Ngemuva kwezinyanga ezine zokukhula kukhishwe inguqulo entsha ye-OpenSSH 8.7 lapho imodi yokudlulisa idatha yokulinga ingeziwe scp usebenzisa umthetho olandelwayo we-SFTP esikhundleni se-SCP / RCP protocol esetshenziswa ngokwesiko.
SFTP sebenzisa indlela ebikezela kakhulu yokuphatha amagama futhi ayisebenzisi ukucutshungulwa kwesifanekiso se-glob shell ngakolunye uhlangothi lomsingathi, okudala inkinga yezokuphepha, kanye nefulegi le-'s 'liphakanyisiwe ukunika amandla i-SFTP ku-scp, kepha kuhlelwe ukuthi ngokuzayo kuguqulwe kule protocol ngu okuzenzakalelayo.
Olunye ushintsho oluvelele luku- i-sftp-server esebenzisa izandiso ze-SFTP ukunweba imizila ~ / no ~ user /, okudingeka ku-scp. Okusetshenziswayo i-scp iguqule ukusebenza lapho ikopisha amafayela phakathi kwamabamba amabili akude, manje esenziwe ngokuzenzakalela ngokusingathwa kwasendaweni okuphakathi. Le ndlela igwema ukudluliswa kwemininingwane engadingekile kumsingathi wokuqala kanye nokuchazwa okuphindwe kathathu kwamagama efayela kuShell (emthonjeni, ekuqondisweni nasezinhlangothini zohlelo lwasendaweni), futhi nalapho usebenzisa i-SFTP, ikuvumela ukuthi usebenzise zonke izindlela ubuqiniso lapho ukufinyelela abasingathi bokulawula okukude, hhayi nje izindlela ezingasebenzelani
Futhi, Kokubili i-ssh ne-sshd ihambise iklayenti neseva ukusebenzisa i-file parser Yokucushwa eqinile usebenzisa imithetho yeShell ukuphatha izingcaphuno, izikhala, nezinhlamvu zokuphunyuka.
Isicacisi esisha futhi asikunaki ukucabanga okudlulisiwe, njengokuyeka izimpikiswano kokukhethwa kukho (ngokwesibonelo, manje awukwazi ukushiya umyalo we-DenyUsers ungenalutho), izingcaphuno ezingavaliwe, nokucacisa izimpawu eziningi "=".
Lapho usebenzisa amarekhodi e-DNS SSHFP ukuqinisekisa okhiye, i-ssh manje iqinisekisa wonke amarekhodi afanayo, hhayi lawo aqukethe kuphela uhlobo oluthile lwesiginesha yedijithali. Ku-ssh-keygen, lapho kukhiqizwa ukhiye we-FIDO ngenketho -Ochallenge, ungqimba olwakhelwe ngaphakathi manje selusetshenziselwa i-hashing, esikhundleni samathuluzi e-libfido2, ekuvumela ukuthi usebenzise ukulandelana kwenselelo okukhulu noma okuncane kunama-byte angama-32. Ku-sshd, lapho kucubungulwa inkomba yemvelo = "..." kumafayela agunyaziwe_eziketi, umdlalo wokuqala manje wamukelwa futhi umkhawulo wamagama ayi-1024 wemvelo uyaqala.
Abathuthukisi be-OpenSSH nabouxwayise ngokudluliselwa esigabeni sama-algorithms angasebenzi usebenzisa i-SHA-1 hashes, ngenxa yokusebenza kahle kokuhlaselwa kokushayisana nesiqalo esinikeziwe (izindleko zokukhethwa kokushayisana zilinganiselwa ku- $ 50).
Ekukhishweni okulandelayo, kuhlelwe ukukhubaza ngokuzenzakalela amandla wokusebenzisa i- "ssh-rsa" key key public signature algorithm, eshiwo ku-RFC yasekuqaleni ye-SSH protocol futhi isasetshenziswa kakhulu ekusebenzeni.
Ukuhlola ukusetshenziswa kwe-ssh-rsa kumasistimu, ungazama ukuxhuma nge-ssh ngenketho "-oHostKeyAlgorithms = -ssh-rsa". Ngasikhathi sinye, ukukhubaza ama- "ssh-rsa" digital signature ngokuzenzakalela akusho ukwenqatshwa okuphelele kokusetshenziswa kwezinkinobho ze-RSA, ngoba ngaphezu kwe-SHA-1, umthetho olandelwayo weSSH uvumela ukusetshenziswa kwamanye ama-algorithms wokubala ama-hashes. Ikakhulu, ngokungeziwe ku- "ssh-rsa", kuzokwazi ukusebenzisa izixhumanisi "rsa-sha2-256" (RSA / SHA256) ne- "rsa-sha2-512" (RSA / SHA512).
Ukwenza bushelelezi ushintsho kuma-algorithms amasha ku-OpenSSH, ukusethwa kwe-UpdateHostKeys kwakukade kunikwe amandla ngokuzenzakalela, kukuvumela ukuthi ushintshele amaklayenti ngokuzenzakalela kuma-algorithm ethembekile.
Ekugcineni, uma unentshisekelo yokwazi okwengeziwe ngale nguqulo entsha, ungaxhumana nemininingwane ngokuya kusixhumanisi esilandelayo.
Ungayifaka kanjani i-OpenSSH 8.7 ku-Linux?
Kulabo abanentshisekelo yokukwazi ukufaka le nguqulo entsha ye-OpenSSH kumasistimu abo, ngoba manje sebengakwenza ukulanda ikhodi yomthombo yalokhu futhi benza ukuhlanganiswa kumakhompyutha abo.
Lokhu kungenxa yokuthi inguqulo entsha ayikakafakwa ezinqolobaneni zokusabalalisa okukhulu kwe-Linux. Ukuthola ikhodi yomthombo, ungenza kusuka ku- isixhumanisi esilandelayo.
Uqedile ukulanda, manje sizovula iphakheji ngomyalo olandelayo:
tar -xvf openssh-8.7.tar.gz
Sifaka umkhombandlela owakhiwe:
cd openssh-8.7
Y singahlanganisa imiyalo elandelayo:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install