Uhlobo olusha lwe I-OpenSSH 8.8 isivele ikhishiwe nale nguqulo entsha ivelela ukukhubaza ngokuzenzakalela ikhono lokusebenzisa amasiginesha edijithali ngokususelwa kukhiye be-RSA abane-SHA-1 hash ("ssh-rsa").
Ukuphela kokusekelwa kwamasiginesha e- "ssh-rsa" kungenxa yokwanda kokusebenza kokuhlaselwa kokushayisana ngesiqalo esinikeziwe (izindleko zokuqagela ukushayisana kulinganiselwa kuma-dollar ayizinkulungwane ezingama-50). Ukuhlola ukusetshenziswa kwe-ssh-rsa kusistimu, ungazama ukuxhuma nge-ssh ngenketho "-oHostKeyAlgorithms = -ssh-rsa".
Ngaphezu kwalokho, ukusekelwa kwamasiginesha e-RSA nge-SHA-256 ne-SHA-512 (rsa-sha2-256 / 512) hashes, asekelwa kusukela ku-OpenSSH 7.2, akukashintshi. Ezimweni eziningi, ukuqeda ukusekelwa kwe- "ssh-rsa" ngeke kudinge isenzo sokwenza mathupha. ngabasebenzisi, njengoba ukusethwa kwe-UpdateHostKeys kwakukade kunikwe amandla ngokuzenzakalela ku-OpenSSH, ehumusha amaklayenti ngokuzenzakalela kuma-algorithm ethembekile.
Le nguqulo ikhubaza amasiginesha e-RSA kusetshenziswa i-SHA-1 hashing algorithm okuzenzakalelayo. Lolu shintsho lwenziwe kusukela ku-SHA-1 hash algorithm i-cryptographically broken, futhi kungenzeka wakhe isiqalo esikhethiwe ukushayisana kwe-hash ngu
Kubasebenzisi abaningi, lolu shintsho kufanele lungabonakali futhi lukhona asikho isidingo sokushintsha okhiye be-ssh-rsa. I-OpenSSH iyahambisana ne-RFC8332 Ama-RSA / SHA-256/512 amasiginesha kusuka enguqulweni 7.2 nokhiye abakhona be-ssh-rsa izosebenzisa ngokuzenzakalela i-algorithm enamandla kakhulu lapho kungenzeka khona.
Okokufuduka, isandiso sephrothokholi "hostkeys@openssh.com" siyasetshenziswa«, Okuvumela iseva, ngemuva kokudlulisa ubuqiniso, ukwazisa iklayenti ngazo zonke izinkinobho zokubamba ezitholakalayo. Lapho uxhuma kubasingathi ngezinguqulo ezindala kakhulu ze-OpenSSH ohlangothini lweklayenti, ungakhetha ukubuyisela emuva amandla wokusebenzisa amasiginesha we- "ssh-rsa" ngokungeza i- ~ / .ssh / config
Uhlobo olusha futhi ilungisa inkinga yezokuphepha ebangelwe yi-sshd, ngoba i-OpenSSH 6.2, iqalisa ngokungafanele iqembu lomsebenzisi lapho lenza imiyalo ebalulwe kumiyalo ye-AuthorizedKeysCommand kanye ne-AuthorizedPrincipalsCommand.
Le mihlahlandlela kufanele iqinisekise ukuthi imiyalo isebenza ngaphansi komsebenzisi ohlukile, kepha empeleni iluthole njengelifa uhlu lwamaqembu asetshenzisiwe lapho kuqala i-sshd. Ngokunokwenzeka, lokhu kuziphatha, kunikezwe ukulungiselelwa okuthile kohlelo, kuvumele isilawuli esisebenzayo ukuthi sithole amalungelo athe xaxa kusistimu.
Amanothi okukhululwa zifaka phakathi isexwayiso mayelana nokuhlose ukuguqula ukusetshenziswa kwe-scp okuzenzakalelayo ukusebenzisa i-SFTP esikhundleni sephrothokholi yefa le-SCP / RCP. I-SFTP iphoqelela amagama ezindlela ezinokuqagelwa, futhi amaphethini wokungacubunguli womhlaba wonke asetshenziswa kumagama efayela ngegobolondo kolunye uhlangothi lomsingathi, ukudala ukukhathazeka kokuphepha.
Ikakhulu, uma isebenzisa i-SCP ne-RCP, iseva inquma ukuthi yimaphi amafayela nezinkomba ezizowathumela kwiklayenti, bese iklayenti lihlola kuphela ukunemba kwamagama ento abuyisiwe, okuthi, uma kungekho amasheke afanele ohlangothini lwekhasimende, avumela server ukudlulisa amanye amagama wefayela ahlukile kulawo aceliwe.
I-SFTP ayinazo lezi zinkinga, kodwa ayikusekeli ukunwetshwa kwemizila ekhethekile efana ne- "~ /". Ukubhekana nalomehluko, enguqulweni edlule ye-OpenSSH, kwaphakanyiswa isandiso esisha se-SFTP ekusetshenzisweni kweseva ye-SFTP ukudalula umsebenzisi / izindlela / /.
Okokugcina uma unesifiso sokwazi okwengeziwe ngakho mayelana nale nguqulo entsha, ungabheka imininingwane ngokuya kusixhumanisi esilandelayo.
Ungayifaka kanjani i-OpenSSH 8.8 ku-Linux?
Kulabo abanentshisekelo yokukwazi ukufaka le nguqulo entsha ye-OpenSSH kumasistimu abo, ngoba manje sebengakwenza ukulanda ikhodi yomthombo yalokhu futhi benza ukuhlanganiswa kumakhompyutha abo.
Lokhu kungenxa yokuthi inguqulo entsha ayikakafakwa ezinqolobaneni zokusabalalisa okukhulu kwe-Linux. Ukuthola ikhodi yomthombo, ungenza kusuka ku- isixhumanisi esilandelayo.
Uqedile ukulanda, manje sizovula iphakheji ngomyalo olandelayo:
tar -xvf openssh-8.8.tar.gz
Sifaka umkhombandlela owakhiwe:
cd openssh-8.8
Y singahlanganisa imiyalo elandelayo:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install