Kuburitswa kweOpenSSH 8.8 kwakabudiswa, iko kuvhurwa kwemutengi uye server yekushanda uchishandisa iyo SSH 2.0 uye SFTP protocol. Kuburitswa kwacho kwakakosha pakudzima nekutadza kugona kushandisa masiginecha edhijitari zvichibva pamakiyi eRSA ane SHA-1 hash ("ssh-rsa").
Kumira kwerutsigiro rwe "ssh-rsa" siginecha imhaka yekuwedzera kwehunyanzvi hwekudhumhana nekurwiswa kwakapihwa prefix (mutengo wekusarudza kudhumhana unofungidzirwa kusvika pamadhora zviuru makumi mashanu). Kuti uedze kushandiswa kwe ssh-rsa pane ako masisitimu, unogona kuedza kubatanidza kuburikidza ne ssh ne "-oHostKeyAlgorithms=-ssh-rsa" sarudzo. Tsigiro yemasiginecha eRSA ane SHA-50 uye SHA-256 hashes (rsa-sha512-2/256), ayo akatsigirwa kubva OpenSSH 512, anoramba asina kuchinja.
Kazhinji, kurega kutsigirwa kwe "ssh-rsa" hakuzodi chero zviito zvemanyore kubva kuvashandisi, sezvo OpenSSH yaimbove neUpdateHostKeys marongero akagoneswa nekusarudzika, ayo anoendesa vatengi kune mamwe akavimbika algorithms. Nekufambisa, iyo protocol yekuwedzera "[email inodzivirirwa]", ichibvumira sevha, mushure mehuchokwadi, kuzivisa mutengi nezvese aripo makiyi ekugamuchira. Kana yekubatanidza kune vanotambira neshanduro dzekare dzeOpenSSH kudivi revatengi, unogona kusarudza kudzorera kugona kushandisa "ssh-rsa" siginecha nekuwedzera ku ~/.ssh/config: Host old_hostname HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms + ssh-rsa
Iyo vhezheni itsva inogadzirisawo nyaya yekuchengetedza yakakonzerwa ne sshd, kutanga neOpenSSH 6.2, kwete kunyatso tanga boka revashandisi paunenge uchiita mirairo inotsanangurwa muAuthorizedKeysCommand uye AuthorizedPrincipalsCommand mirairo. Iyi mirairo yaifanirwa kubvumira mirairo kuti iitwe pasi pemumwe mushandisi, asi kutaura zvazviri ivo vakagara nhaka runyorwa rwemapoka anoshandiswa pakumhanya sshd. Pamwe, maitiro aya, pamberi pemamwe masisitimu ehurongwa, akabvumira mubatiri akatangwa kuwana mamwe maropafadzo pahurongwa.
Chinyorwa chitsva chekuburitsa chinosanganisirawo yambiro yekuti scp ichaita default kuSFTP pachinzvimbo chenhaka SCP/RCP protocol. SFTP inoshandisa nzira dzinofanotaurwa dzekubata mazita uye haishandise ganda kugadzirisa eglob mapatani mumazita emafaira kune rimwe divi remugamuchiri, izvo zvinogadzira matambudziko ekuchengetedza. Kunyanya, kana uchishandisa SCP neRCP, sevha inosarudza kuti ndeapi mafaera uye madhairekitori ekutumira kune mutengi, uye mutengi anongotarisa kurongeka kwemazita echinhu chakadzoserwa, icho, kana pasina cheki chaiyo padivi revatengi, inobvumira server kuendesa mamwe mazita emafaira akasiyana neakakumbirwa. Iyo SFTP protocol haina matambudziko aya, asi haitsigire kuwedzera kwenzira dzakakosha senge "~/". Kugadzirisa mutsauko uyu, kuwedzera kutsva kuSFTP protocol kwakatsanangurwa mukuburitswa kweOpenSSH kwekutanga mukuitwa kweSFTP server kuwedzera iyo ~/ uye ~ mushandisi/ nzira.
Source: opennet.ru