Vula i-Secure Shell (OpenSSH): Okuncane kwakho konke mayelana nobuchwepheshe be-SSH

Vula i-Secure Shell (OpenSSH): Okuncane kwakho konke mayelana nobuchwepheshe be-SSH

Kusukela isilinganiso somsebenzisi we-GNU/Linux Ngokuvamile kuba ngumuntu othuthuke kakhulu, owaziwayo noma ochwepheshe kulo mkhakha. umhlaba wesayensi yekhompyutha, lokhu kukuphoqa ukuthi usebenzise futhi ube yingcweti kwamathuluzi akhethekile noma ubuchwepheshe. Isibonelo esihle salokhu yi- ukuxhumana okukude kwamanye amakhompyutha noma amadivaysi, ngemifanekiso noma ngetheminali. Ngokwesibonelo, a isilinganiso somsebenzisi we-linux, I-SysAdmins noma i-DevOps, ngokuvamile esuka kunethiwekhi (ekhaya, ibhizinisi noma efwini), ixhuma ukude kwamanye amakhompyutha ngokusebenzisa izimiso eziyisisekelo noma ubuchwepheshe obutholakalayo bayo, njengokuthi, RDP, Telnet, SSH, nabanye abaningi.

futhi njengabaningi Ochwepheshe be-IT sesivele sazi, maningi amathuluzi esoftware alokhu. Nokho, uma kuziwa Izinhlelo Zokusebenza ze-GNU / Linux, ikakhulukazi mayelana Amaseva, okuyisisekelo nesibalulekile, ubungcweti bethuluzi elaziwa ngokuthi I-OpenSecureShell (OpenSSH). Isizathu sokuthi kungani, namuhla sizoqala ngale ngxenye yokuqala mayelana ne-SSH.

Futhi njengenjwayelo, ngaphambi kokungena esihlokweni sanamuhla mayelana nohlelo «Vula Igobolondo Elivikelekile» (OpenSSH), ukuze sinikeze umbono obanzi ngayo, sizoshiyela labo abathakazelayo izixhumanisi ezilandelayo zezincwadi ezithile ezihlobene nangaphambili. Ngendlela yokuthi bangazihlola kalula, uma kunesidingo, ngemva kokuqeda ukufunda le ncwadi:

“Abanye abasebenzisi bangase bacabange ukuthi izinqubo ezingcono kakhulu kufanele zisetshenziswe kumaseva kuphela, kanti akunjalo. Ukusabalalisa okuningi kwe-GNU/Linux kufaka i-OpenSSH ngokuzenzakalelayo futhi kunezinto ezimbalwa okufanele uzikhumbule". Imikhuba emihle nge-OpenSSH

I-athikili ehlobene:

I-OpenSSH 8.5 ifika nge-UpdateHostKeys, ukulungiswa nokuningi

I-athikili ehlobene:

I-OpenSSH 8.4 isivele ikhishiwe, yazi izinguquko zayo ezibaluleke kakhulu

Vula Igobolondo Elivikelekile (OpenSSH): Ukuphathwa kokungena kwesilawuli kude

Yini i-SSH?

Igama le- "SSH" ubuchwepheshe livela kwisifinyezo sebinzana lesiNgisi "Vikela iShell", okusho ngeSpanishi ukuthi, "Vikela Igobolondo" o "Vikela Umtoliki We-oda". Nokho, ukuze uthole incazelo nencazelo enembayo nephelele, singacaphuna lezi zigaba ezilandelayo:

“I-SSH imele i-Secure Shell iyiphrothokholi yokufinyelela okukude okuphephile nezinye izinsiza zenethiwekhi ezivikelekile ngenethiwekhi engavikelekile. Ngokuqondene nobuchwepheshe be-SSH, i-OpenSSH idume kakhulu futhi isetshenziswa. I-SSH ingena esikhundleni sezinsizakalo ezingabhaliwe njenge-Telnet, i-RLogin, ne-RSH futhi yengeza ezinye izici eziningi. I-Debian Wiki

