Ngemva kwezinyanga eziyisithupha zentuthuko ukukhululwa , ukuqaliswa okuvulekile kweklayenti kanye neseva yokusebenza phezu kwezivumelwano ze-SSH 2.0 ne-SFTP.
Ukunakwa okukhethekile ekukhishweni okusha kufanele kuqedwe ubungozi obuthinta i-ssh, i-sshd, i-ssh-add ne-ssh-keygen. Inkinga ikhona kukhodi yokuhlaziya yokhiye oyimfihlo we-XMSS futhi ivumela umhlaseli ukuthi acuphe ukuchichima okuphelele. Ukuba sengozini kumakwe njengokusebenzisekayo, kodwa okusetshenziswa kancane, njengoba ukusekelwa kokhiye be-XMSS kuyisici sokuhlola esenziwa ngokuzenzakalela (enguqulweni ephathekayo, i-autoconf ayinikezi ngisho nenketho yokwakha ukuze inike amandla i-XMSS).
Izinguquko eziyinhloko:
- Ku-ssh, sshd kanye ne-ssh-ejenti ikhodi evimbela ukutholwa kokhiye oyimfihlo otholakala ku-RAM njengomphumela wokuhlaselwa ngamashaneli ezinkampani zangaphandle, njenge , ΠΈ . Okhiye abayimfihlo manje sebebetheliwe uma belayishwa kumemori futhi basuswa ukubethela kuphela lapho besetshenziswa, bahlala bebethelwe sonke isikhathi. Ngale ndlela, ukuze ubuyisele ngempumelelo ukhiye oyimfihlo, umhlaseli udinga kuqala abuyisele ukhiye ophakathi okhiqizwe ngokungahleliwe ongu-16 KB ngosayizi osetshenziswe ukubethela ukhiye oyinhloko, okungenzeka kunikezwe imvamisa yamaphutha okubuyisela atholakala ekuhlaselweni kwamanje;
- Π wengeze usekelo lokuhlola lwesikimu esenziwe lula sokudala nokuqinisekisa amasiginesha edijithali. Amasiginesha edijithali angadalwa kusetshenziswa okhiye be-SSH abavamile abagcinwe kudiski noma ku-ejenti ye-ssh futhi aqinisekiswe kusetshenziswa into efanayo nokhiye_abagunyaziwe. . Ulwazi lwe-Namespace lushumekwe kusiginesha yedijithali ukuze kugwenywe ukudideka lapho kusetshenziswa ezindaweni ezihlukene (isibonelo, kuma-imeyili namafayela);
- I-ssh-keygen ishintshwe ngokuzenzakalelayo ukuze isebenzise i-algorithm ye-rsa-sha2-512 lapho isayina izitifiketi ngokwedijithali ngokusekelwe kukhiye we-RSA (uma usebenza kumodi ye-CA). Izitifiketi ezinjalo azihambisani nokukhishwa ngaphambi kwe-OpenSSH 7.2 (ukuqinisekisa ukuhambisana, uhlobo lwe-algorithm kufanele lubhalwe ngaphezulu, isibonelo ngokubiza "ssh-keygen -t ssh-rsa -s ...");
- Ngo-ssh, isisho se-ProxyCommand sisekela ukunwetshwa esikhundleni esithi "%n" (igama lomethuleli elicaciswe kubha yekheli);
- Kuhlu lwama-algorithms wokubethela we-ssh ne-sshd, manje ungasebenzisa uhlamvu oluthi "^" ukuze ufake ama-algorithms azenzakalelayo. Isibonelo, ukuze ungeze i-ssh-ed25519 kuhlu oluzenzakalelayo, ungacacisa "HostKeyAlgorithms ^ssh-ed25519";
- I-ssh-keygen inikeza okukhiphayo kwamazwana anamathiselwe kukhiye lapho ukhipha ukhiye womphakathi koyimfihlo;
- U-ssh-keygen wengeze amandla okusebenzisa ifulegi elithi "-v" lapho wenza imisebenzi yokubheka ukhiye (isibonelo, "ssh-keygen -vF host"), ecacisa okuholela ekuphumeni kwesiginesha yomsingathi echazayo;
- Kwengezwe ikhono lokusebenzisa njengenye ifomethi yokugcina okhiye abayimfihlo kudiski. Okuzenzakalelayo kuyaqhubeka nokuba ifomethi ye-PEM, futhi i-PKCS8 ingase ibe usizo ukuzuza ukusebenzisana nezinhlelo zokusebenza zezinkampani zangaphandle.
Source: opennet.ru