Ngemva kwezinyanga eziyisithupha zokuthuthukiswa, ukukhishwa kwe-OpenSSH 9.1 kushicilelwe, ukuqaliswa okuvulekile kweklayenti neseva yokusebenza phezu kwezivumelwano ze-SSH 2.0 ne-SFTP. Ukukhishwa kubonakala njengokuqukethe ikakhulukazi ukulungiswa kweziphazamisi, okuhlanganisa ubungozi obuningana obubangelwa izinkinga zenkumbulo:
- Ukuchichima kwebhayithi eyodwa kukhodi yokucubungula yesibhengezo se-SSH kusisetshenziswa se-ssh-keyscan.
- Shayela kabili kumsebenzi wamahhala() uma kwenzeka kuba nephutha lapho kubalwa ama-hashes kumafayela kukhodi yokudala nokuqinisekisa amasiginesha edijithali kunsiza ye-ssh-keygen.
- Shayela kabili kumsebenzi wamahhala() lapho uphatha amaphutha kunsizakalo ye-ssh-key.
Izinguquko eziyinhloko:
- Iziqondiso ezidingekayo ze-RSAsize zengezwe ku-ssh ne-sshd, okukuvumela ukuthi unqume ubuncane bosayizi ovumelekile wokhiye be-RSA. Ku-sshd, okhiye abancane bazozitshwa, futhi ku-ssh bazoholela ekunqanyulweni kokuxhumeka.
- Uhlelo oluphathekayo lwe-OpenSSH luguqulelwe ukuze lusebenzise okhiye be-SSH ukuze basayine ngedijithali ukuzibophezela nomaka ku-Git.
- Iziqondiso ze-SetEnv kumafayela okumisa okuthi ssh_config kanye ne-sshd_config manje sezisebenzisa inani kusukela ekukhulunyweni kokuqala kokuhluka kwemvelo uma kuchazwe izikhathi ezingaphezu kwesisodwa ekucushweni (ngaphambilini okushiwo okokugcina kwasetshenziswa).
- Lapho ubiza insiza ye-ssh-keygen ngefulegi elithi β-Aβ (elikhiqiza zonke izinhlobo zokhiye bokusingatha abasekelwa ngokuzenzakalela), ukukhiqizwa kokhiye be-DSA, abangakaze basetshenziswe ngokuzenzakalelayo iminyaka eminingana, kuvaliwe.
- sftp-server kanye ne-sftp sebenzisa isandiso "[i-imeyili ivikelwe]", ukunikeza iklayenti ikhono lokucela amagama abasebenzisi namaqembu ahambisana nesethi ethile yezihlonzi zedijithali (i-uid ne-gid). Ku-sftp, lesi sandiso sisetshenziselwa ukubonisa amagama lapho sibonisa okuqukethwe kohla lwemibhalo.
- I-sftp-server isebenzisa isandiso esithi βhome-directoryβ ukuze sinwebe ~/ and ~user/ paths, enye indlela yesandiso esasihlongozwe ngaphambilini β[i-imeyili ivikelwe]"(isandiso "se-home-directory" sihlongozwa ukuthi simiswe futhi sesivele sisekelwa amanye amaklayenti).
- I-ssh-keygen ne-sshd zengeza amandla okucacisa isikhathi endaweni yesikhathi ye-UTC lapho kunqunywa isitifiketi nezikhawu zokuqinisekisa eziyinhloko, ngaphezu kwesikhathi sesistimu.
- I-sftp ivumela izimpikiswano ezengeziwe ukuba zicaciswe ngenketho ethi "-D" (ngokwesibonelo, "/usr/libexec/sftp-server -el debug3").
- I-ssh-keygen ivumela ukusetshenziswa kwefulegi elithi "-U" (sebenzisa i-ssh-ejenti) kanye nemisebenzi ethi "-Y sign" ukuze unqume ukuthi okhiye abayimfihlo babanjwe yi-ssh-ejenti.
Source: opennet.ru