Vula iShell eKhuselekileyo (OpenSSH): Intwana yayo yonke into malunga nobuchwepheshe be-SSH

Vula iShell eKhuselekileyo (OpenSSH): Intwana yayo yonke into malunga nobuchwepheshe be-SSH

Ukusukela umndilili we-GNU/Linux umsebenzisi Idla ngokuba ngumntu oqhubela phambili, owaziwayo okanye oqeqeshekileyo ebaleni. kwihlabathi lesayensi yekhompyuter, oku kukunyanzela ukuba usebenzise kwaye ugqwese izixhobo ezikhethekileyo okanye itekhnoloji. Umzekelo omhle woku ngu uqhagamshelo olukude kwezinye iikhompyuter okanye izixhobo, ngomzobo okanye nge-terminal. Umzekelo, a I-avareji yomsebenzisi we-linux, I-SysAdmins okanye i-DevOps, ihlala isuka kwinethiwekhi (ikhaya, ishishini okanye efini), qhagamshela ukude kwezinye iikhompyuter ngeeprothokholi ezahlukeneyo okanye itekhnoloji ekhoyo kuyo, njenge, RDP, Telnet, SSH, kunye nabanye abaninzi.

kwaye njengabaninzi Iingcali ze-IT sele sisazi, ngenxa yoku kukho izixhobo ezininzi zesoftware. Nangona kunjalo, xa kuziwa Iinkqubo zokusebenza zeGNU / Linux, ngakumbi ngokuphathelele Iiseva, eyona nto isisiseko kunye neyimfuneko, bubuchule besixhobo esaziwa ngokuba OpenSecureShell (OpenSSH). Isizathu sokuba, namhlanje siza kuqala ngeli candelo lokuqala malunga ne-SSH.

Kwaye njengesiqhelo, ngaphambi kokungena kwisihloko sanamhlanje malunga nenkqubo «Vula iQela eliKhuselekileyo» (Vula iSSH), ukuze sinikele imbono ephangaleleyo ngayo, siya kushiyela abo banomdla la makhonkco alandelayo kwezinye iimpapasho ezinxulumene nangaphambili. Ngendlela yokuba banokuziphonononga ngokulula, ukuba kuyimfuneko, emva kokugqiba le mpapasho:

"Abanye abasebenzisi banokucinga ukuba ezona ndlela zilungileyo zifanele ukusetyenziswa kwiiseva kuphela, kwaye akunjalo. Unikezelo oluninzi lwe-GNU/Linux lubandakanya i-OpenSSH ngokungagqibekanga kwaye kukho izinto ezimbalwa ekufuneka uzigcine engqondweni". Iindlela ezilungileyo zokusebenza nge-OpenSSH

Inqaku elidibeneyo:

I-OpenSSH 8.5 ifika noHlaziyo lweeHostKeys, ukulungiswa kunye nokunye

Inqaku elidibeneyo:

I-OpenSSH 8.4 sele ikhutshiwe, yazi ezona nguqulelo zibalulekileyo

Vula iQela eliKhuselekileyo (OpenSSH): Ulawulo lokungena olukude

Yintoni i-SSH?

Igama le "SSH" iteknoloji isuka kwisifinyezo sebinzana lesiNgesi “Khusela iShell”, ngesiSpanish kuthetha, "Khusela i-Shell" o "Khusela iToliki yoMyalelo". Nangona kunjalo, ngengcaciso echanekileyo nepheleleyo kunye nokutolika, sinokucaphula le mihlathi ilandelayo:

“I-SSH imele i-Secure Shell yiprothokholi yokufikelela kwindawo ekhuselekileyo kunye nezinye iinkonzo zenethiwekhi ezikhuselekileyo kuthungelwano olungakhuselekanga. Ngokuphathelele kwitekhnoloji ye-SSH, i-OpenSSH yeyona idumileyo kwaye isetyenziswa. I-SSH ithatha indawo yeenkonzo ezingabhalwanga njengeTelnet, i-RLogin, kunye ne-RSH kwaye yongeza ezinye izinto ezininzi. I-Debian Wiki