“Iphrothokholi ye-SSH yakhiwe kucatshangelwa ukuphepha nokwethembeka. Ukuxhumana okusebenzisa i-SSH kuvikelekile, enye ingxenye iqinisekisiwe, futhi yonke idatha eshintshiwe ibethelwe. I-SSH futhi inikeza izinsizakalo ezimbili zokudlulisa amafayela; eyodwa yi-SCP, okuyithuluzi letheminali elingasetshenziswa njengomyalo we-CP; kanti enye i-SFTP, okuwuhlelo olusebenzisanayo olufana ne-FTP”. I-Debian Administrator's Manual

“Njengamanje kunamadaemoni amathathu e-SSH asetshenziswa kakhulu, i-SSH1, i-SSH2, kanye ne-OpenSSH evela kubantu be-OpenBSD. I-SSH1 bekuyi-daemon yokuqala ye-SSH etholakalayo futhi kuseyiyona esetshenziswa kakhulu. I-SSH2 inezinzuzo eziningi kune-SSH1, kodwa isatshalaliswa ngaphansi kwelayisensi yomthombo ovulekile exubile evaliwe. Nakuba, i-OpenSSH iyidaemon yamahhala esekela kokubili i-SSH1 ne-SSH2. Futhi, inguqulo efakwe ku-Debian GNU/Linux, lapho ukhetha ukufaka iphakheji ye-'SSH'. I-Debian Security Handbook

Kungani usebenzise ubuchwepheshe be-SSH?

Kungani, ssh Kuyinto a Iphrothokholi yenethiwekhi okuqinisekisa a ukushintshana kwedatha (ulwazi/amafayela) ngendlela iphephile futhi inamandla, kusuka kukhompyutha yeklayenti kuya kukhompuyutha yeseva.

Ngaphezu kwalokho, lobu buchwepheshe inikeza inqubo ebhekwa njengokwethenjelwa kakhulu, ngoba kuyo, amafayela noma imiyalo ethunyelwa kukhompuyutha okuyiwa kuyo ibethelwe. Futhi konke lokhu, okuqinisekisa ukuthi ukuthunyelwa kwedatha kwenziwa ngendlela engcono kakhulu, ngaleyo ndlela kuncishiswe noma yikuphi ukuguqulwa okungenzeka ngesikhathi sokukhishwa kwayo, ukudluliswa nokwamukelwa kwayo.

Okokugcina, kufanelekile ukuphawula lokho ssh futhi inikeza indlela ehlanganisa noma idinga ukuqinisekiswa kwanoma yimuphi umsebenzisi wesilawuli kude, ukuze kuqinisekiswe ukuthi igunyaziwe ukuxhumana nekhompuyutha okuyiwa kuyo (iseva). Ngaphezu kwalokho, le nqubo ngokuvamile, ngokuzenzakalelayo, ivela ezingeni lokusetshenziswa kwamatheminali noma ama-consoles, okungukuthi, ngokusebenzisa izindawo ze-I.I-Command Line Interface (CLI).

Yini i-Open Secure Shell (OpenSSH)?

Ngokusho kwe- Iwebhusayithi esemthethweni ye-OpenSSH, lolu hlelo lwamahhala noluvulekile luchazwa kanje:

“I-OpenSSH iyithuluzi lokuxhumana elihamba phambili lokungena uqhelile usebenzisa iphrothokholi ye-SSH. Ibethela yonke ithrafikhi ukuze kuqedwe ukulalela, ukudunwa kwezixhumanisi nokunye ukuhlasela. Ukwengeza, i-OpenSSH inikeza isethi ecebile yezici ezivikelekile zamashubhu, izindlela ezihlukahlukene zokuqinisekisa, nezinketho zokumisa eziyinkimbinkimbi.

Futhi okulandelayo kuyengezwa futhi kunemininingwane:

"I-OpenSSH suite iqukethe amathuluzi alandelayo: Imisebenzi ekude yenziwa nge-ssh, scp, kanye ne-sftp; eya gukuphathwa kokhiye kusebenza no-ssh-add, ssh-keysign, ssh-keyscan kanye ne-ssh-keygen; futhi i Uhlangothi lwesevisi lusebenza ne-sshd, sftp-server kanye namaphakheji we-ssh-ejenti”.

