Inguqulelo entsha ye I-OpenSSH 8.8 sele ikhutshiwe kwaye le nguqulo intsha imele ukukhubaza ngokungagqibekanga ukukwazi ukusebenzisa iisiginitsha zedijithali ngokusekwe kumaqhosha e-RSA nge-SHA-1 hash ("ssh-rsa").
Ukuphela kwenkxaso ye "ssh-rsa" utyikityo kungenxa yokonyuka kokusebenza kokuhlaselwa kokungqubana Isimaphambili esinikiweyo (indleko yokuqikelela ukungqubana iqikelelwa kwi-50 lamawaka eedola). Ukuvavanya ukusetyenziswa kwe-ssh-rsa kwinkqubo, ungazama ukuqhagamshela nge-ssh ngokhetho "-oHostKeyAlgorithms = -ssh-rsa".
Ukongeza, inkxaso yokutyikitywa kwe-RSA nge-SHA-256 kunye ne-SHA-512 (rsa-sha2-256 / 512) hashes, exhaswa ukusukela nge-OpenSSH 7.2, ayitshintshanga. Kwiimeko ezininzi, ukuphelisa inkxaso ye- "ssh-rsa" ayizukufuna ntshukumo yenziwayo. ngabasebenzisi, njengoko useto loHlaziyo lweeHostKeys lwalunikwe amandla ngokwendalo kwi-OpenSSH, eguqulela ngokuzenzekelayo abathengi kwii-algorithms ezinokuthenjwa ngakumbi.
Le nguqulo ikhubaza utyikityo lweRSA kusetyenziswa i-SHA-1 hashing algorithm okungagqibekanga. Olu tshintsho lwenziwe ukusukela kwi-SHA-1 hash algorithm ngokufihlakeleyo kwaphulwe, kwaye kunokwenzeka ukuba wenze isimaphambili esikhethiweyo ukungqubana kwe-hash ngu
Kubasebenzisi abaninzi, olu tshintsho kufuneka lungabonakali kwaye kukho akukho sidingo sokutshintsha amaqhosha e-ssh-rsa. I-OpenSSH iyahambelana ne-RFC8332 RSA / SHA-256/512 utyikityo olusuka kuguqulelo 7.2 kunye nezitshixo ezikhoyo ze-ssh-rsa iya kusebenzisa ngokuzenzekelayo eyona algorithm yomeleleyo xa kunokwenzeka.
Ukufudukela kwelinye ilizwe kusetyenziswa isandiso somgaqo "hostkeys@openssh.com"«, Evumela iserver, emva kokudlula ukungqinisisa, ukwazisa umxhasi ngazo zonke izitshixo ezikhoyo zokubamba. Xa uqhagamshela kumamkeli kunye neenguqulelo ezindala kakhulu zeOpenSSH kwicala lomxhasi, unokukhetha ukubuyisela umva amandla okusebenzisa "i-ssh-rsa" utyikityo ngokudibanisa ~ / .ssh / config
Inguqulelo entsha ikwalungisa umba wezokhuseleko obangelwe yi-sshd, kuba i-OpenSSH 6.2, ngokungachanekanga kuqaliswa iqela lomsebenzisi xa kusenziwa imiyalelo echazwe kwi-AuthorizedKeysCommand kunye ne-AuthorizedPrincipalsCommand.
Le miyalelo kufuneka iqinisekise ukuba imiyalelo iqhutywa phantsi komsebenzisi owahlukileyo, kodwa eneneni balufumana njengelifa uluhlu lwamaqela asetyenziswa xa kuqala i-sshd. Ngokunokwenzeka, le ndlela yokuziphatha, inikezwe iinkqubo ezithile, yenza ukuba isilawuli esisebenzayo sifumane amalungelo ongezelelweyo kwinkqubo.
Amanqaku okukhululwa Babandakanya isilumkiso malunga nokuzimisela ukutshintsha i-scp emiselweyo ukusebenzisa i-SFTP endaweni ye-SCP / RCP protocol. I-SFTP inyanzelisa amagama endlela enokuqikelelwa, kunye neepateni ezingezizo ezenziwayo ezisetyenzisiweyo kumagama efayile kusetyenziswa iqokobhe kwelinye icala lomamkeli, ukudala uxinzelelo kwezokhuseleko.
Ngokukodwa, xa usebenzisa i-SCP kunye ne-RCP, iserver ithatha isigqibo sokuba zeziphi iifayile kunye nezikhombisi ekufuneka zithunyelwe kumthengi, kwaye umthengi ujonga kuphela ukuchaneka kwamagama ezinto ezibuyisiweyo, ethi, xa kungekho tshekhi ifanelekileyo kwicala lomxhasi, ivumela ukuhambisa amanye amagama efayile ahlukileyo kulawo aceliweyo.
I-SFTP ayinazo ezi ngxaki, kodwa ayixhasi ulwandiso lweendlela ezikhethekileyo ezinje nge "~ /". Ukulungisa lo mahluko, kwinguqulelo yangaphambili ye-OpenSSH, ulwandiso olutsha lwe-SFTP lwacetyiswa kumiliselo lwe-SFTP ukuveza ~ / kunye ~ nomsebenzisi / iindlela.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nale nguqulo intsha, unokujonga iinkcukacha ngokuya kule khonkco ilandelayo.
Uyifaka njani i-OpenSSH 8.8 kwiLinux?
Kulabo banomdla wokukwazi ukufaka le nguqulo intsha ye-OpenSSH kwiinkqubo zabo, okwangoku bangayenza Ukukhuphela ikhowudi yemvelaphi yoku kunye ukwenza ukudityaniswa kwiikhompyuter zabo.
Kungenxa yokuba ingxelo entsha ayikabandakanywa koovimba beenkqubo eziphambili zeLinux. Ukufumana ikhowudi yemvelaphi, ungenza kwi ikhonkco elandelayo.
Yenza ukhuphelo, ngoku siza kukhulula ipakethe ngalo myalelo ulandelayo:
tar -xvf openssh-8.8.tar.gz
Sifaka isikhombisi esenziwe:
cd openssh-8.8
Y sinokudibanisa kunye le miyalelo ilandelayo:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install