Mu makasitomala a SSH OpenSSH ndi PuTTY ( mu PuTTY ndi mu OpenSSH), zomwe zimabweretsa kutayikira kwa chidziwitso mu algorithm yolumikizirana. Chiwopsezochi chimalola woukira yemwe amatha kuletsa kuchuluka kwa kasitomala (mwachitsanzo, wogwiritsa ntchito akalumikizana ndi malo opanda zingwe omwe amayendetsedwa ndi owukira) kuti azindikire kuyesa kulumikiza kasitomala kwa wolandirayo pomwe kasitomala sanasungitse kiyi yopezera.
Podziwa kuti kasitomala akuyesera kulumikiza kwa nthawi yoyamba ndipo alibe makiyi omwe ali nawo kumbali yake, wowukirayo akhoza kuulutsa kugwirizana kudzera mwa iye yekha (MITM) ndikupatsa kasitomala kiyi yake yolandira, yomwe kasitomala wa SSH angaganizire. khalani fungulo la wolandira chandamale ngati sakutsimikizira zala zazikulu . Chifukwa chake, wowukira atha kukonza MITM popanda kudzutsa kukayikira kwa ogwiritsa ntchito ndikunyalanyaza magawo omwe mbali ya kasitomala ili kale ndi makiyi osungira, kuyesa m'malo komwe kungayambitse chenjezo lakusintha kwa kiyi yolandila. Kuwukiraku kumachokera ku kusasamala kwa ogwiritsa ntchito omwe samayang'ana pamanja zala za kiyi yolandila akamalumikizana koyamba. Amene amayang'ana zidindo zazikulu za zala amatetezedwa ku ziwawa zoterezi.
Monga chizindikiro chodziwira kuyesa koyamba kulumikizidwa, kusintha kwa dongosolo la ma aligorivimu omwe amathandizidwa nawo amagwiritsidwa ntchito. Ngati kugwirizana koyamba kukuchitika, kasitomala amatumiza mndandanda wa ma aligorivimu osasintha, ndipo ngati kiyi yolandila ili kale mu cache, ndiye kuti ma algorithm ogwirizana amayikidwa pamalo oyamba (ma algorithms amasanjidwa motengera zomwe amakonda).
Vuto limapezeka mu OpenSSH imatulutsa 5.7 mpaka 8.3 ndi PuTTY 0.68 mpaka 0.73. Vuto mu nkhani powonjezera njira yoletsa kupanga kwachindunji kwa mndandanda wa ma aligorivimu opangira makiyi pokomera ma algorithms mokhazikika.
Pulojekiti ya OpenSSH sikukonzekera kusintha khalidwe la kasitomala wa SSH, popeza ngati simunatchule ndondomeko ya kiyi yomwe ilipo poyamba, kuyesa kudzagwiritsidwa ntchito pogwiritsa ntchito algorithm yomwe sagwirizana ndi fungulo la cached. chenjezo la kiyi yosadziwika lidzawonetsedwa. Iwo. kusankha kumachitika - mwina kutayikira kwa chidziwitso (OpenSSH ndi PuTTY), kapena machenjezo okhudza kusintha kiyi (Dropbear SSH) ngati kiyi yosungidwa siyikugwirizana ndi algorithm yoyamba pamndandanda wokhazikika.
Kupereka chitetezo, OpenSSH imapereka njira zina zotsimikizira makiyi olandila pogwiritsa ntchito zolembera za SSHFP mu DNSSEC ndi satifiketi zochitira (PKI). Mutha kuletsanso kusankha kosinthika kwa ma aligorivimu makiyi olandila kudzera munjira ya HostKeyAlgorithms ndikugwiritsa ntchito njira ya UpdateHostKeys kuti mulole kasitomala kupeza makiyi owonjezera olandila pambuyo potsimikizika.
Source: opennet.ru