelo lokunakekela noma lokuvala uxhumano olungavikelekile. Indlela yezingxoxo yokuqinisekisa kanye nokuphepha kwedatha yengezwe ngaphansi kwe-RFC 2228 ehlanganisa umyalo omusha we-FTP AUTH. Nakuba leli zinga lingazichazi ngokusobala izindlela zokuphepha, licacisa ukuthi uxhumano oluvikelekile kufanele luqaliswe iklayenti lisebenzisa i-algorithm echazwe ngenhla. Uma ukuxhumeka okuvikelekile kungasekelwe yiseva, ikhodi yephutha engu-504 kufanele ibuyiswe. Amaklayenti e-FTPS angathola ulwazi mayelana nezivumelwano zokuphepha ezisekelwa iseva kusetshenziswa umyalo we-FEAT, nokho, iseva ayidingeki ukuthi idalule ukuthi yimaphi amazinga okuphepha eseva. isekela. Imiyalo evame kakhulu ye-FTPS i-AUTH TLS ne-AUTH SSL, ehlinzeka ngokuvikeleka kwe-TLS ne-SSL, ngokulandelanayo.

SFTP

I-SFTP (Secure File Transfer Protocol) iyiphrothokholi yokudlulisa ifayela yesendlalelo sohlelo lokusebenza esebenza phezu kwesiteshi esivikelekile. Akufanele kudidaniswe ne-(Simple File Transfer Protocol), enesifinyezo esifanayo. Uma i-FTPS imane iyisandiso se-FTP, kusho ukuthi i-SFTP iyiphrothokholi ehlukile nengahlobene esebenzisa i-SSH (Secure Shell) njengesisekelo sayo.

I-Shell evikelekile

Iphrothokholi yasungulwa elinye lamaqembu e-IETF elibizwa nge-Secsh. Imibhalo yokusebenza yephrothokholi entsha ye-SFTP ayizange ibe yindinganiso esemthethweni, kodwa yaqala ukusetshenziswa ngokuqhubekayo ekuthuthukisweni kwesicelo. Kamuva, kwakhululwa izinguqulo eziyisithupha zephrothokholi. Kodwa-ke, ukwanda kancane kancane kokusebenza kuwo kwaholela ekutheni ngo-Agasti 14, 2006, kwanqunywa ukuthi kumiswe ukusebenza ekuthuthukisweni kwephrothokholi ngenxa yokuphothulwa komsebenzi oyinhloko wephrojekthi (ukuthuthukiswa kwe-SSH) kanye nokuntuleka. yezinga elanele lochwepheshe lokuqhubekela phambili ekwakhiweni kwephrothokholi yesistimu yefayela elikude eligcwele .

I-SSH iyiphrothokholi yenethiwekhi evumela ukulawula okukude kwesistimu yokusebenza kanye nokushunela koxhumo lwe-TCP (isibonelo, ukudlulisa ifayela). Ngokufanayo ekusebenzeni kwe-Telnet kanye ne-rlogin protocol, kodwa, ngokungafani nazo, ibhala ngemfihlo yonke i-traffic, kuhlanganise namaphasiwedi adlulisiwe. I-SSH ivumela ukukhetha kwama-algorithms wokubethela ahlukahlukene. Amaklayenti e-SSH namaseva e-SSH ayatholakala kumasistimu amaningi wokusebenza wenethiwekhi.

I-SSH ikuvumela ukuthi udlulise ngokuphephile cishe noma iyiphi enye iphrothokholi yenethiwekhi endaweni engavikelekile. Ngakho-ke, awukwazi kuphela ukusebenza ukude kukhompyutha yakho ngokusebenzisa igobolondo lomyalo, kodwa futhi udlulise ukusakazwa komsindo noma ividiyo (isibonelo, kusuka kukhamera yewebhu) ngesiteshi esibethelwe. I-SSH ingase futhi isebenzise ukuminyaniswa kwedatha edlulisiwe ekubetheleni okulandelayo, okulula, isibonelo, ukuqalisa ukude amaklayenti e-X WindowSystem.

