Emva kweenyanga ezine zophuhliso ukumiliselwa kwe Inguqulelo entsha ye I-OpenSSH 8.4, umxhasi ovulekileyo kunye nokuphunyezwa kweseva ye-SSH 2.0 kunye ne-SFTP.
Kwinguqulelo entsha ime ngokuba liphumeze ngokupheleleyo i-SSH 100 protocol kwaye ukongeza ekubandakanyeni utshintsho kwinkxaso ye-sftp server kunye nomxhasi, kunye ne-FIDO, Ssh-keygen kunye nolunye utshintsho.
Iimpawu ezintsha eziphambili ze-OpenSSH 8.4
I-arhente ye-Ssh ngoku iqinisekisa ukuba umyalezo uza kusayinwa kusetyenziswa iindlela ze-SSH xa usebenzisa amaqhosha e-FIDO angaveliswanga ubunyani be-SSH (i-ID yesitshixo ayiqali ngentambo "ssh:").
Utshintsho ayizukuvumela ukuhambisa kwakhona i-ssh-arhente kwimikhosi ekude enezitshixo zeFIDO Ukuthintela ukubanakho ukusebenzisa la maqhosha ukwenza ukutyikitywa kwezicelo zokungqinisiswa kwewebhu (kungenjalo, xa isikhangeli sinokutyikitya isicelo se-SSH, yayiqala ikhutshelwe ngaphandle ngenxa yokusebenzisa isimaphambili "ssh:" kwisazisi esingundoqo).
I-Ssh-keygen, xa uvelisa isitshixo sokuhlala, kubandakanya inkxaso ye-pluginProtect plugin ichazwe kwinkcazo ye-FIDO 2.1, ebonelela ngokhuseleko olongezelelweyo kumaqhosha ngokufuna ukuba iPIN ifakwe ngaphambi kokwenza nayiphi na imisebenzi enokubangela ukukhutshwa kwesitshixo somhlali kuphawu.
Malunga ne utshintsho olunokwaphula ukungqinelana:
Ukudibana ne I-FIDO U2F, kuyacetyiswa ukuba isebenzise ithala leencwadi le-libfido2 ubuncinci be Inguqulelo 1.5.0. Ithuba lokusebenzisa iinguqulelo ezindala liphunyezwa ngokuyinxenye, kodwa kule meko imisebenzi enje ngezitshixo zokuhlala, isicelo sePIN kunye nokunxibelelana kweethokheni ezininzi azizukufumaneka.
Kwi-ssh-keygen, kwifomathi yolwazi lokuqinisekisa, olugcinwa ngokuzikhethela xa uvelisa isitshixo seFIDO, Idatha eyiyo yongezwa, ekufuneka iqinisekise ubungqina besiginitsha yedijithali.
Xa usenza ifayile ye- Inguqulelo ephathekayo ye-OpenSSH, i-automake ngoku iyafuneka ukwenza iskripthi sokumisela kunye neefayile zendibano (ukuba ubhala kwifayile epapashwe yikhowudi, awudingi ukwakha kwakhona).
Yongeze inkxaso yamaqhosha eFIDO afuna ukuqinisekiswa kwePIN ye-ssh kunye ne-ssh-keygen. Ukuvelisa amaqhosha ngePIN, ukhetho "qinisekisa olufunekayo" longezwe kwi-ssh-keygen. Kwimeko yokusebenzisa ezi zitshixo, ngaphambi kokwenza utyikityo lokusebenza, umsebenzisi uyacelwa ukuba aqinisekise ngezenzo zabo ngokufaka ikhowudi ye-PIN.
Kwi-sshd, kuqwalaselo_lokugunyazwa_eendlela, ukhetho "lokuqinisekisa olufunekayo" luyenziwa, efuna ukusetyenziswa kwezakhono zokuqinisekisa ubukho bomsebenzisi ngexesha lokusebenza kwethokheni.
I-Sshd kunye ne-ssh-keygen yongeze inkxaso yokuqinisekisa utyikityo lwedijithali ehambelana nomgangatho weFIDO Webauthn, ovumela amaqhosha eFIDO ukuba asetyenziswe kwizikhangeli zewebhu.
Olunye utshintsho olwahlukileyo:
- Yongezwe i-ssh kunye ne-ssh-arhente yenkxaso ye- $ SSH_ASKPASS_REQUIRE imeko eguqukayo, enokusetyenziselwa ukwenza okanye ukukhubaza umnxeba we-ssh-Askpass.
- Kwi-ssh, kwi-ssh_config, kumyalelo we-AddKeysToAgent, ukukwazi ukunciphisa ixesha lokusebenza kweqhosha kuye kongezwa. Emva kokuba umda ochaziweyo uphelelwe lixesha, amaqhosha asuswa ngokuzenzekelayo kwi-ssh-arhente.
- Kwi-scp kunye ne-sftp, usebenzisa iflegi "-A", ngoku ungavumela ngokucacileyo ukuhanjiswa kwakhona kwi-scp kunye ne-sftp usebenzisa i-ssh-arhente (ngokungagqibekanga, ulungelelwaniso kwakhona lukhubazekile).
- Yongezwe inkxaso '% k' endaweni yessh isakhelo segama lokubamba.
- I-Sshd ibonelela kwilog yesiqalo kunye nesiphelo senkqubo yokulahla konxibelelwano, elawulwa yiparameter yeMaxStartups.
Uyifaka njani i-OpenSSH 8.4 kwiLinux?
Kulabo banomdla wokukwazi ukufaka le nguqulo intsha ye-OpenSSH kwiinkqubo zabo, okwangoku bangayenza Ukukhuphela ikhowudi yemvelaphi yoku kunye ukwenza ukudityaniswa kwiikhompyuter zabo.
Kungenxa yokuba ingxelo entsha ayikabandakanywa koovimba beenkqubo eziphambili zeLinux. Ukufumana ikhowudi yemvelaphi, unokwenza ukusuka eli khonkco lilandelayo.
Yenza ukhuphelo, ngoku siza kukhulula ipakethe ngalo myalelo ulandelayo:
I-tar -xvf ivula-8.4.tar.gz
Sifaka isikhombisi esenziwe:
cd ivula-8.4
Y sinokudibanisa kunye le miyalelo ilandelayo:
./configure --prefix = / opt --sysconfdir = / njl / ssh yenza ukufaka