OpenSSH 8.8 inosvika ichitaura zvakanaka kune ssh-rsa rutsigiro, kugadzirisa zvipembenene uye zvimwe

Shanduro itsva ye OpenSSH 8.8 yakatoburitswa kare uye iyi vhezheni itsva inomira kuremadza nekukanganisa kugona kushandisa masiginecha edhijitari zvichibva pamakiyi eRSA ane SHA-1 hash ("ssh-rsa").

Kupera kwekutsigira "ssh-rsa" masiginecha inokonzerwa nekuwedzera kwekugona kwekurovera kurwiswa nechirevo chekutanga chakapihwa (mutengo wekufungidzira kubondera unofungidzirwa kungangoita zviuru makumi mashanu zvemadhora). Kuti uedze kushandiswa kwe ssh-rsa pane system, unogona kuyedza kubatanidza ssh nesarudzo "-oHostKeyAlgorithms = -ssh-rsa".

Uye zvakare, rutsigiro rweRSA masiginecha neSHA-256 uye SHA-512 (rsa-sha2-256 / 512) hashes, iyo inotsigirwa kubvira OpenSSH 7.2, haina kuchinja. Kazhinji, kupedzisa rutsigiro rwe "ssh-rsa" hakuzodi chero chiito chemanyore. nevashandisi, seyakagadziriswa UpdateHostKeys yaimbogoneswa nekukasira muOpenSSH, iyo inoshandura yega vatengi kune mamwe akavimbika algorithms.

Iyi vhezheni inoremadza RSA masiginecha ichishandisa iyo SHA-1 hashing algorithm default. Iyi shanduko yakaitwa kubva iyo SHA-1 hash algorithm iri cryptographically yakaputsika, uye zvinokwanisika kugadzira chisarudzo chekutanga hashi kubonderana ne

Kune vazhinji vashandisi, shanduko iyi inofanira kunge isingaonekwe uye iripo hapana chikonzero chekutsiva ssh-rsa makiyi. OpenSSH inoenderana neRFC8332 RSA / SHA-256/512 masiginecha kubva vhezheni 7.2 uye aripo ssh-rsa makiyi inozoshandisa otomatiki algorithm yakasimba pese pazvinogoneka.

Nezve kutama, kuwedzera kweprotocol "hostkeys@openssh.com" kunoshandiswa«, Iyo inobvumidza sevha, mushure mekupfuudza iko kwechokwadi, kuzivisa mutengi nezveese aripo makiyi ekugamuchira. Paunenge uchibatanidza kumasevhisi neshanduro dzekare kwazvo dzeOpenSSH padivi remutengi, unogona kusarudza kudzoreredza kugona kushandisa masiginecha "ssh-rsa" nekuwedzera ~ / .ssh / config

Shanduro nyowani inogadzirisa zvakare nyaya yekuchengetedza inokonzerwa ne sshd, kubvira OpenSSH 6.2, zvisiri izvo kutanga iro boka revashandisi kana uchiita mirairo yakatsanangurwa muAuthorizedKeysCommand uye AuthorizedPrincipalsCommand mirairo.

Aya mirairo inofanirwa kuona kuti mirairo inoitwa pasi pemumwe mushandisi, asi pachokwadi ivo vakagara nhaka runyorwa rwemapoka anoshandiswa pakutangisa sshd. Zvichida, hunhu uhu, hwakapihwa mamwe masisitimu ekugadzirisa, aibvumira iyo inomhanya controller kuti iwedzere mamwe maropafadzo pachirongwa.

Zvinyorwa zvekuburitsa dzinosanganisira zvakare yambiro nezve chinangwa chekuchinja chinoshandiswa che scp default kushandisa SFTP panzvimbo yenhaka SCP / RCP protocol. SFTP inosimbisa mamwe mazita enzira dzinofungidzirwa, uye mapasire epasirese ekugadzirisa anoshandiswa mumazita emafaira kubudikidza nehombodo kune rimwe divi remubati, zvichigadzira kunetsekana kwekuchengetedza.

Kunyanya, kana uchishandisa SCP neRCP, sevha inosarudza kuti ndeapi mafaera uye madhairekitori ekutumira kumutengi, uye mutengi anongotarisa kurongeka kwemazita echinhu chakadzoserwa, ayo, mukushayikwa kwekutarisa kwakakodzera padivi remutengi, anotendera iyo sevha kutumira mamwe mazita emafaira akasiyana neaya akumbirwa.

SFTP haina matambudziko aya, asi haitsigire kuwedzerwa kwenzira dzakadai se "~ /". Kugadzirisa mutsauko uyu, mune vhezheni yapfuura yeOpenSSH, kuwedzerwa kweSFTP kwakakurudzirwa muSFTP server kuitisa kuratidza iyo ~ / uye ~ mushandisi / nzira.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo nezve iyi vhezheni nyowani, iwe unogona kutarisa iyo ruzivo nekuenda kunotevera chinongedzo.

Maitiro ekuisa OpenSSH 8.8 paLinux?

Kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeOpenSSH pane avo masisitimu, nekuti izvozvi vanogona kuzviita kurodha pasi kodhi kodhi yeiyi uye vachiita muunganidzwa pamakomputa avo.

Izvi zvinodaro nekuti iyo vhezheni nyowani haisati yaverengerwa mumachengeterwo ezvekutanga zvekuparadzirwa kweLinux. Kuti uwane iyo kodhi kodhi, iwe unogona kuita kubva ku next link.

Waita kurodha pasi, ikozvino tava kuzobvisa pasuru yacho nemirairo inotevera

tar -xvf openssh-8.8.tar.gz

Isu tinopinda dhairekitori rakagadzirwa:

cd openssh-8.8

Y tinogona kuumbiridza ne inotevera mirairo:

./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install

Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako