Siideynta OpenSSH 8.8 waa la daabacay, hirgelinta furan ee macmiilka iyo serverka si loogu shaqeeyo isticmaalka SSH 2.0 iyo SFTP borotokoolka. Siideynta ayaa caan ku ah curyaaminta si caadi ah awoodda isticmaalka saxeexyada dhijitaalka ah ee ku salaysan furayaasha RSA ee leh SHA-1 hash ("ssh-rsa").
Joojinta taageerada saxeexyada "ssh-rsa" waxaa sabab u ah kor u kaca hufnaanta weerarrada isku dhaca oo leh horgale la bixiyay (kharashka doorashada isku dhaca waxaa lagu qiyaasaa ku dhawaad ββ$50 kun). Si aad u tijaabiso isticmaalka ssh-rsa ee nidaamyadaaga, waxaad isku dayi kartaa inaad ku xidhid ssh ikhtiyaarka "-oHostKeyAlgorithms=-ssh-rsa". Taageerada saxeexyada RSA ee leh SHA-256 iyo SHA-512 hashes (rsa-sha2-256/512), kuwaas oo la taageeray tan iyo OpenSSH 7.2, wali waxba iskama beddelin.
Xaaladaha intooda badan, joojinta taageerada "ssh-rsa" uma baahna wax ficil gacanta ah oo ka yimaada isticmaalayaasha, maadaama OpenSSH ay hore u lahayd dejinta UpdateHostKeys si toos ah, kaas oo si toos ah ugu guuraya macaamiisha algorithms la isku halleyn karo. Socdaalka, kordhinta borotokoolka "[emailka waa la ilaaliyay]", u oggolaanaya server-ka, xaqiijinta ka dib, inuu u sheego macmiilka dhammaan furayaasha martida loo heli karo. Haddii ay dhacdo in lagu xidho martigaliyayaasha leh noocyo qadiimi ah oo OpenSSH ah oo dhinaca macmiilka ah, waxaad si xushmad leh u soo celin kartaa awoodda isticmaalka saxeexyada "ssh-rsa" adoo ku daraya ~/.ssh/config: Host Old_hostname HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms + ssh-rsa
Nooca cusub wuxuu sidoo kale xalliyaa arrin amni oo uu sababay sshd, laga bilaabo OpenSSH 6.2, oo aan si sax ah u bilaabin kooxda isticmaalaha marka la fulinayo amarada lagu qeexay Amarka KeysCommand iyo AuthorizedPrincipalsCommand. Awaamiirtan waxay ahayd inay oggolaadaan in amarrada lagu maamulo isticmaale kale, laakiin dhab ahaantii waxay dhaxleen liiska kooxaha loo isticmaalo marka ay socoto sshd. Sida suurtogalka ah, hab-dhaqankan, iyadoo ay jiraan goobo nidaamyo gaar ah, ayaa u oggolaaday maamulaha la bilaabay inuu helo mudnaanta dheeraadka ah ee nidaamka.
Ogeysiiska sii deynta cusub waxaa sidoo kale ku jira digniin ah in scp uu ku dhici doono SFTP beddelka borotokoolka SCP/RCP ee dhaxalka ah. SFTP waxay isticmaashaa habab badan oo magaceed oo la saadaalin karo mana isticmaasho habaynta qolofka qaababka glob ee magacyada faylka ee dhinaca kale ee martida loo yahay, taas oo abuurta dhibaatooyin amni. Gaar ahaan, marka la isticmaalayo SCP iyo RCP, server-ku wuxuu go'aansadaa faylalka iyo hagayaasha loo dirayo macmiilka, macmiilkuna wuxuu hubiyaa kaliya saxnaanta magacyada shayga la soo celiyay, taas oo, maqnaanshaha hubinta saxda ah ee dhinaca macmiilka, u oggolaanaysa server-ka si loo wareejiyo magacyo kale oo faylal ah oo ka duwan kuwa la codsaday. Nidaamka SFTP ma laha dhibaatooyinkan, laakiin ma taageerayo ballaarinta waddooyinka gaarka ah sida "~ /". Si wax looga qabto kala duwanaanshiyahan, sii dayntii hore ee OpenSSH waxay soo bandhigtay kordhinta borotokoolka SFTP cusub ~/ iyo ~ isticmaalaha/ waddooyinka hirgelinta server-ka SFTP.
Source: opennet.ru