Zimbalwa iintsuku ezidlulileyo IGoogle ityhiliwe ngeposi blog iindaba ze ukukhutshwa kwekhowudi yemvelaphi yeprojekthi ye-HIBA (Isazisi esiGunyazisiweyo seSazisi), esiphakamisa ukwenziwa kwendlela yokugunyazisa eyongezelelweyo yokulungiselela ukufikelela komsebenzisi ngeSSH ngokunxulumene nemikhosi (ukujonga ukuba ukufikelela kwisibonelelo esithile kuvunyelwe na xa kungqinisiswa kusetyenziswa izitshixo zikarhulumente).
Umdibaniso ne-OpenSSH kubonelelwa ngokuchaza umqhubi weHIBA Umyalelo oGunyazisiweyo weNqununu kwi / njl / ssh / sshd_config. Ikhowudi yeprojekthi ibhaliwe kwi-C kwaye ihanjiswa phantsi kwelayisensi ye-BSD.
Malunga neHIBA
I-HIBA isebenzisa iindlela zokuqinisekisa ezisemgangathweni esekwe kwizatifikethi ze-OpenSSH kulawulo oluguquguqukayo nolumbindi wesigunyaziso somsebenzisi ngokunxulumene nemikhosi, kodwa ayifuni utshintsho lwamaxesha ngamaxesha kugunyaziso_iiketi kunye neefayile zabasebenzisi abagunyazisiweyo kwicala lemikhosi edityaniswe kuyo.
Endaweni yokugcina uluhlu lwezitshixo Ukusebenza koluntu kunye nokufikelela kwiifayile ezigunyazisiweyo (amagama agqithisiweyo | abasebenzisi), I-HIBA idibanisa inginginya yolwazi olubophelela ngqo kwizatifikethi ngokwazo. Ngokukodwa, kuye kwacetyiswa ukwandiswa kwezatifikethi zokubamba kunye nezatifikethi zomsebenzisi, ezigcina iiparameter zokubamba kunye neemeko zokunika ukufikelela komsebenzisi.
Ngelixa i-OpenSSH ibonelela ngeendlela ezininzi, ukusuka kwiphasiwedi elula nokusetyenziswa kwezatifikethi, nganye kuzo ibonisa imiceli mngeni.
Masiqale ngokuchaza umahluko phakathi kokungqinisisa kunye nokugunyaziswa. Eyokuqala yindlela yokubonisa ukuba uliziko elibanga ukuba ulilo. Oku kuhlala kufezekiswa ngokunika igama eliyimfihlo elinxulumene neakhawunti yakho okanye ngokusayina umngeni obonisa ukuba unesitshixo sangasese esihambelana nesitshixo sikawonkewonke. Ugunyaziso yindlela yokuthatha isigqibo sokuba ingaba iziko linayo na imvume yokufikelela kubutyebi, obuqhele ukwenziwa emva kokuqinisekiswa.
Ukuqinisekiswa kwecala lokubamba iqalwa ngokubiza umqhubi we-hiba-chk icacisiwe kumyalelo oGunyazisiweyo weeNqobo. Umphathi Imisela ulwandiso olwakhelwe kwizatifikethi kwaye, ngokusekwe kubo, yenza isigqibo sokunika okanye sokuthintela ukufikelela. Imigaqo yokufikelela ichazwa embindini kwinqanaba lesigunyaziso (CA) kwaye idityanisiwe kwizatifikethi kwinqanaba lokuveliswa kwazo.
Kwicala leziko lokuqinisekisa, kukho uluhlu ngokubanzi lweemvume ezikhoyo (inginginya onokuqhagamshela kuyo) kunye noluhlu lwabasebenzisi abanokusebenzisa ezi mvume. Ukusetyenziswa kwe-hiba-gen kucetyisiwe ukuba kuveliswe izatifikethi ezinolwazi lwendawo eyakhelweyo, kwaye ukusebenza okufunekayo ukwenza ugunyaziso lwesatifikethi kuhanjiswe kwiskripthi se hiba-ca.sh.
Ngexesha loqhagamshelo lomsebenzisi, iziqinisekiso ezichaziweyo kwisatifikethi ziyaqinisekiswa sisayinwe yedijithali yegunya lesatifikethi, esithi ivumela lonke ungqinisiso lwenziwe ngokupheleleyo kwicala lokusingathwa kwendawo ekuyiwa kuyo apho uqhagamshelo lwenziwe khona, ngaphandle kokunxibelelana neenkonzo zangaphandle. Uluhlu lwezitshixo zikawonkewonke ze-CA eziqinisekisa izatifikethi zeSSH zichaziwe ngumyalelo weTrustedUserCAKeys.
I-HIBA ichaza izandiso ezibini zezatifikethi ze-SSH:
Isazisi se-HIBA, esiqhotyoshelwe kwizatifikethi zokubamba, zidwelisa iipropathi ezichaza lo mbi zindwendwe. Ziya kusetyenziswa njengeendlela zokunika ukufikelela.
Isibonelelo se-HIBA, esiqhotyoshelwe kwizatifikethi zomsebenzisi, sidwelisa izithintelo ekufuneka umbuki zindwendwe ahlangane nazo ukuze anikwe ukufikelela.
Ukongeza ekunxibelelaneni ngokuthe ngqo kwabasebenzisi kubabuki zindwendweI-HIBA ikuvumela ukuba uchaze ufikeleleko kwimithetho yokufikelela. Umzekelo, iinginginya zinokunxulunyaniswa nolwazi olufana nendawo kunye nohlobo lwenkonzo, nangokuchaza imigaqo yokufikelela yomsebenzisi, vumela unxibelelwano kuyo yonke imikhosi ngohlobo oluthile lwenkonzo okanye kubabuki zindwendwe kwindawo ethile.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nenqaku, unokujonga iinkcukacha Kule khonkco ilandelayo.