I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukukhishwa kwe-OpenSSH 9.1

Ukukhishwa kwe-OpenSSH 9.1

Ngemva kwezinyanga eziyisithupha zokuthuthukiswa, ukukhishwa kwe-OpenSSH 9.1 kushicilelwe, ukuqaliswa okuvulekile kweklayenti neseva yokusebenza phezu kwezivumelwano ze-SSH 2.0 ne-SFTP. Ukukhishwa kubonakala njengokuqukethe ikakhulukazi ukulungiswa kweziphazamisi, okuhlanganisa ubungozi obuningana obubangelwa izinkinga zenkumbulo:

  • Ukuchichima kwebhayithi eyodwa kukhodi yokucubungula yesibhengezo se-SSH kusisetshenziswa se-ssh-keyscan.
  • Shayela kabili kumsebenzi wamahhala() uma kwenzeka kuba nephutha lapho kubalwa ama-hashes kumafayela kukhodi yokudala nokuqinisekisa amasiginesha edijithali kunsiza ye-ssh-keygen.
  • Shayela kabili kumsebenzi wamahhala() lapho uphatha amaphutha kunsizakalo ye-ssh-key.

Izinguquko eziyinhloko:

  • Iziqondiso ezidingekayo ze-RSAsize zengezwe ku-ssh ne-sshd, okukuvumela ukuthi unqume ubuncane bosayizi ovumelekile wokhiye be-RSA. Ku-sshd, okhiye abancane bazozitshwa, futhi ku-ssh bazoholela ekunqanyulweni kokuxhumeka.
  • Uhlelo oluphathekayo lwe-OpenSSH luguqulelwe ukuze lusebenzise okhiye be-SSH ukuze basayine ngedijithali ukuzibophezela nomaka ku-Git.
  • Iziqondiso ze-SetEnv kumafayela okumisa okuthi ssh_config kanye ne-sshd_config manje sezisebenzisa inani kusukela ekukhulunyweni kokuqala kokuhluka kwemvelo uma kuchazwe izikhathi ezingaphezu kwesisodwa ekucushweni (ngaphambilini okushiwo okokugcina kwasetshenziswa).
  • Lapho ubiza insiza ye-ssh-keygen ngefulegi elithi β€œ-A” (elikhiqiza zonke izinhlobo zokhiye bokusingatha abasekelwa ngokuzenzakalela), ukukhiqizwa kokhiye be-DSA, abangakaze basetshenziswe ngokuzenzakalelayo iminyaka eminingana, kuvaliwe.
  • sftp-server kanye ne-sftp sebenzisa isandiso "[i-imeyili ivikelwe]", ukunikeza iklayenti ikhono lokucela amagama abasebenzisi namaqembu ahambisana nesethi ethile yezihlonzi zedijithali (i-uid ne-gid). Ku-sftp, lesi sandiso sisetshenziselwa ukubonisa amagama lapho sibonisa okuqukethwe kohla lwemibhalo.
  • I-sftp-server isebenzisa isandiso esithi β€œhome-directory” ukuze sinwebe ~/ and ~user/ paths, enye indlela yesandiso esasihlongozwe ngaphambilini β€œ[i-imeyili ivikelwe]"(isandiso "se-home-directory" sihlongozwa ukuthi simiswe futhi sesivele sisekelwa amanye amaklayenti).
  • I-ssh-keygen ne-sshd zengeza amandla okucacisa isikhathi endaweni yesikhathi ye-UTC lapho kunqunywa isitifiketi nezikhawu zokuqinisekisa eziyinhloko, ngaphezu kwesikhathi sesistimu.
  • I-sftp ivumela izimpikiswano ezengeziwe ukuba zicaciswe ngenketho ethi "-D" (ngokwesibonelo, "/usr/libexec/sftp-server -el debug3").
  • I-ssh-keygen ivumela ukusetshenziswa kwefulegi elithi "-U" (sebenzisa i-ssh-ejenti) kanye nemisebenzi ethi "-Y sign" ukuze unqume ukuthi okhiye abayimfihlo babanjwe yi-ssh-ejenti.

    Source: opennet.ru

Engeza amazwana