Ho lokolloa ha OpenSSH 8.8 ho hatisitsoe, ts'ebetsong e bulehileng ea moreki le seva bakeng sa ho sebetsa ho sebelisa liprothokholo tsa SSH 2.0 le SFTP. Ho lokolloa hoa hlokomeleha ka ho thibela ka ho sa feleng bokhoni ba ho sebelisa li-signature tsa digital tse thehiloeng ho linotlolo tsa RSA tse nang le SHA-1 hash ("ssh-rsa").
Ho khaotsa ho tšehetsa li-signature tsa "ssh-rsa" ho bakoa ke ho eketseha ha katleho ea litlhaselo tsa ho thulana ka sehlomathiso se fanoeng (litšenyehelo tsa ho khetha ho thulana ho hakanngoa hoo e ka bang $ 50 tse likete). Ho leka ts'ebeliso ea ssh-rsa lits'ebetsong tsa hau, o ka leka ho hokahanya ka ssh ka khetho ea "-oHostKeyAlgorithms=-ssh-rsa". Tšehetso bakeng sa li-signature tsa RSA tse nang le SHA-256 le SHA-512 hashes (rsa-sha2-256/512), tse 'nileng tsa tšehetsoa ho tloha OpenSSH 7.2, li lula li sa fetohe.
Maemong a mangata, ho khaotsa ho tšehetsa "ssh-rsa" ho ke ke ha hloka liketso leha e le life tsa matsoho ho tsoa ho basebelisi, kaha OpenSSH pele e ne e e-na le tlhophiso ea UpdateHostKeys e nolofalitsoeng ke kamehla, e tsamaisang bareki ka mokhoa o ikemetseng ho li-algorithms tse tšepahalang haholoanyane. Bakeng sa ho falla, katoloso ea protocol "[imeile e sirelelitsoe]", ho lumella seva, kamora ho netefatsoa, ho tsebisa moreki ka linotlolo tsohle tse teng tsa moamoheli. Tabeng ea ho hokela ho baamoheli ba nang le mefuta ea khale haholo ea OpenSSH ka lehlakoreng la moreki, u ka khetha ho khutlisa bokhoni ba ho sebelisa li-signature tsa "ssh-rsa" ka ho kenyelletsa ~/.ssh/config: Host old_hostname HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms + ssh-rsa
Phetolelo e ncha e boetse e rarolla bothata ba ts'ireletso bo bakoang ke sshd, ho qala ka OpenSSH 6.2, e sa qaleng hantle sehlopha sa basebelisi ha ho etsoa litaelo tse boletsoeng ho AuthorizedKeysCommand le AuthorizedPrincipalsCommand litaelo. Litaelo tsena li ne li lokela ho lumella litaelo hore li tsamaisoe tlas'a mosebedisi ea fapaneng, empa ha e le hantle li futsitse lethathamo la lihlopha tse sebelisoang ha ho etsoa sshd. Mohlomong, boits'oaro bona, ka pel'a litlhophiso tse itseng tsa sistimi, bo lumelletse motho ea sebetsang ho fumana litokelo tse eketsehileng ho sistimi.
Lengolo le lecha la tokollo le boetse le kenyelletsa temoso ea hore scp e tla lula e le SFTP ho fapana le protocol ea lefa ea SCP/RCP. SFTP e sebelisa mekhoa e tsebahalang ea ho sebetsana le mabitso 'me ha e sebelise likhetla tsa lipaterone tsa li-glob mabitsong a lifaele ka lehlakoreng le leng la moamoheli, e leng se bakang mathata a ts'ireletso. Haholo-holo, ha u sebelisa SCP le RCP, seva se etsa qeto ea hore na ke lifaele life le li-directory life tse lokelang ho romelloa ho mofani, 'me mofani o hlahloba feela ho nepahala ha mabitso a ntho e khutlisitsoeng, eo, ntle le licheke tse nepahetseng ka lehlakoreng la bareki, li lumellang seva ho fetisa mabitso a difaele tse ding tse fapaneng le tse kopilweng. Protocol ea SFTP ha e na mathata ana, empa ha e tšehetse ho atolosoa ha litsela tse khethehileng tse kang "~/". Ho rarolla phapang ena, katoloso e ncha ho protocol ea SFTP e hlahisitsoe tokollong e fetileng ea OpenSSH ts'ebetsong ea seva ea SFTP ho holisa ~/ and ~user/ litsela.
Source: opennet.ru