SSH3: Inokurumidza, yakapfuma yakachengeteka goko uchishandisa HTTP/3
Munguva pfupi yapfuura yakazozivikanwa kutangwa zviri pamutemo kwevhezheni yekutanga ye server uye mutengi we SSH3 protocol yakagadzirirwa semubatsiri kune HTTP3 protocol uye iyo inoshandisa QUIC (yakavakirwa paUDP), TLS 1.3 iyo inotora mukana weHTTP masisitimu echokwadi chemushandisi, pamwe nekugadzira nzira yakachengeteka yekutaurirana.
SSH3 inoshandisa nzira dzekubvumidza zvinoenderana neHTTP protocol, iyo inobvumira nzira itsva dzechokwadi, mukuwedzera kune chekare chechokwadi uchishandisa password uye kiyi peya, pamwe neSSH3 unogona kugadzirisa kupinda kune iri kure sevha kuburikidza nemupi wekuzivikanwa wesangano kana neGoogle account kana GitHub. SSH3 yakavakirwa paHTTP/3 uye QUIC uye, mukuwedzera kune yakajairwa TCP kuendesa mberi, zvakare inopa UDP chiteshi chekufambisa uye nekukurumidza, yakachengeteka zvakanyanya kuisirwa chikamu.
Pamusoro peSSH3
Vagadziri veprojekiti vanotaura kuti kusikwa kweSSH3 yakasimuka semugumisiro wekuongorora kwakakwana kweSSH protocol, inoitwa neboka rakazvimirira revatsvaguri vakaparadzana nezvikwata zviri kushanda pamapurojekiti akaita seOpenSSH uye kumwe kuita kweiyo classic SSH protocol. In SSH3, iyo semantics yekirasi SSH protocol inoshandiswa kuburikidza neHTTP nzira, iyo isingangobvumiri mamwe masimba, asi zvakare inovimbisa kuti zviitiko zvine chekuita neSSH zvakavanzwa pakati peimwe traffic, pakati pezvimwe zvinhu, SSH3 inobvumira kuvandudzwa kunotevera pamusoro peSSH2 protocol haina kukwanisa kupa, pamwe nezvakawanda zveanozivikanwa OpenSSH maficha:
- Zvinonyanya kukurumidza kugadzwa kwesesheni
- Nzira itsva dzechokwadi dzeHTTP, dzakadai seOAuth 2.0 uye OpenID Batanidza, mukuwedzera kune yakasarudzika SSH yekusimbisa.
- Parsing ~/.ssh/authorized_keys pane sevha.
Parses ~/.ssh/config pane mutengi uye inobata zita reHostname, Mushandisi, uye Portconfig IdentityFile sarudzo (dzimwe sarudzo hadzina kufuratirwa)
Certificate-based server authentication - Kusimba kunopesana nechiteshi chekuongorora kurwiswa: yako SSH3 sevha inogona kusaonekwa kune vamwe vashandisi veInternet
- UDP Port Forwarding - Iwe unogona ikozvino kuwana yako QUIC, DNS, RTP kana chero UDP yakavakirwa server iyo inogona kuwanikwa chete kubva kune yako SSH3 host.
- X.509 Certificates: Wava kukwanisa kushandisa zvitupa zveHTTPS kuti uratidze kuti SSH3 server yako ndeyechokwadi. Iyi meshini yakachengeteka kupfuura yekare SSHv2 host key mechanism.
- Kugona kuvanza sevha kuseri kwechakavanzika chinongedzo.
- Ese maficha anogoneswa neazvino QUIC protocol: inosanganisira yekubatanidza kutama uye kuwanda kwekubatanidza
- Shandisa otomatiki ssh-agent yeruzhinji kiyi yekusimbisa
- SSH mumiriri kutumira kuti ushandise makiyi ako emunharaunda pane yako iri kure server
- Chengetedza keyless mushandisi kutendeseka uchishandisa OpenID Batanidza.
Kuvharidzira nzira yekutaurirana, SSH3 inoshandisa iyo TLS 1.3 protocol uye nzira dzechinyakare dzakavakirwa pamapassword uye makiyi eruzhinji (RSA neEdDSA/ed25519) anogona kushandiswa. Pamusoro pezvo, SSH3 inopa sarudzo yekushandisa nzira dzakavakirwa paOAuth 2.0 protocol, ichibvumira kuti huchokwadi huendeswe kune vekunze vanopa.
Chimwe chei SSH3's simba nderekuti inopa zvakakurumidza kukurumidza kugadzwa pane SSH2, Semuyenzaniso, kumisikidza chikamu chitsva neSSH2 kunogona kutora 5 kusvika 7 network iterations (kutenderera), iyo mushandisi anogona kucherechedza zviri nyore sezvo SSH3 ichingoda kudzokorora katatu.
Kana iwe uchifarira kudzidza zvakawanda nezvazvo, iwe unofanirwa kuziva kuti mutengi uye server zvakanyorwa muGo uye zvakagoverwa pasi peiyo Apache 2.0 rezinesi, unogona kubvunza iwo ruzivo. Mune inotevera chinongedzo.
Pamusoro pezvo, zvakakosha kuti titaure kuti SSH3 ichiri kuyedza uye kushandiswa kwayo hakukurudzirwe kugadzira kana nharaunda dzakaomarara uye nekudaro kuisirwa kwayo kunongokurudzirwa kudzidza nezve mashandiro ayo kana kukwanisa kuyedza.
Dhawunirodha uye isa SSH3
For the kufarira kukwanisa kushandisa SSH3 server yekuedza, Iwe unogona kuita izvi nekunyora iyo kodhi kodhi neGo uchitevera mirairo yatinogovera pazasi.
git clone https://github.com/francoismichel/ssh3 cd ssh3 go build -o ssh3 cmd/ssh3/main.go CGO_ENABLED=1 go build -o ssh3-server cmd/ssh3-server/main.go
Kana izvi zvangoitwa, isu zvino tinoenderera mberi nekuwedzera nharaunda yedu yakasiyana mu.bashrc ne:
export PATH=$PATH:/path/to/the/ssh3/directory
Nezve kuitwa kwesevha, sezvo SSH3 ichimhanya pamusoro peHTTP3, chitupa chinodiwa uye chimwe chinogona kugadzirwa nescript:
sh ./generate_openssl_selfsigned_certificate.sh
Chekupedzisira, ndinokukoka iwe kuti utarise zvinyorwa pamusoro pekushandiswa uye kuita mamwe mabasa mu inotevera chinongedzo.