Ukukhutshwa kwe-OpenSSH 8.8 kushicilelwe, ukuphunyezwa okuvulekileyo komxhasi kunye neseva yokusebenza usebenzisa i-SSH 2.0 kunye ne-SFTP protocol. Ukukhutshwa kuphawuleka ngokukhubaza ngokungagqibekanga ukukwazi ukusebenzisa imisayino yedijithali esekwe kwizitshixo zeRSA ezine-SHA-1 hash (βssh-rsaβ).
Ukupheliswa kwenkxaso yeesignesha "ssh-rsa" ngenxa yokwanda kokusebenza kohlaselo longquzulwano kunye nesimaphambili esinikiweyo (ixabiso lokukhetha ukungqubana liqikelelwa malunga ne-50 yeedola lamawaka). Ukuvavanya ukusetyenziswa kwe-ssh-rsa kwiinkqubo zakho, ungazama ukudibanisa nge-ssh kunye "-oHostKeyAlgorithms=-ssh-rsa" ukhetho. Inkxaso yeesignesha ze-RSA ezine-SHA-256 kunye ne-SHA-512 hashes (rsa-sha2-256/512), eziye zaxhaswa ukususela kwi-OpenSSH 7.2, zihlala zingatshintshi.
Kwiimeko ezininzi, ukuyeka ukuxhasa "ssh-rsa" akusayi kufuna naziphi na izenzo zezandla ezivela kubasebenzisi, kuba i-OpenSSH ngaphambili yayine-UpdateHostKeys isethingi eyenziwe ngokuzenzekelayo, ehambisa ngokuzenzekelayo abathengi kwii-algorithms ezithembekileyo. Ukufuduka, ulwandiso lweprotocol "[imeyile ikhuselwe]", ivumela umncedisi, emva kokuqinisekiswa, ukwazisa umxhasi malunga nawo onke amaqhosha akhoyo akhoyo. Kwimeko yokuqhagamshela kwiinginginya ngeenguqulelo ezindala kakhulu ze-OpenSSH kwicala lomxhasi, ungakhetha ukubuyisela amandla okusebenzisa "ssh-rsa" imisayino ngokongeza ku ~/.ssh/config: Hostname old_hostname HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms + ssh-rsa
Inguqulelo entsha ikwasombulula umba wokhuseleko owenziwe yi-sshd, iqala nge-OpenSSH 6.2, ingaqalisi kakuhle iqela labasebenzisi xa kusenziwa imiyalelo echazwe kwi-AuthorizedKeysCommand kunye ne-AuthorizedPrincipalsCommand imiyalelo. Le miyalelo bekufanele ukuba ivumele imiyalelo ukuba iqhutywe phantsi komsebenzisi owahlukileyo, kodwa eneneni bazuze ilifa uluhlu lwamaqela asetyenziswa xa kuqhutywa i-sshd. Ngokunokwenzeka, le ndlela yokuziphatha, phambi koseto lwenkqubo ethile, yavumela umphathi oqaliswe ukuba afumane amalungelo awongezelelweyo kwinkqubo.
Inqaku elitsha lokukhululwa likwabandakanya isilumkiso sokuba i-scp iya kuhlala ihleli kwi-SFTP endaweni yelifa le-SCP/RCP protocol. I-SFTP isebenzisa iindlela zokuphatha amagama aqikelelwayo ngakumbi kwaye ayisebenzisi ukusetyenzwa kweqokobhe leepateni zeglobhu kumagama efayile kwelinye icala lomamkeli, nto leyo idala iingxaki zokhuseleko. Ngokukodwa, xa usebenzisa i-SCP kunye ne-RCP, umncedisi uthatha isigqibo sokuba zeziphi iifayile kunye nabalawuli abaza kuthumela kumxhasi, kwaye umxhasi ujonga kuphela ukuchaneka kwamagama ezinto ezibuyisiweyo, apho, ngokungabikho kokuhlolwa okufanelekileyo kwicala lomxhasi, ivumela umncedisi ukuhambisa amanye amagama efayile ahlukileyo kulawo aceliweyo. Iprotocol yeSFTP ayinazo ezi ngxaki, kodwa ayikuxhasi ukwandiswa kweendlela ezikhethekileyo ezifana ne "~/". Ukulungisa lo mahluko, ukhupho lwangaphambili lwe-OpenSSH lwazisa ulwandiso lweprotocol yeSFTP entsha kwi ~/ kunye ne ~umsebenzisi/ iindlela ekuphunyezweni komncedisi we SFTP.
umthombo: opennet.ru