Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Thật không may, phụ thuộc vào một bức tường lửa để gỡ bỏ khả năng truyền tải thông điệp từ bất cứ ai có thể đe dọa mạng của bạn chỉ là không đủ để thực sự an toàn của nó. Đối với một, trừ khi bạn sử dụng một "bức tường lửa theo phong cách quân sự" | Tunneling Chapter 13 541 Setting Up OpenSSH The full procedure for setting up OpenSSH is mostly outside the scope of this chapter but you can find a good guide for Linux at www.helpdesk.umd.edu linux security ssh_install.shtml.Windows is slightly more complicated those using the excellent UNIX-On-Windows Cygwin environment can get guidance at http tech.erdelynet.com cygwin-sshd.asp those who simply seek a daemon that will work and be done with it should grab Network Simplicity s excellent SSHD build at www.networksimplicity.com openssh . Note this very important warning about versions Modern UNIX distributions all have SSH daemons installed by default including Apple s Macintosh OSX unfortunately a disturbing number of these daemons are either SSH 1.2.27 or OpenSSH 2.2.0p2 or earlier.The SSH1 implementations in these packages are highly vulnerable to a remote root compromise and must be upgraded as soon as possible. If it is not feasible to upgrade the daemon on a machine using the latest available at www.openssh.com or even the official SSH2 from ssh.com you can secure builds of OpenSSH that support both SSH1 and SSH2 by editing etc sshd_config and changing Protocol 2 1 to Protocol 2. This has the side effect of disabling SSH1 support entirely which is a problem for older clients. Obscurity is particularly no defense in this situation as well the version of any SSH server can be easily queried remotely as in the following effugas@OTHERSHOE telnet 10.0.1.11 22 Trying 10.0.1.11. Connected to 10.0.1.11. Escape character is . SSH-1.99-OpenSSH_3.0.1p1 Another important note is that the SSH server does not necessarily require root permissions to execute the majority of its functionality. Any user may execute sshd on an alternate port and even authenticate himself against it.The SSH client in particular may be installed and executed by any normal user this is particularly important when some of the newer features of OpenSSH like ProxyCommand are required but unavailable