Inguqulo yokuqala ye-protocol, i-SSH-1, yasungulwa ngo-1995 ngumcwaningi u-Tatu Ulönen wase-Helsinki University of Technology (Finland). I-SSH-1 yabhalelwa ukuhlinzeka ngobumfihlo obukhulu kune-rlogin, telnet, ne-rsh protocol. Ngo-1996, inguqulo evikelekile kakhudlwana yephrothokholi, i-SSH-2, yathuthukiswa, engahambelani ne-SSH-1. Iphrothokholi yazuza ukuduma okwengeziwe, futhi ngo-2000 yayisinabasebenzisi abacishe babe yizigidi ezimbili. Njengamanje, igama elithi "SSH" ngokuvamile lisho i-SSH-2, ngoba Inguqulo yokuqala yephrothokholi manje ayisasetshenziswa ngenxa yokushiyeka okukhulu. Ngo-2006, umthetho olandelwayo wagunyazwa yiqembu elisebenzayo le-IETF njengezinga le-inthanethi.

Kunokusetshenziswa okubili okujwayelekile kwe-SSH: umthombo oyimfihlo wezohwebo kanye nomthombo ovulekile wamahhala. Ukuqaliswa kwamahhala kubizwa nge-OpenSSH. Ngo-2006, u-80% wamakhompyutha ku-inthanethi asebenzisa i-OpenSSH. Ukuqaliswa kokuphathelene kuthuthukiswa i-SSH Communications Security, inkampani ephethwe ngokuphelele ye-Tectia Corporation, futhi kumahhala ukusetshenziselwa okungezona ezohwebo. Lokhu kuqaliswa kuqukethe cishe isethi efanayo yemiyalo.

Iphrothokholi ye-SSH-2, ngokungafani nephrothokholi ye-telnet, imelana nokuhlaselwa kwe-traffic eavesdropping (“ukuhogela”), kodwa ayimelani nokuhlasela komuntu ophakathi nendawo. Iphrothokholi ye-SSH-2 nayo imelana nokuhlaselwa kweseshini yokudunwa, njengoba kungenakwenzeka ukujoyina noma ukuduna iseshini esesivele isunguliwe.

Ukuze uvimbele ukuhlasela komuntu ophakathi nendawo lapho uxhumeka kumsingathi okhiye wakhe ungaziwa kuklayenti, isofthiwe yeklayenti ibonisa umsebenzisi "izigxivizo zeminwe zokhiye". Kunconywa ukuthi uhlole ngokucophelela "isifinyezo sokhiye" esiboniswe isofthiwe yeklayenti ngesifinyezo sokhiye weseva, okungcono kakhulu esitholwe ngamashaneli okuxhumana athembekile noma mathupha.

Ukusekelwa kwe-SSH kuyatholakala kuwo wonke amasistimu afana ne-UNIX, futhi iningi lineklayenti le-ssh neseva njengezinsiza ezijwayelekile. Kukhona ukusetshenziswa okuningi kwamaklayenti e-SSH kuma-OS angewona awe-UNIX. Iphrothokholi yathola ukuthandwa okukhulu ngemuva kokuthuthukiswa okubanzi kwabahlaziyi bethrafikhi nezindlela zokuphazamisa ukusebenza kwamanethiwekhi endawo, njengesixazululo esihlukile ku-protocol ye-Telnet engavikelekile yokuphatha ama-node abalulekile.

Ukuxhumana usebenzisa i-SSH

Ukuze usebenze nge-SSH, udinga iseva ye-SSH kanye neklayenti le-SSH. Iseva ilalela uxhumo oluvela emishinini yeklayenti futhi, lapho uxhumano selusunguliwe, yenza ubuqiniso, ngemva kwalokho iqale ukusevisa iklayenti. Iklayenti lisetshenziselwa ukungena emshinini oqhelile futhi likhiphe imiyalo.

