I-Dropbear SSH, enye indlela engasindi ku-OpenSSH

David Y. Naranjo

Imizuzu ye-4

I-Dropbear

Dropbear iseva ye-SSH ehlangene kanye neklayenti

Uma unjalo ngifuna iseva ye-SSH engasindi kanye neklayenti, njengoba i-OpenSSH ingesona isixazululo sesidingo sakho. Ake ngikwethule I-Dropbear SSH okuwukusebenzisa okulula kwephrothokholi ye-SSH (I-Secure Shell) idizayinelwe ngokuyinhloko izindawo ezinezisetshenziswa, ezifana namasistimu ashumekiwe, amadivaysi eselula, noma amasistimu akhawulelwe yizinsiza.

A umehluko kwezinye izinhlelo zokusebenza izixazululo ezigcwele ze-SSH ezifana ne-OpenSSH, i-Dropbear ilungiselelwe ukuthatha isikhala sediski esincane futhi isebenzise i-RAM encane, njengoba inganikezi usekelo lwe-SSH v1, esiza ukonga isikhala nezinsiza, kanye nokugwema ubungozi bokuphepha obuhlobene ne-SSH v1.

Futhi, i-Dropbear nayo isebenzisa i-SCP futhi isekela i-SFTP ngefayela kanambambili elinganikezwa i-OpenSSH noma ezinye izinhlelo ezifanayo. Ngakolunye uhlangothi, i-FISH iyahambelana kuzo zonke izimo futhi isekelwa i-Konqueror.

Phakathi kweIzici ze-Dropbear SSH Zihlanganisa:

  • Usayizi omncane: Usayizi kanambambili we-Dropbear mncane kakhulu kunokunye ukusetshenziswa kwe-SSH.
  • Ukusetshenziswa kwensiza okuphansi: I-Dropbear yakhelwe njengenye indlela ye-OpenSSH, ngakho-ke isebenzisa inkumbulo encane ne-CPU, iyenze ifaneleke kumadivayisi anezinsizakusebenza.
  • Ukusebenza okuyisisekelo kwe-SSH: Naphezu kokuba ilula, i-Dropbear inikeza ukusebenza okuyisisekelo kwe-SSH njengokuqinisekisa okuphephile, ukubethela kwedatha, nomhubhe wokuxhumana.
  • Ukuhambisana: I-Dropbear iyahambisana nezivumelwano namazinga afana ne-SSH 2.0 futhi ingahlanganiswa kalula ezindaweni ezahlukene.
  • Ukusetha okwenziwe lula: Ukusethwa kwe-Dropbear kulula uma kuqhathaniswa nokunye ukusetshenziswa kwe-SSH, okwenza kube lula ukuwasebenzisa kumasistimu adinga ukusethwa okusheshayo nokuqondile.

Njengamanje, i-Dropbear kunguqulo yayo engu-2024.84, eyethulwe ezinsukwini ezimbalwa ezedlule futhi phakathi kwezici ezibaluleke kakhulu zalokhu kwethulwa okulandelayo kuyagqama:

Yini entsha ku-Dropbear 2024.84?

Enye yentuthuko ephawulekayo yale nguqulo entsha ye-Dropbear 2024.84 yi- ushintsho ekuphathweni kwe /etc/shadow njengoba iDropbear manje isebenzisa /etc/shadow kuphela uma umsebenzisi eno-"x" njengokubethela ku-/etc/passwd, ngaleyo ndlela kulandela izinqubo ezibhalwe ku-passwd(5) ukuze kugcinwe ukuvumelana nezinye izinhlelo ohlelweni.

Esinye isici esisha esivezwa yiDropbear 2024.84 yile ukusekelwa okuthuthukisiwe kwezinketho ezihambisana ne-OpenSSH, okuhlanganisa i-StrictHostKeyChecking enika amandla ukuqinisekiswa okuqinile kokhiye bokusingatha we-SSH, i-BatchMode eyenza kube lula ukusebenzisa i-Dropbear kumaskripthi nama-automation ngokukhubaza ukusebenzisana okusebenzisanayo, kanye nezinketho ezimbalwa ezihambisana ne-OpenSSH ezifana nokuqinisekiswa kwephasiwedi zengeziwe, okunikeza ukuguquguquka okwengeziwe kuseva kanye ukucushwa kweklayenti.

Ngaphezu kwalokho, kuqokonyiswa ukuthi i- ikhono lokusebenzisa amafayela wokumisa we-dbclient, ukuvumela abasebenzisi yenza ngendlela oyifisayo futhi ulungise ukuziphatha kufayela elithi ~/.ssh/dropbear_config, ngezinketho eziningi ezifana nalezo ezitholakala ku-ssh_config, njengeSisingathi, Igama Lomethuleli, Imbobo, Umsebenzisi, kanye Nefayela Lomazisi. Lokhu kusebenza kukhutshazwe ngokuzenzakalela ngesikhathi sokuhlanganiswa okwamanje.

Mayelana nokuthuthukiswa kweseva, kuyagqama ukuthi yengeziwe ukusekelwa kokudlulisa isokhethi kwe-Unix, umsebenzi othuthukisa ukuxhumana nokuphathwa koxhumano ezindaweni eziyinkimbinkimbi, ukulungiswa kokuphahlazeka kwasetshenziswa lapho kuvalwa amaseshini e-TCP adluliselwe phambili, ukuthuthukisa ukuzinza kweseva.

Of ezinye izinguquko ezigqamile:

  • Lungisa impendulo engekho ezicelweni ze-TCP ezikude uma kukhutshaziwe, kuqinisekisa ukuxhumana okushelelayo.
  • Ukuthuthukiswa kokufunda isibhengezo ukuze kugwenywe ukwehluleka okubulalayo, ukuqinisekisa ukungena ngemvume okuphephile nokuthembekile.
  • Ukuthuthukiswa ekwakheni nge-DROPBEAR_RSA kukhutshaziwe, ukuthuthukisa ukusebenza kahle ekucushweni okuhlukile.
  • Amafayela omthombo ahlelwe kabusha ku-src/ subdirectory futhi wengeza izivivinyo ezengeziwe zezinketho ezikhutshaziwe.
  • Kungezwe usekelo lokushintshisana kokhiye oqinile (i-KEX eqinile).
  • Kulungiswe "izinkinga zika-2038" (Y2038) ezimbalwa.

Uma unjalo unentshisekelo yokwazi okwengeziwe ngayo, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.