OpenSSH seti yezvishandiso inobvumira kuvharirwa kutaurirana pamusoro petiweki, uchishandisa iyo SSH protocol.
Iyo ichangobva kuziviswa, kuburikidza neiyo OpenSSH chirongwa chekutumira zvinyorwa, iyo yakaronga chirongwa chekugumisa tsigiro yemakiyi zvichienderana neiyo DSA algorithm.
Izvo zvinotaurwa kuti chikonzero chikuru kumisa kutsigira iyi algorithm, imhaka yekuti parizvino DSA makiyi haape yakaringana mwero wechengetedzo, yakapihwa yayo 160-bit muganho weyakavanzika kiyi uye kushandiswa kweSHA1, iyo, maererano nekuchengetedza, yakada kuenzana ne80-bit symmetric kiyi.
DSA inomirira Digital Siginecha Algorithm. Inoshandiswa kudhijitari siginecha uye simbisa. Izvo zvakavakirwa papfungwa yemasvomhu ye modular exponentiation uye discrete logarithm. Yakagadzirwa neNational Institute of Standards uye Technology (NIST) muna 1991.
Inosanganisira maitiro mana:
1. Chizvarwa Chakakosha
2. Kugovera Kwakakosha
3. Siginicha
4. Siginecha Verification
Tinofanira kuyeuka kuti mu OpenSSH Default kushandiswa kwemakiyi eDSA kwakamiswa muna 2015, yakachengetwa sechisarudzo, sezvo iyi algorithm yaidiwa kuti ishandiswe muSSHv2 protocol. Ichi chinodiwa chakamuka nekuti, panguva iyo SSHv2 protocol yakasikwa uye yakatenderwa, ese algorithms ese aive pasi pematendi. Zvisinei, nekufamba kwenguva, mamiriro ezvinhu akachinja: zvibvumirano zvine chokuita neRSA zvapera, uye maalgorithms akadai seECDSA neEdDSA akaunzwa, ayo anopfuura zvikuru DSA mukushanda nekuchengeteka.
DSA, sekutsanangurwa kweSSHv2 protocol, haina kusimba:
inogumira ku160-bit yakavanzika kiyi uye kushandiswa kweSHA1 digest. Is
Inofungidzirwa nhanho yekuchengetedza ndeye <= 80-bit symmetric yakaenzana.OpenSSH yakadzima makiyi eDSA nekukasira kubva 2015, asi yakaachengeta serutsigiro rwesarudzo kwavari. DSA ndiyo yega algorithm yakarairwa kuti ishandiswe muSSHv2 RFCs, zvakanyanya nekuti mamwe maalgorithms aive patent-akaiswa payakagadzirwa nekutsanangurwa.
Kubva ipapo, nyika yakaenderera mberi. RSA haina kuverengerwa uye inotsigira
nokuti iri pose pose. ECDSA inopa kwakakosha kuita uye kuchengetedza mabhenefiti pamusoro pemod DSA uye EdDSA inokunda iyo yekuwedzera kuita uye kuchengetedza kuvandudzwa pamusoro pezvese zvakare.
Mushure mekuongorora mamiriro azvino, OpenSSH vagadziri vakagumisa kuti mari ine chekuita nekuchengetedza iyo isina kuchengeteka DSA algorithm haichakodzeri. Kubviswa kweDSA kunoonekwa sekurudziro kune mamwe maSSH maitirwo uye cryptographic maraibhurari kuti amirewo kutsigira DSA.
Pamusoro pazvo, chirongwa chekubvisa DSA kubva kukodhi chakatoburitswa yeOpenSSH, kubvira pakutanga, sezvatotaurwa pakutanga, rutsigiro rwakabva pakusarudzika kuenda pakusarudza uye nekutsauka kwakatora vhezheni yaApril yeOpenSSH inoronga kuchengetedza iyo DSA kuunganidzwa, asi ichapa kugona kudzima DSA panguva yekuunganidza.
Zvadaro, pakuburitswa kwaChikumi, DSA ichave yakaremara nekusarudzika panguva yekuvaka, uye ichabviswa kubva kucodebase kutanga kwa2025.
Izvi hazviiti kuti OpenSSH ienderane neRFC4253?
Zvakanyanya kusapfuura zvatave kubva 2015, patakamira kupa DSA rutsigiro nekukasira.
* Nei uchifanira kuita chinjo iyi zvino? Sei kwete pamberi / shure?
Isu tinotenda kuti nguva yakakwana yadarika kubvira DSA yakaremara nekusarudzika, izvo zvave kutungamira mukurega kushandisa algorithm nehuwandu hwakawanda hwevashandisi. Zvinogonawo kuti isu tichakurumidza kutanga kuongorora post-quantum siginecha algorithm uye toziva nezvehukuru hwese uye kuoma kwekiyi / siginecha kodhi.
Pakupedzisira, inotaurwa kuti nokuda avo vashandisi vachiri kuda rutsigiro rweDSA kudivi revatengi, ichava nesarudzo yekushandisa mamwe mavakirwo ezvinyorwa zvekare zve OpenSSH, senge Debian-supplied package "openssh-client-ssh1".Pasuru iyi, yakavakirwa paOpenSSH 7.5, yakagadzirirwa kubatana kumaseva eSSH uchishandisa SSHv1 protocol, iyo yakamiswa muOpenSSH 7.6 makore matanhatu apfuura.
pakupedzisira kana uri kuda kuziva zvakawanda nezvazvo, Saka bvunza zvakadzama mu tevera link