MuSSH vatengi OpenSSH uye PuTTY ( muPuTTY uye muOpenSSH), inotungamira kune ruzivo rwekudonha mune yekubatanidza kutaurirana algorithm. Kusagadzikana kunobvumira munhu anorwisa anokwanisa kuvharira mutengi traffic (semuenzaniso, kana mushandisi akabatana kuburikidza neanorwisa-anodzora waya yekupinda nzvimbo) kuti aone kuedza kwekutanga kubatanidza mutengi kumuridzi kana mutengi asati achengeta kiyi yekugamuchira.
Kuziva kuti mutengi ari kuyedza kubatanidza kekutanga uye haasati ave nekiyi yekugamuchira padivi payo, anorwisa anogona kutepfenyura chinongedzo kuburikidza nega (MITM) uye kupa mutengi kiyi yake yekutambira, iyo SSH mutengi achafunga nezvayo. iva kiyi yemuridzi wechinangwa kana ikasasimbisa kiyi yemunwe . Saka, munhu anorwisa anogona kuronga MITM pasina kumutsa kufungira kwevashandisi uye kufuratira zvikamu umo mutengi watove necached makiyi ekugamuchira, kuyedza kutsiva izvo zvinozoguma yambiro nezve shanduko yekiyi yekugamuchira. Kurwiswa kwacho kunoenderana nekusangwarira kwevashandisi vasingatarise nemaoko mafingerprint ekiyi yekugamuchira pavanotanga kubatana. Avo vanotarisa makiyi eminwe vanodzivirirwa kubva pakurwiswa kwakadaro.
Sechiratidzo chekuona kuedza kwekutanga kwekubatanidza, shanduko muhurongwa hwekunyora inotsigirwa host kiyi algorithms inoshandiswa. Kana iyo yekutanga yekubatanidza ikaitika, mutengi anotamisa rondedzero yekusarudzika algorithms, uye kana kiyi yekugamuchira yatove mucache, ipapo iyo yakabatana algorithm inoiswa munzvimbo yekutanga (algorithms inorongwa muhurongwa hwekuda).
Dambudziko rinoonekwa muOpenSSH inoburitsa 5.7 kusvika 8.3 uye PuTTY 0.68 kusvika 0.73. Dambudziko munyaya nekuwedzera sarudzo yekudzima kuvakwa kwesimba kwerunyorwa rwekugamuchira kiyi yekugadzirisa algorithms mukufarira kunyora maalgorithms mune yenguva dzose kurongeka.
Iyo OpenSSH purojekiti haironge kushandura maitiro emutengi weSSH, nekuti kana ukasatsanangura algorithm yekiyi iripo pakutanga, kuyedza kuchaitwa kushandisa algorithm isingaenderane nekiyi yakavharwa uye. yambiro pamusoro pekiyi isingazivikanwe icharatidzwa. Avo. Sarudzo inomuka - ingave yekudonha kweruzivo (OpenSSH uye PuTTY), kana yambiro nezve kuchinja kiyi (Dropbear SSH) kana kiyi yakachengetwa isingaenderane neyekutanga algorithm mune yakasarudzika rondedzero.
Kupa chengetedzo, OpenSSH inopa dzimwe nzira dzekubatidza kiyi yekusimbisa uchishandisa SSHFP zvinyorwa muDNSSEC uye zvitupa zvekugamuchira (PKI). Iwe unogona zvakare kudzima inoshanduka sarudzo yeanotambira kiyi algorithms kuburikidza neiyo HostKeyAlgorithms sarudzo uye shandisa iyo UpdateHostKeys sarudzo kubvumira mutengi kuwana mamwe makiyi ekugamuchira mushure mechokwadi.
Source: opennet.ru