Hauv SSH cov neeg siv khoom OpenSSH thiab PuTTY ( hauv PuTTY thiab hauv OpenSSH), ua rau cov ntaub ntawv tawm hauv kev sib txuas lus sib tham algorithm. Qhov tsis txaus ntseeg tso cai rau tus neeg tawm tsam muaj peev xwm cuam tshuam cov neeg siv khoom lag luam (piv txwv li, thaum tus neeg siv txuas los ntawm tus neeg siv kev tiv thaiv wireless nkag mus) txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txuas tus neeg siv khoom rau tus tswv tsev thaum tus neeg siv khoom tseem tsis tau cached tus tswv tsev tseem ceeb.
Paub tias tus neeg siv khoom tab tom sim txuas rau thawj zaug thiab tseem tsis tau muaj tus tswv tsev tseem ceeb ntawm nws sab, tus neeg tawm tsam tuaj yeem tshaj tawm qhov kev sib txuas ntawm nws tus kheej (MITM) thiab muab tus neeg siv khoom nws tus tswv tsev tus yuam sij, uas tus neeg siv SSH yuav xav txog. ua tus yuam sij ntawm lub hom phiaj tus tswv tsev yog tias nws tsis txheeb xyuas qhov tseem ceeb ntiv tes. Yog li, tus neeg tawm tsam tuaj yeem teeb tsa MITM yam tsis muaj qhov xav tsis thoob rau cov neeg siv thiab tsis quav ntsej cov kev sib tham uas cov neeg siv khoom twb tau cached cov yuam sij host, sim hloov uas yuav ua rau ceeb toom txog kev hloov pauv ntawm tus tswv tsev yuam sij. Qhov kev tawm tsam yog raws li kev tsis saib xyuas ntawm cov neeg siv uas tsis tuaj yeem kuaj xyuas tus ntiv tes ntawm tus tswv tsev yuam sij thaum lawv thawj zaug txuas. Cov neeg uas tshawb xyuas cov ntiv tes tseem ceeb raug tiv thaiv los ntawm kev tawm tsam zoo li no.
Raws li kev kos npe los txiav txim siab thawj zaug kev sib txuas, kev hloov pauv hauv qhov kev txiav txim ntawm cov npe txhawb tus tswv tsev tseem ceeb algorithms yog siv. Yog tias qhov kev sib txuas thawj zaug tshwm sim, tus neeg siv tau xa cov npe ntawm cov txheej txheem algorithms, thiab yog tias tus tswv tsev tseem ceeb twb nyob hauv lub cache, ces cov txheej txheem cuam tshuam tau muab tso rau hauv thawj qhov chaw (algorithms raug txheeb raws li kev nyiam).
Qhov teeb meem tshwm sim hauv OpenSSH tso tawm 5.7 txog 8.3 thiab PuTTY 0.68 txog 0.73. Teeb meem hauv qhov teeb meem los ntawm kev ntxiv ib qho kev xaiv los lov tes taw dynamic kev tsim kho ntawm ib daim ntawv teev cov tswv tseem ceeb ua algorithms nyob rau hauv txaus siab rau teev cov algorithms nyob rau hauv ib tug tas mus li kev txiav txim.
Qhov project OpenSSH tsis npaj los hloov tus cwj pwm ntawm SSH tus neeg siv khoom, txij li yog tias koj tsis qhia meej cov algorithm ntawm tus yuam sij uas twb muaj lawm nyob rau hauv thawj qhov chaw, ib qho kev sim yuav raug ua kom siv cov algorithm uas tsis sib haum rau cov yuam sij cached thiab ceeb toom txog tus yuam sij tsis paub yuav tshwm sim. Cov. ib qho kev xaiv tshwm sim - cov ntaub ntawv xau (OpenSSH thiab PuTTY), lossis ceeb toom txog kev hloov tus yuam sij (Dropbear SSH) yog tias tus yuam sij khaws cia tsis sib haum rau thawj algorithm hauv daim ntawv teev npe.
Txhawm rau muab kev ruaj ntseg, OpenSSH muaj lwm txoj hauv kev rau kev lees paub qhov tseem ceeb ntawm tus tswv siv SSHFP nkag hauv DNSSEC thiab daim ntawv pov thawj tswj hwm (PKI). Koj tuaj yeem lov tes taw kev hloov pauv ntawm tus tswv tsev tseem ceeb algorithms los ntawm HostKeyAlgorithms kev xaiv thiab siv qhov kev xaiv UpdateHostKeys tso cai rau tus neeg siv khoom kom tau txais tus tswv tsev ntxiv tom qab kev lees paub.
Tau qhov twg los: opennet.ru