Shanduro itsva ye OpenSSH 8.8 yakatoburitswa kare uye iyi vhezheni itsva inomira kuremadza nekukanganisa kugona kushandisa masiginecha edhijitari zvichibva pamakiyi eRSA ane SHA-1 hash ("ssh-rsa").
Kupera kwekutsigira "ssh-rsa" masiginecha inokonzerwa nekuwedzera kwekugona kwekurovera kurwiswa nechirevo chekutanga chakapihwa (mutengo wekufungidzira kubondera unofungidzirwa kungangoita zviuru makumi mashanu zvemadhora). Kuti uedze kushandiswa kwe ssh-rsa pane system, unogona kuyedza kubatanidza ssh nesarudzo "-oHostKeyAlgorithms = -ssh-rsa".
Uye zvakare, rutsigiro rweRSA masiginecha neSHA-256 uye SHA-512 (rsa-sha2-256 / 512) hashes, iyo inotsigirwa kubvira OpenSSH 7.2, haina kuchinja. Kazhinji, kupedzisa rutsigiro rwe "ssh-rsa" hakuzodi chero chiito chemanyore. nevashandisi, seyakagadziriswa UpdateHostKeys yaimbogoneswa nekukasira muOpenSSH, iyo inoshandura yega vatengi kune mamwe akavimbika algorithms.
Iyi vhezheni inoremadza RSA masiginecha ichishandisa iyo SHA-1 hashing algorithm default. Iyi shanduko yakaitwa kubva iyo SHA-1 hash algorithm iri cryptographically yakaputsika, uye zvinokwanisika kugadzira chisarudzo chekutanga hashi kubonderana ne
Kune vazhinji vashandisi, shanduko iyi inofanira kunge isingaonekwe uye iripo hapana chikonzero chekutsiva ssh-rsa makiyi. OpenSSH inoenderana neRFC8332 RSA / SHA-256/512 masiginecha kubva vhezheni 7.2 uye aripo ssh-rsa makiyi inozoshandisa otomatiki algorithm yakasimba pese pazvinogoneka.
Nezve kutama, kuwedzera kweprotocol "hostkeys@openssh.com" kunoshandiswa«, Iyo inobvumidza sevha, mushure mekupfuudza iko kwechokwadi, kuzivisa mutengi nezveese aripo makiyi ekugamuchira. Paunenge uchibatanidza kumasevhisi neshanduro dzekare kwazvo dzeOpenSSH padivi remutengi, unogona kusarudza kudzoreredza kugona kushandisa masiginecha "ssh-rsa" nekuwedzera ~ / .ssh / config
Shanduro nyowani inogadzirisa zvakare nyaya yekuchengetedza inokonzerwa ne sshd, kubvira OpenSSH 6.2, zvisiri izvo kutanga iro boka revashandisi kana uchiita mirairo yakatsanangurwa muAuthorizedKeysCommand uye AuthorizedPrincipalsCommand mirairo.
Aya mirairo inofanirwa kuona kuti mirairo inoitwa pasi pemumwe mushandisi, asi pachokwadi ivo vakagara nhaka runyorwa rwemapoka anoshandiswa pakutangisa sshd. Zvichida, hunhu uhu, hwakapihwa mamwe masisitimu ekugadzirisa, aibvumira iyo inomhanya controller kuti iwedzere mamwe maropafadzo pachirongwa.
Zvinyorwa zvekuburitsa dzinosanganisira zvakare yambiro nezve chinangwa chekuchinja chinoshandiswa che scp default kushandisa SFTP panzvimbo yenhaka SCP / RCP protocol. SFTP inosimbisa mamwe mazita enzira dzinofungidzirwa, uye mapasire epasirese ekugadzirisa anoshandiswa mumazita emafaira kubudikidza nehombodo kune rimwe divi remubati, zvichigadzira kunetsekana kwekuchengetedza.
Kunyanya, kana uchishandisa SCP neRCP, sevha inosarudza kuti ndeapi mafaera uye madhairekitori ekutumira kumutengi, uye mutengi anongotarisa kurongeka kwemazita echinhu chakadzoserwa, ayo, mukushayikwa kwekutarisa kwakakodzera padivi remutengi, anotendera iyo sevha kutumira mamwe mazita emafaira akasiyana neaya akumbirwa.
SFTP haina matambudziko aya, asi haitsigire kuwedzerwa kwenzira dzakadai se "~ /". Kugadzirisa mutsauko uyu, mune vhezheni yapfuura yeOpenSSH, kuwedzerwa kweSFTP kwakakurudzirwa muSFTP server kuitisa kuratidza iyo ~ / uye ~ mushandisi / nzira.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo nezve iyi vhezheni nyowani, iwe unogona kutarisa iyo ruzivo nekuenda kunotevera chinongedzo.
Maitiro ekuisa OpenSSH 8.8 paLinux?
Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.
Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane iyo kodhi kodhi, iwe unogona kuita kubva ku next link.
Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera
tar -xvf openssh-8.8.tar.gz
Isu tinopinda dhairekitori rakagadzirwa:
cd openssh-8.8
Y tinogona kuumbiridza ne inotevera mirairo:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install