I-OpenSSH 9.0: Yini Okusha kanye Nokulungiswa Kweziphazamisi

Kuyaphawuleka ukuthi okwamanje I-OpenSSH ikunguqulo yayo engu-9.0. Inguqulo esanda kukhishwa (08/04/2022) okunoveli kwayo okuyinhloko yilokhu okulandelayo:

• I-SSH ne-SSHd: Kusetshenziswa ukhiye ohlanganisiwe we-NTRU Prime + x25519 hybrid njengendlela yokushintshanisa ezenzakalelayo ("sntrup761x25519-sha512@openssh.com").
• Iseva ye-SFTP: Ukunika amandla isandiso "sedatha yekhophi" ukuze kuvunyelwe amakhophi ohlangothini Lweseva lwamafayela/idatha, kulandela umklamo kokuthi okusalungiswa-ietf-secsh-filexfer-extensions-00.
• SFTP: Kwengezwe umyalo we-"cp" ukuze uvumele amakhophi efayela eseceleni kweseva ukuthi asebenze kuklayenti le-sftp.

Ukuze uthole ulwazi olwengeziwe noma imininingwane mayelana nalezi izindaba, ukulungiswa kweziphazamisi kanye nedatha yokuthutha, ungafinyelela okulandelayo isixhumanisi.

"I-algorithm ye-NTRU kukholakala ukuthi imelana nokuhlaselwa okunikwe amandla amakhompuyutha e-quantum esikhathi esizayo futhi ibhangqwe nokushintshisana kokhiye we-X25519 ECDH (okumisiwe okudala) njengesipele ngokumelene nanoma ibuphi ubuthakathaka ku-NTRU Prime obungase butholakale esikhathini esizayo.".

Lapho ungafunda khona okwengeziwe nge-SSH

Kuze kube manje, sesifinyelele ithiyori ebaluleke kakhulu ukwazi nge-SSH ne-OpenSSH. Kodwa-ke, ezinkolelweni ezizayo ngalesi sihloko, sizocubungula futhi sibuyekeze lokho osekuchazwe kakade ezihlokweni ezedlule. Ngokuqondene neyakhe ukufakwa, wakho ukumiswa kwemingcele, kanye imikhuba emihle yamanje (izincomo), lapho kwenziwa izilungiselelo eziyisisekelo nezithuthukile. Futhi kanjani khipha imiyalo elula neyinkimbinkimbi ngokusebenzisa ubuchwepheshe obushiwo.

Kodwa-ke, ye- wandise lolu lwazi Sincoma ukuthi uhlole okulandelayo okuqukethwe okusemthethweni nokuthembekile ku-inthanethi:

1. I-Debian Wiki
2. Imanuwali Yomlawuli We-Debian: Ukungena Okukude / I-SSH
3. I-Debian Security Handbook: Isahluko 5. Ukuvikela izinsiza ezisebenza kusistimu yakho

Isifingqo

Ngokufingqa, Ubuchwepheshe be-SSH, ngokuvamile, ubuchwepheshe obuhle futhi obulula, uma busetshenziswe kahle, bunikeza a ukuxhumana okuthembekile nokuvikelekile kanye nendlela yokungena kwabanye amaqembu akude, ukuze ufinyelele izinsiza nemisebenzi ehlinzekwa ngaphakathi kwayo. Futhi okulinganayo kwamahhala nokuvulekile, okungukuthi, «Vula Igobolondo Elivikelekile» (OpenSSH) iyisimangaliso enye indlela ekhululekile futhi evulekile efanayo, itholakala kabanzi futhi isetshenziswa kuwo wonke ama Ukusatshalaliswa kwe-GNU / Linux zamanje.

Siyethemba ukuthi lolu shicilelo luwusizo olukhulu kubo bonke «Comunidad de Software Libre, Código Abierto y GNU/Linux». Futhi ungakhohlwa ukuphawula ngakho ngezansi, futhi wabelane ngakho nabanye kumawebhusayithi ayizintandokazi zakho, iziteshi, amaqembu noma imiphakathi yezokuxhumana nabantu noma izinhlelo zemiyalezo. Ekugcineni, vakashela ikhasi lethu lasekhaya ku «DesdeLinux» ukuhlola ezinye izindaba, bese ujoyina isiteshi sethu esisemthethweni se- I-Telegram ye DesdeLinux, ENtshonalanga iqembu ukuze uthole ulwazi olwengeziwe ngale ndaba.