"Iprotocol ye-SSH yenzelwe ukhuseleko kunye nokuthembeka engqondweni. Udibaniso olusebenzisa i-SSH lukhuselekile, elinye iqela liqinisekisiwe, kwaye yonke idatha etshintshiweyo ifihliwe. I-SSH ikwabonelela ngeenkonzo ezimbini zokudlulisa iifayile; enye yi-SCP, esisixhobo se-terminal esinokusetyenziswa njengomyalelo we-CP; kwaye enye yiSFTP, eyinkqubo esebenzisanayo efana neFTP”. Incwadi yoMlawuli weDebian

“Okwangoku kukho iidaemoni ezintathu ze-SSH eziqhele ukusetyenziswa, SSH1, SSH2, kunye ne-OpenSSH evela kubantu be-OpenBSD. I-SSH1 yayiyidaemon yokuqala ye-SSH ekhoyo kwaye iseyeyona isetyenziswa kakhulu. I-SSH2 ineenzuzo ezininzi ngaphezulu kwe-SSH1, kodwa isasazwe phantsi komxube wephepha-mvume lomthombo ovaliweyo. Ngelixa, i-OpenSSH yidaemon yasimahla exhasa zombini i-SSH1 kunye ne-SSH2. Kwaye yiyo, inguqulelo efakwe kwiDebian GNU/Linux, xa ukhetha ukufaka iphakheji ye-'SSH'. Incwadi yoKhuseleko lweDebian

Kutheni usebenzisa iteknoloji yeSSH?

Ngoba, SSH Yiyo iprotocol yenethiwekhi eqinisekisa a utshintshiselwano lwedatha (ulwazi/iifayile) ngendlela ikhuselekile kwaye inamandla, ukusuka kumxhasi wekhompyuter ukuya kwikhompyuter yomncedisi.

Ukongeza, le teknoloji inikeza inkqubo ethathwa njengethembeke kakhulukuba, kuyo, iifayile okanye imiyalelo ethunyelwe kwikhompyuter yendawo ekuyiwa kuyo iguqulelwe ngokuntsonkothileyo. Kwaye konke oku, ukuqinisekisa ukuba ukuthunyelwa kwedatha kwenziwa ngeyona ndlela ingcono kakhulu, ngaloo ndlela kuncitshiswe naluphi na utshintsho olunokwenzeka ngexesha lokuphunyezwa kwayo, ukuhanjiswa kunye nokwamkelwa.

Okokugqibela, kubalulekile ukuqaphela oko SSH ikwabonelela ngendlela ebandakanya okanye ifuna uqinisekiso lwaye nawuphi na umsebenzisi okude, ukuze kuqinisekiswe ukuba kugunyazisiweyo ukunxibelelana nekhompyuter yendawo (umncedisi). Ukongezelela, le nkqubo ngokuqhelekileyo, ngokungagqibekanga, iyenzeka kwinqanaba lokusetyenziswa kwee-terminals okanye i-consoles, oko kukuthi, ngeendawo ze-I.Ujongano lomgca womyalelo (CLI).

Yintoni i-Open Secure Shell (i-OpenSSH)?

Ngokutsho kwe Iwebhusayithi esemthethweni ye-OpenSSH, le nkqubo yasimahla nevulekileyo ichazwa ngolu hlobo lulandelayo:

"I-OpenSSH sesona sixhobo siphambili sokuqhagamsheleka sokungena kude usebenzisa iprotocol ye-SSH. Ifihla zonke iitrafikhi ukuphelisa ukuva, ukuqweqwedisa uqhagamshelo kunye nolunye uhlaselo. Ukongeza, i-OpenSSH ibonelela ngeseti etyebileyo yeempawu ezikhuselekileyo zothungelwano, iindlela ezahlukeneyo zokuqinisekisa, kunye neendlela eziphucukileyo zoqwalaselo.

Kwaye oku kulandelayo kongezwa kwaye kucacisiwe:

"I-OpenSSH suite inezi zixhobo zilandelayo: Imisebenzi ekude yenziwa nge-ssh, scp, kunye ne-sftp; igulawulo olungundoqo lusebenza nge-ssh-yongeza, i-ssh-keysign, i-ssh-keyscan kunye ne-ssh-keygen; kunye Icala lenkonzo lisebenza nge-sshd, i-sftp-server kunye neephakheji ze-agent ye-ssh”.

