Emva kweenyanga ezine zophuhliso kukhutshwa inguqulelo entsha ye-OpenSSH 8.7 ibonisiwe apho ku imowudi yokudlulisa idatha yovavanyo yongeziwe ukwenza scp usebenzisa umthetho olandelwayo we-SFTP endaweni yenkqubo ye-SCP / RCP esetyenziswa ngokwesiko.
SFTP sebenzisa indlela ethe kratya yokuphatha amagama kwaye ayisebenzisi ukuqhubekeka kwetemplate yeglobhu kwelinye icala lomamkeli, elibeka umba wokhuseleko, kunye neflegi ye-'s 'icetyisiwe ukwenza i-SFTP kwi-scp, kodwa kucwangcisiwe ukutshintsha kwixesha elizayo kule nkqubo okungagqibekanga.
Olunye utshintsho olubonakalayo luku sftp-server Esebenzisa ulwandiso lwe-SFTP ukwandisa iindlela ~ / kunye ~ umsebenzisi /, ezifunekayo kwi-scp. Into eluncedo scp itshintshe indlela yokuziphatha xa ukopa iifayile phakathi kwemikhosi emibini ekude, esele yenziwe ngokungagqibekanga ngombindi wendawo ophakathi. Le ndlela ithintela ukuhambisa iziqinisekiso ezingeyomfuneko kumamkeli wokuqala kunye nokutolikwa kathathu kwamagama efayile kwigobolondo (kumthombo, ekujolisweni nakwinkqubo yamacandelo endawo), naxa usebenzisa iSFTP, ikuvumela ukuba usebenzise zonke iindlela ungqinisiso xa ukufikelela kwimikhosi ekude, kwaye ayisiyiyo kuphela indlela yokungasebenzi
Kwakhona, Zombini i-ssh kunye ne-sshd zihambise zombini umxhasi kunye neseva ukuba isebenzise isikhombisi sefayile Yoqwalaselo ungqongqo ngakumbi usebenzisa iqokobhe imithetho ukuphatha iikowuti, izithuba, kunye nokubaleka abalinganiswa.
Isikhombi esitsha asikutyesheli okucingelwayo, njengokuyeka iimpikiswano kukhetho (umzekelo, ngoku awunakushiya umkhombandlela we-DenyUsers ungenanto), iikowuti ezingavalwanga, kunye nokuchaza iisimboli ezininzi "=".
Xa usebenzisa iirekhodi ze-DNS SSHFP ukuqinisekisa izitshixo, i-ssh ngoku iqinisekisa zonke iirekhodi ezifanayo, hayi ezo ziqulathe uhlobo oluthile lwesiginitsha yedijithali. Kwi-ssh-keygen, xa uvelisa isitshixo se-FIDO ngenketho -Ochallenge, umaleko owakhelweyo ngoku usetyenziselwa ukukhawulezisa, endaweni yezixhobo ze-libfido2, ekuvumela ukuba usebenzise ukulandelana komceli mngeni omkhulu okanye omncinci kunee-byte ezingama-32. Kwi-sshd, xa kulungiswa imeko-bume = "..." umyalelo kwiifayile ezigunyazisiweyo_imidlalo, umdlalo wokuqala wamkelwe ngoku kwaye umda wamagama ayi-1024 ahluka ngokwendalo ayasebenza.
Abaphuhlisi be-OpenSSH naboilumkise malunga nokudluliselwa kudidi lwee-algorithms eziphelelwe lixesha usebenzisa i-SHA-1 hashes, ngenxa yempumelelo enkulu yongquzulwano lokuhlaselwa kunye nesiqalo esinikiweyo (iindleko zokukhetha ukungqubana ziqikelelwa kwi- $ 50).
Kukhululo olulandelayo, kucetyelwe ukukhubaza ngokungagqibekanga ukubanakho ukusebenzisa "ssh-rsa" isitshixo sasesidlangalaleni sokutyikitywa kwedijithali, ekhankanywe kwi-RFC yoqobo yenkqubo ye-SSH kwaye isasetyenziswa ngokubanzi ekusebenzeni.
Ukuvavanya ukusetyenziswa kwe-ssh-rsa kwiinkqubo, ungazama ukudibanisa nge-ssh ngokhetho "-oHostKeyAlgorithms = -ssh-rsa". Kwangelo xesha, ukukhubaza "ssh-rsa" utyikityo ngokwamanani akuthethi ukwaliwa ngokupheleleyo ukusetyenziswa kwezitshixo zeRSA, kuba ukongeza kwi-SHA-1, umthetho olandelwayo we-SSH uvumela ukusetyenziswa kwezinye ii-algorithms zokubala ii-hashes. Ngokukodwa, ukongeza kwi "ssh-rsa", kuyenzeka ukuba usebenzise amakhonkco "rsa-sha2-256" (RSA / SHA256) kunye ne "rsa-sha2-512" (RSA / SHA512).
Ukuhambisa utshintsho kutshintsho olutsha kwi-OpenSSH, useto loHlaziyo lweeHostKeys lwalunikwe amandla ngokungagqibekanga, likuvumela ukuba utshintshe abathengi ngokuzenzekelayo kwii-algorithms ezinokuthenjwa.
Okokugqibela, ukuba unomdla wokwazi okungakumbi ngale nguqulo intsha, unokujonga iinkcukacha ngokuya kule khonkco ilandelayo.
Uyifaka njani i-OpenSSH 8.7 kwiLinux?
Kulabo banomdla wokukwazi ukufaka le nguqulo intsha ye-OpenSSH kwiinkqubo zabo, okwangoku bangayenza Ukukhuphela ikhowudi yemvelaphi yoku kunye ukwenza ukudityaniswa kwiikhompyuter zabo.
Kungenxa yokuba ingxelo entsha ayikabandakanywa koovimba beenkqubo eziphambili zeLinux. Ukufumana ikhowudi yemvelaphi, ungenza kwi ikhonkco elandelayo.
Yenza ukhuphelo, ngoku siza kukhulula ipakethe ngalo myalelo ulandelayo:
tar -xvf openssh-8.7.tar.gz
Sifaka isikhombisi esenziwe:
cd openssh-8.7
Y sinokudibanisa kunye le miyalelo ilandelayo:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install