Kutulutsidwa kwa OpenSSH 8.8 kwasindikizidwa, kukhazikitsidwa kotseguka kwa kasitomala ndi seva yogwira ntchito pogwiritsa ntchito ma protocol a SSH 2.0 ndi SFTP. Kutulutsidwaku ndikodziwikiratu pakuyimitsa mwachisawawa kuthekera kogwiritsa ntchito siginecha za digito kutengera makiyi a RSA okhala ndi SHA-1 hashi ("ssh-rsa").
Kutha kwa chithandizo cha siginecha za "ssh-rsa" ndi chifukwa chakuchulukirachulukira kwa ziwopsezo zogundana ndi mawu oyambira (mtengo wosankha kugundana umakhala pafupifupi $ 50 zikwi). Kuti muyese kugwiritsa ntchito ssh-rsa pamakina anu, mutha kuyesa kulumikiza kudzera ssh ndi "-oHostKeyAlgorithms=-ssh-rsa" njira. Thandizo la ma signature a RSA okhala ndi SHA-256 ndi SHA-512 hashes (rsa-sha2-256/512), zomwe zathandizidwa kuyambira OpenSSH 7.2, sizisintha.
Nthawi zambiri, kusiya kuthandizira kwa "ssh-rsa" sikudzafuna kuchitapo kanthu pamanja kuchokera kwa ogwiritsa ntchito, popeza OpenSSH m'mbuyomu inali ndi UpdateHostKeys zokhazikitsidwa mwachisawawa, zomwe zimasamutsa makasitomala ku ma algorithms odalirika. Pakusamuka, kukulitsa kwa protocol "[imelo ndiotetezedwa]", kulola seva, itatha kutsimikizika, kudziwitsa kasitomala za makiyi onse omwe alipo. Ngati mungalumikizane ndi olandira omwe ali ndi mitundu yakale kwambiri ya OpenSSH kumbali ya kasitomala, mutha kubweza mwayi wogwiritsa ntchito siginecha za "ssh-rsa" powonjezera ~/.ssh/config: Host old_hostname HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms + ssh-rsa
Mtundu watsopanowu umathetsanso vuto lachitetezo choyambitsidwa ndi sshd, kuyambira ndi OpenSSH 6.2, osayambitsa bwino gulu la ogwiritsa ntchito popereka malamulo ofotokozedwa mu AuthorizedKeysCommand ndi AuthorizedPrincipalsCommand malangizo. Malangizowa amayenera kulola kuti malamulo aziyendetsedwa pansi pa wogwiritsa ntchito wina, koma kwenikweni adatengera mndandanda wamagulu omwe amagwiritsidwa ntchito poyendetsa sshd. Mwinamwake, khalidweli, pamaso pa zoikidwiratu zina, linalola wothandizira kuti apeze mwayi wowonjezera pa dongosolo.
Cholemba chatsopanochi chikuphatikizanso chenjezo loti scp idzasintha kukhala SFTP m'malo mwa protocol ya SCP/RCP. SFTP imagwiritsa ntchito njira zodziwikiratu za kasamalidwe ka mayina ndipo sigwiritsa ntchito zipolopolo za ma globu m'mayina a fayilo kumbali ina, zomwe zimabweretsa zovuta zachitetezo. Makamaka, pogwiritsa ntchito SCP ndi RCP, seva imasankha mafayilo ndi zolemba zomwe zingatumize kwa kasitomala, ndipo kasitomala amangoyang'ana kulondola kwa mayina azinthu zomwe zabwezedwa, zomwe, pakalibe macheke oyenerera kumbali ya kasitomala, amalola seva kusamutsa mafayilo ena omwe amasiyana ndi omwe afunsidwa. Protocol ya SFTP ilibe mavutowa, koma sichirikiza kufalikira kwa njira zapadera monga "~/". Kuti athetse kusiyanaku, kutulutsidwa koyambirira kwa OpenSSH kudayambitsa kukulitsa kwa protocol ya SFTP ku ~/ ndi ~user/ njira pakukhazikitsa seva ya SFTP.
Source: opennet.ru