Muva nje Abathuthukisi be-OpenSSH basanda kumemezela leyo nguqulo engu-8.0 yaleli thuluzi lokuphepha lokuxhuma okukude ne-SSH protocol cishe selikulungele ukushicilelwa.
UDamien Miller, omunye wabathuthukisi abakhulu bephrojekthi, obizwa nje ngomphakathi womsebenzisi yaleli thuluzi ukuze bakwazi ukukuzama ngoba, ngamehlo anele, wonke amaphutha angabanjwa ngesikhathi.
Abantu abathatha isinqumo sokusebenzisa le nguqulo entsha bazokwazi Ngeke zikusize kuphela ukuhlola ukusebenza nokuthola izimbungulu ngaphandle kokwehluleka, uzokwazi ukuthola izithuthukisi ezintsha kusuka kuma-oda ahlukahlukene.
Ezingeni lokuphepha, ngokwesibonelo, kwethulwe izinyathelo zokunciphisa ubuthakathaka be-scp protocol kule nguqulo entsha ye-OpenSSH.
Ngokwenzayo, ukukopisha amafayela nge-scp kuzovikeleka kakhulu ku-OpenSSH 8.0 ngoba ukukopisha amafayela kusuka enkombeni ekude kuya enkombeni yasendaweni kuzobangela i-scp ukuthi ibheke ukuthi ngabe amafayela athunyelwe iseva ayahambisana yini nesicelo esikhishiwe.
Ukube le ndlela ibingasetshenziswanga, iseva yokuhlasela, ngomqondo, ingavimba isicelo ngokuletha amafayela amabi esikhundleni salezo ebezicelwe ekuqaleni.
Kodwa-ke, ngaphandle kwalezi zinyathelo zokunciphisa, i-OpenSSH ayincomi ukusetshenziswa kwe-scp protocol, ngoba "iphelelwe yisikhathi, ayinakuguquguquka, futhi kunzima ukuyixazulula."
"Sincoma ukuthi kusetshenziswe imigomo yesimanjemanje efana ne-sftp ne-rsync ekudlulisweni kwamafayela," kuxwayisa uMiller.
Ngabe le nguqulo entsha ye-OpenSSH izonikani?
Ephakeji «Izindaba» yale nguqulo entsha ifaka phakathi izinguquko eziningi ezingathinta ukucushwa okukhona.
Isibonelo, kuleveli esishiwo ngenhla ye-scp protocol, njengoba le protocol isuselwa kugobolondo elikude, ayikho indlela eqinisekile yokuthi amafayela adluliselwe esuka kuklayenti afana nalawo asuka kuseva.
Uma kukhona umehluko phakathi kweklayenti elijwayelekile nokwandiswa kweseva, iklayenti lingawala amafayela avela kuseva.
Ngalesi sizathu, iqembu le-OpenSSH linikeze i-scp ifulegi elisha le- "-T" ekhubaza amasheke ohlangothini lwamakhasimende ukuphinda aqale ukuhlasela okuchazwe ngenhla.
Ezingeni le-demond sshd: iqembu le-OpenSSH lisuse ukwesekwa kwe-syntax ehlisiwe ye- "host / port".
Umsingathi / itheku elihlukaniswe nge-slash lengezwe ngo-2001 esikhundleni se-syntax ye- "Host: port" yabasebenzisi be-IPv6.
Namuhla i-slash syntax idideka kalula ne-CIDR notation, nayo exhaswa yi-OpenSSH.
Ezinye izinto ezintsha
Ngakho-ke, kungakuhle ukuthi ususe i-forward slash notation ku-ListenAddress naku-PermitOpen. Ngaphezu kwalolu shintsho, sinezici ezintsha ezingezwe ku-OpenSSH 8.0. Lokhu kufaka phakathi:
Indlela yokulinga yokushintshanisa ukhiye wamakhompyutha we-quantum evele kule nguqulo.
Inhloso yalo msebenzi ukuxazulula izinkinga zokuphepha ezingavela lapho kusatshalaliswa okhiye phakathi kwamaqembu, kunikezwe izinsongo entuthukweni yezobuchwepheshe, njengokukhuphuka kwamandla emishini yemishini, ama-algorithm amasha wamakhompyutha we-quantum.
Ukwenza lokhu, le ndlela incike kusisombululo sokusabalalisa ukhiye we-quantum (i-QKD ngamafuphi).
Lesi sixazululo sisebenzisa izakhiwo ze-quantum ukushintshanisa imininingwane eyimfihlo, njengokhiye we-cryptographic.
Empeleni, ukukala uhlelo lwe-quantum kuguqula uhlelo. Ngaphezu kwalokho, uma isigebenga besingazama ukubamba ukhiye we-cryptographic okhishwe ngokusebenzisa ukuqaliswa kwe-QKD, nakanjani izoshiya izigxivizo zeminwe ezitholakalayo ze-OepnSSH.
Ngakolunye uhlangothi, usayizi wokuzenzakalelayo wokhiye we-RSA obuyekezwe waba ngamabhithi angama-3072.
Kwezinye izindaba ezibikiwe yilezi ezilandelayo:
- Ukungeza ukusekelwa kokhiye be-ECDSA kumathokheni we-PKCS
- imvume ye- "PKCS11Provide = none" yokweqa izehlakalo ezilandelayo ze-PKCS11Provide directive in ssh_config.
- Umlayezo welog ungezwa ezimeni lapho ukuxhumeka kwephukile ngemuva kokuzama ukusebenzisa umyalo ngenkathi i-sshd_config ForceCommand = ukubophezeleka kwangaphakathi-sftp kusebenza.
Ngemininingwane engaphezulu, uhlu olugcwele lokunye okungeziwe nokulungiswa kwamaphutha luyatholakala ekhasini elisemthethweni.
Ukuzama le nguqulo entsha ungaya kusixhumanisi esilandelayo.