I-GitHub ibhengeze utshintsho kwinkonzo enxulumene nokomeleza ukhuseleko lwe-protocol ye-Git esetyenziswa ngexesha le-git push kunye ne-git pull operations nge-SSH okanye i-"git://" scheme (izicelo nge-https: // aziyi kuchatshazelwa lutshintsho). Nje ukuba utshintsho lusebenze, ukudibanisa kwi-GitHub nge-SSH kuya kufuna ubuncinane i-OpenSSH version 7.2 (ekhutshwe ngo-2016) okanye i-PuTTY version 0.75 (ekhutshwe ngoMeyi walo nyaka). Ngokomzekelo, ukuhambelana nomxhasi we-SSH ofakwe kwi-CentOS 6 kunye ne-Ubuntu 14.04, engasaxhaswanga, iya kwaphulwa.
Utshintsho lubandakanya ukususwa kwenkxaso yeefowuni ezingafihlwanga kwi-Git (nge-"git://") kunye neemfuneko ezongeziweyo zamaqhosha e-SSH asetyenziswa xa ufikelela kwi-GitHub. I-GitHub iya kuyeka ukuxhasa zonke izitshixo ze-DSA kunye ne-algorithms ye-SSH yelifa efana ne-CBC ciphers (aes256-cbc, aes192-cbc aes128-cbc) kunye ne-HMAC-SHA-1. Ukongeza, iimfuneko ezongezelelweyo ziyaziswa kwizitshixo ezitsha zeRSA (ukusetyenziswa kwe-SHA-1 kuya kuthintelwa) nenkxaso ye-ECDSA kunye nezitshixo zokusingatha i-Ed25519 ziyaphunyezwa.
Utshintsho luya kuqaliswa ngokuthe ngcembe. NgoSeptemba 14, kuya kuveliswa amaqhosha e-ECDSA kunye ne-Ed25519 host. Nge-2 kaNovemba, inkxaso yezitshixo ezitsha ze-RSA ezisekelwe kwi-SHA-1 iya kuyekwa (izitshixo esele zenziwe ngaphambili ziya kuqhubeka zisebenza). Ngomhla we-16 kaNovemba, inkxaso yezitshixo zokusingatha ngokusekelwe kwi-algorithm ye-DSA iya kunqunyanyiswa. NgoJanuwari 11, 2022, inkxaso yee-algorithms ezindala ze-SSH kunye nokukwazi ukufikelela ngaphandle koguqulelo oluntsonkothileyo kuya kunqunyanyiswa okwethutyana njengovavanyo. Ngomhla we-15 kaMatshi, inkxaso ye-algorithms endala iya kukhutshazwa ngokupheleleyo.
Ukongeza, sinokuqaphela ukuba utshintsho olungagqibekanga lwenziwe kwi-codebase ye-OpenSSH ekhubaza ukusetyenzwa kwezitshixo zeRSA ezisekwe kwi-SHA-1 hash ("ssh-rsa"). Inkxaso yezitshixo ze-RSA ezine-SHA-256 kunye ne-SHA-512 hashes (rsa-sha2-256/512) zihlala zingatshintshi. Ukupheliswa kwenkxaso yezitshixo ze-"ssh-rsa" ngenxa yokwanda kokusebenza kohlaselo longquzulwano kunye nesimaphambili esinikiweyo (ixabiso lokukhetha ukungqubana liqikelelwa malunga ne-50 amawaka eedola). Ukuvavanya ukusetyenziswa kwe-ssh-rsa kwiinkqubo zakho, ungazama ukudibanisa nge-ssh kunye "-oHostKeyAlgorithms=-ssh-rsa" ukhetho.
umthombo: opennet.ru