Ngemuva kwezinyanga ezine zokukhula ukwethulwa kwe- inguqulo entsha ye I-OpenSSH 8.4, iklayenti elivulekile nokuqaliswa kweseva kwe-SSH 2.0 ne-SFTP.
Enguqulweni entsha ivelela ukusebenza 100% okuphelele kwe-SSH 2.0 protocol futhi ngaphezu kokufaka izinguquko ekusekeleni i-sftp server neklayenti, kanye ne-FIDO, Ssh-keygen nolunye uguquko.
Izici ezintsha eziyinhloko ze-OpenSSH 8.4
I-Ssh-agent manje iqinisekisa ukuthi umlayezo uzosayinwa kusetshenziswa izindlela ze-SSH lapho usebenzisa okhiye be-FIDO abangavezelwanga ubuqiniso be-SSH (i-ID yokhiye ayiqali ngentambo "ssh:").
Ushintsho ngeke ivumele ukuqondisa kabusha i-ssh-agent kubasingathi bokude abanokhiye be-FIDO ukuvimba ikhono lokusebenzisa lezi zinkinobho ukukhiqiza amasiginesha ezicelo zokufakazela ubuqiniso bewebhu (uma kungenjalo, lapho isiphequluli singasayina isicelo se-SSH, ekuqaleni sakhishwa ngenxa yokusetshenziswa kwesiqalo "ssh:" ekukhombeni okuyisihluthulelo).
I-Ssh-keygen, lapho udala ukhiye wokuhlala, kufaka phakathi ukusekelwa kwe-pluginPredect plugin kuchazwe kusibonakaliso se-FIDO 2.1, esihlinzeka ngokuvikelwa okungeziwe kokhiye ngokudinga ukuthi kufakwe i-PIN ngaphambi kokwenza noma imiphi imisebenzi engaholela ekukhishweni kokhiye ohlala ethokheni.
Mayelana ne- izinguquko ezingaphula ukuhambisana:
Ngokuhambisana ne I-FIDO U2F, kunconywa ukuthi usebenzise umtapo wezincwadi we-libfido2 kokungenani inguqulo 1.5.0. Ithuba lokusebenzisa ama-edishini amadala lenziwa kancane, kepha kulokhu imisebenzi efana nokhiye bokuhlala, isicelo se-PIN nokuxhuma kwamathokheni amaningana ngeke kutholakale.
Ku-ssh-keygen, ngohlobo lwemininingwane yokuqinisekisa, egcinwa ngokuzikhethela lapho kukhiqizwa ukhiye we-FIDO, imininingwane eyiqiniso iyangezwa, okudingeka ukuqinisekisa amasiginesha edijithali wokuqinisekisa.
Lapho wenza i- inguqulo ephathekayo ye-OpenSSH, i-automake manje iyadingeka ukwenza iskripthi sokumisa nokuhambisana namafayela womhlangano (uma ubhala kusuka kufayela le-tar elishicilelwe ngekhodi, awudingi ukwakha kabusha ukumisa).
Kungezwe ukusekelwa kokhiye be-FIDO abadinga ukuqinisekiswa kwe-PIN ye-ssh ne-ssh-keygen. Ukukhiqiza okhiye nge-PIN, inketho "yokuqinisekisa iyadingeka" ingezwe ku-ssh-keygen. Endabeni yokusebenzisa okhiye abanjalo, ngaphambi kokwenza umsebenzi wokusungula isiginesha, umsebenzisi uyacelwa ukuthi aqinisekise izenzo zakhe ngokufaka ikhodi ye-PIN.
Ku-sshd, ekucushweni kokugunyazwa_khiye, inketho "yokuqinisekisa iyadingeka" okudinga ukusetshenziswa kwamakhono wokuqinisekisa ubukhona bomsebenzisi ngesikhathi sokusebenza kwamathokheni.
I-Sshd ne-ssh-keygen bangeze ukusekelwa kokuqinisekisa amasiginesha edijithali ezihambisana nezinga le-FIDO Webauthn, elivumela okhiye be-FIDO ukuthi basetshenziswe kuziphequluli zewebhu.
Kwezinye izinguquko ezigqamile:
- Kungezwe ukuxhaswa kwe-ssh ne-ssh-agent kokuhlukahluka kwemvelo kwe- $ SSH_ASKPASS_REQUIRE, okungasetshenziswa ukunika amandla noma ukukhubaza ikholi ye-ssh-Askpass.
- Ku-ssh, ku-ssh_config, kumyalelo we-AddKeysToAgent, amandla wokunciphisa isikhathi sokusebenza kokhiye engeziwe. Ngemuva kokuthi umkhawulo obekiwe usuphelelwe yisikhathi, okhiye basuswa ngokuzenzakalela ku-ssh-agent.
- Ku-scp naku-sftp, usebenzisa ifulegi le- "-A", manje usungavumela ngokusobala ukuqondiswa kabusha kwe-scp ne-sftp usebenzisa i-ssh-agent (ngokuzenzakalela, ukuqondiswa kabusha kukhutshaziwe).
- Kungezwe ukusekelwa kokufakwa esikhundleni kwe - '% k' ku-ssh config yegama elingukhiye lokusingathwa.
- I-Sshd inikeza i-log yesiqalo nesiphetho senqubo yokwehla kokuxhuma, elawulwa yipharamitha ye-MaxStartups.
Ungayifaka kanjani i-OpenSSH 8.4 ku-Linux?
Kulabo abanentshisekelo yokukwazi ukufaka le nguqulo entsha ye-OpenSSH kumasistimu abo, ngoba manje sebengakwenza ukulanda ikhodi yomthombo yalokhu futhi benza ukuhlanganiswa kumakhompyutha abo.
Lokhu kungenxa yokuthi inguqulo entsha ayikakafakwa ezinqolobaneni zokusabalalisa okukhulu kwe-Linux. Ukuthola ikhodi yomthombo, ungenza kusuka ku- isixhumanisi esilandelayo.
Uqedile ukulanda, manje sizovula iphakheji ngomyalo olandelayo:
tar -xvf kuvulwa-8.4.tar.gz
Sifaka umkhombandlela owakhiwe:
cd kuvulwa-8.4
Y singahlanganisa imiyalo elandelayo:
./configure --prefix = / opt --sysconfdir = / etc / ssh yenza ukufaka