I-OpenSSH 9.0: Yintoni eNtsha kunye noLungiso lweBug

Kubalulekile ukuba uqaphele ukuba okwangoku I-OpenSSH ikwinguqulelo yayo ye-9.0. Inguqulelo esandula ukukhutshwa (08/04/2022) enento entsha ephambili zezi zilandelayo:

• I-SSH kunye ne-SSHd: Ukusebenzisa i-Streamlined NTRU Prime + x25519 hybrid key njengendlela yokutshintshiselana engagqibekanga ("sntrup761x25519-sha512@openssh.com").
• SFTP-Umncedisi: Ukunika amandla ulwandiso lwe "copy-data" ukuvumela iikopi zecala lomncedisi weefayile/idatha, ilandela uyilo kwidrafti-ietf-secsh-filexfer-extensions-00.
• SFTP: Yongeza umyalelo "cp" ukuvumela iikopi zefayile ezisecaleni kweseva ukuba zisebenze kumxhasi wesftp.

Ngolwazi oluthe vetshe okanye iinkcukacha malunga nezi iindaba, ukulungiswa kwebug kunye nedatha yokufaka, unokufikelela koku kulandelayo unxibelelwano.

"I-algorithm ye-NTRU ikholelwa ukuba iyaxhathisa uhlaselo olunikwe amandla kwiikhomputha ze-quantum zexesha elizayo kwaye idityaniswe ne-X25519 ECDH yokutshintshiselana kwesitshixo (i-default endala) njenge-backup ngokuchasene naluphi na ubuthathaka kwi-NTRU Prime enokuthi ifunyanwe kwixesha elizayo.".

Apho unokufunda ngakumbi malunga ne-SSH

Ukuza kuthi ga ngoku, sifikelele eyona ithiyori ibalulekileyo ukwazi malunga ne-SSH kunye ne-OpenSSH. Nangona kunjalo, kwizavenge ezizayo kwesi sihloko, siya kuphonononga kwaye sihlaziye oko sele kuchaziwe kumanqaku angaphambili. Ngokuphathelele eyakhe ukufakwa, yakho Iiparamitha zoqwalaselo, kwaye i izenzo ezilungileyo zangoku (iingcebiso), xa kusenziwa isiseko kunye nezicwangciso eziphambili. Kwaye njani yenza imiyalelo elula nentsonkothileyo ngokusebenzisa itekhnoloji.

Nangona kunjalo, ye wandise olu lwazi Sincoma ukuhlola oku kulandelayo umxholo osemthethweni nothembekileyo kwi-intanethi:

1. I-Debian Wiki
2. Incwadi yoMphathi weDebian: UkuNgena okukude / i-SSH
3. Incwadi yoKhuseleko lweDebian: Isahluko 5. Ukhuseleko lweenkonzo ezisebenza kwisistim yakho

Isishwankathelo

Ngamafutshane, Itekhnoloji yeSSH, ngokubanzi, iteknoloji enkulu kwaye elula, ukuba iphunyezwe kakuhle, inikeza a uqhagamshelo oluthembekileyo nolukhuselekileyo kunye nendlela yokungena kwabanye amaqela akude, ukuze ufikelele kwiinkonzo kunye nemisebenzi enikezelwayo ngaphakathi kwayo. Kwaye ilingana simahla kwaye ivulekile, oko kukuthi, «Vula iQela eliKhuselekileyo» (Vula iSSH) iyamangalisa enye indlela yasimahla nevulekileyo efanayo, ifumaneka ngokubanzi kwaye isetyenziswa kuzo zonke Ulwabiwo lweGNU / Linux Okwangoku.

Siyathemba ukuba olu papasho luluncedo kakhulu kumntu wonke «Comunidad de Software Libre, Código Abierto y GNU/Linux». Kwaye ungalibali ukuphawula ngayo apha ngezantsi, kwaye wabelane ngayo nabanye kwiiwebhusayithi zakho ozithandayo, amajelo, amaqela okanye uluntu lwenethiwekhi yoluntu okanye iinkqubo zemiyalezo. Ekugqibeleni, tyelela iphepha lethu lasekhaya ku «DesdeLinux» ukuphonononga ezinye iindaba, kwaye ujoyine ijelo lethu elisemthethweni ITelegram ye DesdeLinux, Bucala ngasekunene iqela ngolwazi oluthe kratya ngalo mbandela.