GitHub yakazivisa shanduko kune sevhisi ine chekuita nekusimbisa kuchengetedzeka kweGit protocol inoshandiswa panguva yegit push uye git kudhonza mashandiro kuburikidza neSSH kana iyo "git: //" chirongwa (zvikumbiro kuburikidza ne https:// hazvizokanganiswe neshanduko). Kana shanduko dzatanga kushanda, kubatana neGitHub kuburikidza neSSH kunoda kanenge OpenSSH vhezheni 7.2 (yakaburitswa muna 2016) kana PuTTY vhezheni 0.75 (yakaburitswa muna Chivabvu gore rino). Semuenzaniso, kugarisana neSSH mutengi anosanganisirwa muCentOS 6 uye Ubuntu 14.04, iyo isingachatsigirwi, ichaputswa.
Shanduko idzi dzinosanganisira kubviswa kwerutsigiro rwemafoni asina kuvharirwa kuGit (kuburikidza ne "git: //") uye kuwedzera zvinodiwa zveSSH makiyi anoshandiswa kana uchiwana GitHub. GitHub ichamira kutsigira ese makiyi eDSA uye nhaka SSH algorithms seCBC ciphers (aes256-cbc, aes192-cbc aes128-cbc) uye HMAC-SHA-1. Pamusoro pezvo, zvimwe zvinodiwa zviri kuunzwa kune makiyi matsva eRSA (kushandiswa kweSHA-1 kucharambidzwa) uye tsigiro yeECDSA neEd25519 host kiyi iri kuitwa.
Shanduko dzichasumwa zvishoma nezvishoma. Musi waGunyana 14, makiyi matsva eECDSA neEd25519 achagadzirwa. Musi waMbudzi 2, kutsigirwa kwemakiyi matsva eSHA-1-based RSA kuchamiswa (makiyi akagadzirwa acharamba achishanda). Musi wa16 Mbudzi, tsigiro yemakiyi ekugamuchira anoenderana neiyo DSA algorithm ichamiswa. Musi wa11 Ndira 2022, tsigiro yevakuru SSH algorithms uye kugona kuwana pasina encryption kuchamiswa kwenguva diki sekuyedza. Musi waKurume 15, tsigiro yealgorithms yekare icharemara zvachose.
Pamusoro pezvo, tinogona kuona kuti shanduko yekusarudzika yaitwa kuOpenSSH codebase inodzima kugadziridzwa kwemakiyi eRSA zvichibva paSHA-1 hash ("ssh-rsa"). Tsigiro yeRSA makiyi ane SHA-256 uye SHA-512 hashes (rsa-sha2-256/512) haisati yachinja. Kumira kwerutsigiro rwemakiyi e "ssh-rsa" imhaka yekuwedzera kugona kwekudhumhana neakapihwa prefix (mutengo wekusarudza kudhumhana unofungidzirwa kusvika zviuru makumi mashanu zvemadhora). Kuti uedze kushandiswa kwe ssh-rsa pane ako masisitimu, unogona kuedza kubatanidza kuburikidza ne ssh ne "-oHostKeyAlgorithms=-ssh-rsa" sarudzo.
Source: opennet.ru