An buga sakin OpenSSH 8.8, buɗe aikace-aikacen abokin ciniki da sabar don aiki ta amfani da ka'idojin SSH 2.0 da SFTP. Sakin sananne ne don kashewa ta tsohuwa ikon yin amfani da sa hannun dijital bisa maɓallan RSA tare da hash SHA-1 ("ssh-rsa").
Dakatar da goyon bayan sa hannu na "ssh-rsa" shine saboda haɓakar haɓakar hare-haren haɗari tare da prefix da aka ba (ana kiyasta farashin zabar karo a kusan $ 50 dubu). Don gwada amfani da ssh-rsa akan tsarin ku, zaku iya gwada haɗawa ta ssh tare da zaɓin "-oHostKeyAlgorithms = -ssh-rsa". Taimako don sa hannun RSA tare da SHA-256 da SHA-512 hashes (rsa-sha2-256/512), waɗanda aka goyan bayan OpenSSH 7.2, ya kasance baya canzawa.
A mafi yawan lokuta, dakatar da goyan bayan "ssh-rsa" ba zai buƙaci kowane aikin hannu daga masu amfani ba, tun da OpenSSH a baya yana da saitin UpdateHostKeys wanda aka kunna ta tsohuwa, wanda ke ƙaura ta atomatik zuwa abokan ciniki zuwa mafi amintattun algorithms. Don ƙaura, tsawaita ƙa'idar "[email kariya]", kyale uwar garken, bayan tantancewa, don sanar da abokin ciniki game da duk maɓallan masaukin da ke akwai. Idan kuna haɗawa da runduna tare da tsoffin nau'ikan OpenSSH a gefen abokin ciniki, zaku iya zaɓin dawo da ikon amfani da sa hannun "ssh-rsa" ta ƙara zuwa ~/.ssh/config: Mai watsa shiri old_hostname HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms + ssh-rsa
Sabuwar sigar kuma tana warware matsalar tsaro da sshd ya haifar, farawa da OpenSSH 6.2, rashin ƙaddamar da ƙungiyar mai amfani yadda yakamata lokacin aiwatar da umarni da aka ƙayyade a cikin AuthorizedKeysCommand da AuthorizedPrincipalsCommand umarnin. Waɗannan umarnin ya kamata su ba da damar yin amfani da umarni a ƙarƙashin wani mai amfani daban, amma a zahiri sun gaji jerin ƙungiyoyin da aka yi amfani da su yayin gudanar da sshd. Mai yuwuwa, wannan ɗabi'a, a gaban wasu saitunan tsarin, ya ba wa wanda aka ƙaddamar damar samun ƙarin gata akan tsarin.
Sabuwar bayanin kula ya kuma haɗa da gargaɗin cewa scp zai sabawa SFTP maimakon ƙa'idar SCP/RCP na gado. SFTP yana amfani da ƙarin hanyoyin sarrafa suna kuma baya amfani da sarrafa harsashi na ƙirar glob a cikin sunayen fayil a ɗayan ɓangaren runduna, wanda ke haifar da matsalolin tsaro. Musamman, lokacin amfani da SCP da RCP, uwar garken yana yanke shawarar waɗanne fayiloli da kundayen adireshi don aikawa ga abokin ciniki, kuma abokin ciniki kawai yana bincika daidaitattun sunayen abubuwan da aka dawo dasu, wanda, idan babu ingantaccen cak a gefen abokin ciniki, yana ba da damar uwar garken don canja wurin wasu sunayen fayil waɗanda suka bambanta da waɗanda aka nema. Ka'idar SFTP ba ta da waɗannan matsalolin, amma ba ta goyi bayan fadada hanyoyi na musamman kamar "~ /". Don magance wannan bambance-bambance, sakin baya na OpenSSH ya gabatar da sabon tsawaita ka'idar SFTP zuwa ~/ da ~ mai amfani/ hanyoyi a cikin aiwatar da sabar SFTP.
source: budenet.ru