UJakub jelen (injineli yezokhuseleko yeRed Hat) Ucebise ukuba umthetho olandelwayo we-SCP uhlelwe njengongasasebenziyo ukuqhubekeka kamva ekususweni kwayo. Njengoko I-SCP isondele ngokusondeleyo kwiRCP kwaye ifumana ilifa kwiingxaki zokwakha Izinto ezisisiseko ezingumthombo wokuba sesichengeni.
Ngokukodwa, kwi-SCP nakwi-RCP, umncedisi uyasamkela isigqibo sokuba zeziphi iifayile kunye nemikhombandlela ayithumela kumthengi, kwaye umthengi ulandela imiyalelo yeseva kwaye ujonga kuphela ukuchaneka kwamagama ezinto ezibuyisiweyo.
Ngokudibanisa kwiseva elawulwa ngumhlaseli, iseva inokuhambisa ezinye iifayile, ethe yakhokelela ekuchongeni ubungozi.
Umzekelo, kude kube kutshanje, umthengi ujonge isikhombisi sangoku, kodwa akakhange ayithathele ingqalelo into yokuba iserver inokukhupha ifayile enegama elahlukileyo kwaye ibhale ngaphezulu iifayile ezingacelwanga (umzekelo, endaweni ye "test.txt" iceliwe, umncedisi angathumela ifayile ebizwa ». bashrc« kwaye iya kubhalwa ngumthengi).
Kwiposi, epapashwe nguJakub Jelen, unokufunda oku kulandelayo:
Molweni basebenzisi beFedora! Kwiminyaka yakutshanje, kuye kwakho imicimbi eliqela kwiprotocol ye-SCP, esikhokelela kwiingxoxo nokuba singakwazi na ukuyilahla kwizigaba zokuqala.
Uninzi lwamazwi luthi basebenzise i-SCP ikakhulu kwiikopi ezilula ze-ad-hoc kwaye ngenxa yokuba isixhobo sftp asiboneleli ujongano olulula lokukopa ifayile enye okanye ezimbini ngapha nangapha kwaye kuba abantu basetyenziselwa ukubhala i-scp endaweni ye-sftp.
Enye ingxaki ngeprotocol ye-SCP yinto yokuqhubekeka kwengxoxo.
Kuba kuyakhankanywa ukuba xa ukopa iifayile kwiserver yangaphandle indlela yefayile ifakwe kwisiphelo somyalelo we-scp local, umzekelo, xa uqhuba umyalelo «scp / sourcefile remoteserver: 'touch / tmp / exploit.sh` / targetfile'» kwiseva, umyalelo »touch / tmp / exploit.sh» kunye nefayile / tmp yayi made /exploit.sh, ke kubalulekile ukuba usebenzise oonobumba bokubaleka ngokuchanekileyo kwi-scp.
Xa i-scp isetyenziselwa ukuphinda udlulise imixholo yolawulo (ukhetho "-r") kwiifayile ezamkela '' 'igama kumagama efayile, umhlaseli angenza ifayile enezinto ezibhaliweyo kwaye ayenze ikhowudi ukuba iqhubeke.
Kwi-OpenSSH le ngxaki ihlala ingachanekanga, njengokuba kunzima ukulungisa ngaphandle kokophula ukungqinelana ngasemva, umzekelo, ukuqhuba imiyalelo yokujonga ukuba isikhombisi sikhona ngaphambi kokuba sikopishwe.
Iingxoxo zangaphambili zibonise ukuba i-scp isetyenziswa ngokubanzi ukukopa iifayile ukusuka kwenye inkqubo iye kwenye.
Nangona kunjalo, abantu abaninzi basebenzisa i-scp endaweni ye-sftp ngenxa yokujongana ngokulula kwaye icacile ukukopa iifayile, okanye ngaphandle komkhwa. UJakub ucebisa ukuba kusetyenziswe okungagqibekanga kokusebenza kwe-scp, kuguqulwe ukuba kusetyenziswe umthetho olandelwayo we-SFTP (kwezinye iimeko ezikhethekileyo uncedo lubonelela "-M scp" ukhetho lokubuyela kwiprotocol ye-SCP), okanye ukongeza indlela yokuhambelana kwi-sftp eluncedo ikuvumela ukuba usebenzise i-sftp endaweni yokubonisa endaweni ye-scp.
Kwiinyanga ezimbalwa ezidlulileyo ndibhale isiziba se-scp sokusebenzisa i-SFTP ngaphakathi (ndinethuba lokuyitshintsha ndisebenzise -M scp) kwaye ndayiqhuba ngempumelelo kwezinye iimvavanyo.
Ingxelo ngokunyuka okupheleleyo nayo yayintle, ke ndingathanda ukuva nabasebenzisi bethu. Inemiqobo ethile (inkxaso ilahlekile, ayizukusebenza ukuba iseva ayisebenzisi inkqubo esezantsi ye-sftp,…), kodwa kufanelekile ukuba ilungele iimeko eziqhelekileyo zokusetyenziswa.
Phakathi kwemida yendlela ecetywayo, ukungakwazi kokutshintsha kwedatha ngeeseva ezingaqali inkqubo esezantsi ye-sftp kukhankanyiwe, kunye nokungabikho kwendlela yokutshintshela phakathi kwemikhosi emibini yangaphandle enodluliso lwenginginya yobulali ("-3"). Abanye abasebenzisi bayabona ukuba i-SFTP isemva kancinci kwe-SCP ngokwe-bandwidth, eya kuthi ibonakale ngakumbi kunxibelelwano olubi kunye ne-latency ephezulu.
Uvavanyo, enye ipasile evulekileyo iphakheji sele ibekwe kwindawo yokugcina izinto ze-copr, ukuyilungisa kunye nokuphunyezwa kwesevisi ye-scp ngaphezulu kweprotocol ye-SFTP.
Umthombo: https://lists.fedoraproject.org/