Ukuqhathanisa ne-FTPS

Into esemqoka ehlukanisa i-SFTP ku-FTP ejwayelekile ne-FTPS ukuthi i-SFTP ibhala ngemfihlo yonke imiyalo, amagama omsebenzisi, amagama ayimfihlo nolunye ulwazi oluyimfihlo.

Zombili izivumelwano ze-FTPS ne-SFTP zisebenzisa inhlanganisela yama-algorithms asymmetric (RSA, DSA), ama-algorithms we-symmetric (DES/3DES, AES, Twhofish, njll.), kanye ne-algorithm yokushintshanisa ukhiye. Ukuze kuqinisekiswe, i-FTPS (noma ukuze inembe kakhudlwana, i-SSL/TLS phezu kwe-FTP) isebenzisa izitifiketi ze-X.509, kuyilapho i-SFTP (iphrothokholi ye-SSH) isebenzisa okhiye be-SSH.

Izitifiketi ze-X.509 zifaka phakathi ukhiye osesidlangalaleni kanye nolunye ulwazi mayelana nesitifiketi somnikazi. Lolu lwazi luvumela, ngakolunye uhlangothi, ukuqinisekisa ubuqotho besitifiketi ngokwaso, ubuqiniso kanye nomnikazi wesitifiketi. Izitifiketi ze-X.509 zinokhiye oyimfihlo ohambisanayo, ovamise ukugcinwa ngokuhlukene nesitifiketi ngezizathu zokuphepha.

Ukhiye we-SSH uqukethe kuphela ukhiye osesidlangalaleni (ukhiye oyimfihlo ohambisanayo ugcinwa ngokuhlukene). Ayiqukethe noma yiluphi ulwazi mayelana nomnikazi wokhiye. Okunye ukusetshenziswa kwe-SSH kusebenzisa izitifiketi ze-X.509 ukuze kuqinisekiswe, kodwa empeleni akuqinisekisi lonke uchungechunge lwesitifiketi—kusetshenziswa ukhiye osesidlangalaleni kuphela (okwenza ukuqinisekiswa okunjalo kungapheleli).

isiphetho

Iphrothokholi ye-FTP ngokungangabazeki isadlala indima ebalulekile ekugcineni nasekusabalaliseni ulwazi kunethiwekhi naphezu kweminyaka yayo ehloniphekile. Kuyiphrothokholi elula, esebenzayo futhi esezingeni. Izingobo zomlando eziningi zamafayela zakhiwe ngesisekelo sazo, ngaphandle kwalapho umsebenzi wezobuchwepheshe ubungeke uphumelele kangako. Ngaphezu kwalokho, kulula ukusetha, futhi izinhlelo zeseva neklayenti zikhona cishe kuwo wonke amapulatifomu amanje hhayi amanje.

Ngokulandelayo, izinguqulo zayo ezivikelwe zixazulula inkinga yokugcinwa kuyimfihlo kwedatha egciniwe nedluliswayo emhlabeni wanamuhla. Womabili amaphrothokholi amasha anobuhle nobubi bawo futhi asebenza izindima ezihluke kancane. Kulezo zindawo lapho ingobo yomlando idingeka khona, kungcono ukusebenzisa i-FTPS, ikakhulukazi uma i-FTP yakudala isivele yasetshenziswa lapho ngaphambilini. I-SFTP ayijwayelekile kakhulu ngenxa yokungahambisani nephrothokholi endala, kodwa ivikeleke kakhulu futhi inomsebenzi owengeziwe, njengoba iyingxenye yohlelo lokuphatha olukude.

Uhlu lwemithombo

• Abstract “FTP protocol. Ulwazi olujwayelekile kanye nezici"
• Abstract "SSH, CMIP, Telnet protocols"
• Bika "SSL/TLS"

Source: www.habr.com