Sabuwar sigar Tuni an saki OpenSSH 8.8 kuma wannan sabon sigar yayi fice don naƙasa ta hanyar tsoho ikon amfani da sa hannun dijital dangane da makullin RSA tare da hash na SHA-1 ("ssh-rsa").
Ƙarshen tallafi don sa hannun "ssh-rsa" yana faruwa ne saboda ƙaruwar tasirin hare -haren haɗarin tare da prefix da aka bayar (an kiyasta farashin yin hasarar karo kusan dala dubu 50). Don gwada amfani da ssh-rsa akan tsarin, zaku iya gwada haɗawa ta hanyar ssh tare da zaɓi "-oHostKeyAlgorithms = -ssh-rsa".
Bugu da ƙari, tallafi don sa hannun RSA tare da SHA-256 da SHA-512 (rsa-sha2-256 / 512) hashes, waɗanda ake tallafawa tun OpenSSH 7.2, bai canza ba. A mafi yawan lokuta, kawo karshen tallafi don "ssh-rsa" ba zai buƙaci aikin hannu ba. ta masu amfani, kamar yadda a baya aka kunna saitin UpdateHostKeys ta hanyar tsoho a cikin OpenSSH, wanda ke fassara abokan ciniki ta atomatik zuwa ingantattun algorithms.
Wannan sigar tana kashe sa hannun RSA ta amfani da algorithm hashing na SHA-1 tsoho. An yi wannan canjin tun lokacin da SHA-1 hash algorithm yake cryptographically karya, kuma yana yiwuwa a ƙirƙiri prefix da aka zaɓa haduwar hash ta
Ga yawancin masu amfani, wannan canjin yakamata ya zama wanda ba a iya gani kuma akwai babu buƙatar maye gurbin maɓallin ssh-rsa. OpenSSH ya dace da RFC8332 RSA / SHA-256 /512 sa hannu daga sigar 7.2 da makullin ssh-rsa zai yi amfani da algorithm mafi ƙarfi ta atomatik duk lokacin da zai yiwu.
Don ƙaura, ana amfani da tsawaita yarjejeniya "hostkeys@openssh.com"«, Wanda ke ba da damar sabar, bayan wucewa da tabbatarwa, don sanar da abokin ciniki duk makullin rundunar. Lokacin haɗi zuwa runduna tare da tsofaffin juzu'in OpenSSH a gefen abokin ciniki, zaku iya zaɓar juyar da ikon amfani da sa hannun "ssh-rsa" ta ƙara ~ / .ssh / config
Sabuwar sigar Hakanan yana gyara matsalar tsaro ta sshd, tunda OpenSSH 6.2, ba daidai ba ƙaddamar da ƙungiyar mai amfani yayin aiwatar da umarnin da aka ƙayyade a cikin AuthorizedKeysCommand da AuthorizedPrincipalsCommand umarni.
Waɗannan umarnin yakamata su tabbatar cewa ana gudanar da umarni a ƙarƙashin wani mai amfani daban, amma a zahiri sun gaji jerin rukunin da aka yi amfani da su lokacin fara sshd. Mai yiyuwa ne, wannan halayyar, da aka ba wasu jeri na tsarin, ya ba da damar mai gudanar da aiki don samun ƙarin gata a kan tsarin.
Bayanan sakin sun kuma haɗa da gargadi game da niyyar canza kayan aikin scp tsoho don amfani da SFTP maimakon ƙa'idar yarjejeniya ta SCP / RCP. SFTP yana tilasta ƙarin sunaye na hanyoyin da ake iya faɗi, kuma ana amfani da tsarin rashin aiki na duniya a cikin sunayen fayil ta cikin harsashi a gefen ɗayan mai masaukin, yana haifar da damuwar tsaro.
Musamman, lokacin amfani da SCP da RCP, uwar garken yana yanke shawarar waɗanne fayiloli da kundayen adireshi da za a aika wa abokin ciniki, kuma abokin ciniki kawai yana bincika daidaiton sunayen abubuwan da aka dawo, wanda, idan babu ingantattun bincike a gefen abokin ciniki, yana ba da damar uwar garke don watsa wasu sunayen fayil waɗanda suka bambanta da waɗanda aka nema.
SFTP ba shi da waɗannan matsalolin, amma baya goyan bayan faɗaɗa hanyoyi na musamman kamar "~ /". Don magance wannan bambanci, a sigar da ta gabata ta OpenSSH, an gabatar da sabon faɗaɗa SFTP a cikin aiwatar da sabar SFTP don fallasa ~ / da ~ mai amfani / hanyoyi.
Finalmente idan kuna sha'awar ƙarin sani game da shi game da wannan sabon sigar, zaku iya bincika cikakkun bayanai ta hanyar zuwa mahaɗin mai zuwa.
Yadda ake girka OpenSSH 8.8 akan Linux?
Ga waɗanda suke da sha'awar iya shigar da wannan sabon sigar na OpenSSH akan tsarin su, don yanzu zasu iya yi sauke lambar tushe na wannan kuma suna yin tattara abubuwa akan kwamfutocin su.
Wannan shi ne saboda ba a haɗa sabon sigar a cikin ɗakunan manyan abubuwan rarraba Linux ba. Don samun lambar tushe, zaku iya yi daga link mai zuwa.
Anyi saukewar, yanzu zamu kwance kunshin tare da umarni mai zuwa:
tar -xvf openssh-8.8.tar.gz
Mun shigar da kundin adireshi:
cd openssh-8.8
Y za mu iya tattarawa tare da dokokin nan masu zuwa:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install