Mushure memwedzi mina yekukura kuvhurwa kwe iyo nyowani vhezheni ye OpenSSH 8.4, yakavhurika mutengi uye sevha kuitisa SSH 2.0 uye SFTP.
Mune vhezheni itsva inomira kuve 100% kuzadzikiswa kuitiswa kweSSH 2.0 protocol uye mukuwedzera pakusanganisa shanduko mukutsigira sftp server uye mutengi, zvakare yeFIDO, Ssh-keygen uye nedzimwe shanduko.
Main nyowani maficha eOpenSSH 8.4
Ssh-mumiriri ikozvino anoongorora kuti meseji ichasainwa uchishandisa nzira dzeSSH paunenge uchishandisa makiyi eFIDO anga asina kugadzirirwa SSH kusimbiswa (iyo kiyi ID haitangi netambo "ssh:").
Shanduko haizobvumidze redirect ssh-mumiriri kunzvimbo dziri kure dzine makiyi eFIDO kuvharira kugona kushandisa makiyi aya kugadzira masiginecha ekukumbira kwewebhu (kana zvisina kudaro, apo bhurawuza painogona kusaina chikumbiro cheSSH, yakatanga kubviswa nekuda kwekushandisa kwekutanga "ssh:" mukiyi yekuzivikanwa).
ssh-keygen, kana uchigadzira kiyi yekugara, inosanganisira rutsigiro rwechikweretiProtect plugin inotsanangurwa muFIDO 2.1 kududzirwa, iyo inopa kumwe kudzivirirwa kwemakiyi nekuda kuti PIN iiswe isati yaitwa chero mabasa angaite kuti kuburitswa kwekiyi yekugara kubva pachiratidzo.
Nezve iyo shanduko dzinogona kutyora kuenderana:
Zvekuenderana ne FIDO U2F, zvinokurudzirwa kushandisa libfido2 raibhurari yeinenge iri mhando 1.5.0. Iko mukana wekushandisa edzeka edhisheni inoitwa zvishoma, asi mune ino kesi mabasa senge anogara makiyi, PIN chikumbiro uye kubatana kwemamwe matokoni hakuzovepo.
Mu ssh-keygen, mune fomati yeruzivo rwekusimbisa, iyo inosarudzika sarudzo paunenge uchigadzira iyo FIDO kiyi, iyo yechokwadi data inowedzerwa, iyo inodikanwa kuti isimbise kusimbisa masiginecha edhijitari.
Paunenge uchigadzira inotakurika vhezheni yeOpenSSH, automake yave kudikanwa kuti igadzire iyo yekumisikidza script uye kuperekedza mafaera egungano (kana iwe uchinyora kubva kukodhi-yakaburitswa tar faira, haufanire kuvaka zvakare kumisikidza)
Wakawedzera rutsigiro rwemakiyi eFIDO anoda kuongororwa kwePIN ye ssh uye ssh-keygen. Kugadzira makiyi nePIN, iyo "simbisa inodikanwa" sarudzo yawedzerwa kune ssh-keygen. Panyaya yekushandisa makiyi akadaro, usati waita siginicha yekugadzira oparesheni, mushandisi anokumbirwa kuti asimbise zviito zvavo nekupinda PIN kodhi.
Mu sshd, mune yakagadziriswa_keys kurongeka, iyo "simbisa inodikanwa" sarudzo inoitwa, iyo inoda kushandiswa kwesimba rekuona kuvepo kwemushandisi panguva yekushanda kwechiratidzo.
Sshd uye ssh-keygen vakawedzera rutsigiro rwekusimbisa masiginecha edhijitari izvo zvinoenderana neiyo FIDO Webauthn standard, iyo inobvumidza FIDO makiyi kuti ashandiswe mumabhurawuza ewebhu.
Pane dzimwe shanduko dzinobuda pachena:
- Yakawedzera ssh uye ssh-mumiririri rutsigiro rwe $ SSH_ASKPASS_REQUIRE nharaunda inoshanduka, iyo inogona kushandiswa kugonesa kana kudzima iyo ssh-Askpass kufona.
- Mu ssh, mu ssh_config, mune yeAddKeysToAgent rairo, kugona kudzikamisa nguva yechokwadi yekiyi yakawedzerwa. Mushure mekunge muganho wakatarwa wapera, makiyi anongobviswa otomatiki kubva kune ssh-mumiriri.
- Mu scp uye sftp, uchishandisa iyo--A mureza, ikozvino unogona kunyatso bvumidza redirection mu scp uye sftp uchishandisa ssh-mumiriri (nekutadza, redirection yakaremara).
- Wakawedzera rutsigiro rwe '% k' chinotsiviwa mu ssh gadziriso yezita rekutambira zita.
- Sshd inopa danda rekutanga uye kupera kwenzira yekudonha yekubatanidza, inodzorwa neMaxStartups paramende.
Maitiro ekuisa OpenSSH 8.4 paLinux?
Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.
Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane iyo kodhi kodhi, iwe unogona kuita kubva chinotevera chinongedzo.
Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera
tar -xvf inovhura-8.4.tar.gz
Isu tinopinda dhairekitori rakagadzirwa:
cd anovhura-8.4
Y tinogona kuumbiridza ne inotevera mirairo:
./configure --prefix = / opt --sysconfdir = / etc / ssh inogadzira gadzira