I-GitHub imemezele izinguquko kusevisi ehlobene nokuqinisa ukuphepha kwephrothokholi ye-Git esetshenziswa ngesikhathi se-git push kanye nemisebenzi ye-git pull nge-SSH noma ngohlelo lwe-“git://” (izicelo nge-https:// ngeke zithintwe izinguquko). Uma izinguquko sezisebenza, ukuxhuma ku-GitHub nge-SSH kuzodinga okungenani inguqulo ye-OpenSSH engu-7.2 (ekhishwe ngo-2016) noma inguqulo ye-PuTTY 0.75 (ekhishwe ngoMeyi walo nyaka). Isibonelo, ukuhambisana neklayenti le-SSH elifakwe ku-CentOS 6 naku-Ubuntu 14.04, ezingasasekelwa, kuzophulwa.
Izinguquko zibandakanya ukususwa kosekelo lwamakholi angabethelwe aya ku-Git (nge-“git://”) kanye nezimfuneko ezingeziwe zokhiye be-SSH abasetshenziswa lapho ufinyelela i-GitHub. I-GitHub izoyeka ukusekela bonke okhiye be-DSA nama-algorithms wefa we-SSH afana nama-CBC ciphers (aes256-cbc, aes192-cbc aes128-cbc) kanye ne-HMAC-SHA-1. Ngaphezu kwalokho, kuye kwethulwa izidingo ezengeziwe zokhiye abasha be-RSA (ukusetshenziswa kwe-SHA-1 kuzovinjelwa) futhi usekelo lwe-ECDSA nokhiye bokusingatha be-Ed25519 luyenziwa.
Izinguquko zizokwethulwa kancane kancane. NgoSepthemba 14, kuzokhiqizwa okhiye bokusingatha i-ECDSA abasha kanye no-Ed25519. Ngomhla ka-2 Novemba, ukusekelwa kokhiye abasha be-RSA abasuselwa ku-SHA-1 kuzoyekwa (okhiye abakhiqizwe ngaphambilini bazoqhubeka nokusebenza). Ngomhla ka-Novemba 16, ukusekelwa kokhiye bosokhaya ngokusekelwe ku-algorithm ye-DSA kuzonqanyulwa. Ngomhlaka-11 Januwari 2022, ukusekelwa kwama-algorithms amadala e-SSH kanye nekhono lokufinyelela ngaphandle kokubethela kuzonqanyulwa okwesikhashana njengokuhlola. Ngomhlaka-15 Mashi, usekelo lwama-algorithm amadala luzokhutshazwa ngokuphelele.
Ukwengeza, singaqaphela ukuthi ushintsho oluzenzakalelayo lwenziwe ku-codebase ye-OpenSSH evimbela ukucutshungulwa kokhiye be-RSA ngokusekelwe ku-SHA-1 hash (“ssh-rsa”). Usekelo lokhiye be-RSA abane-SHA-256 kanye ne-SHA-512 hashes (rsa-sha2-256/512) kuhlala kungashintshiwe. Ukumiswa kokusekelwa kokhiye be-"ssh-rsa" kungenxa yokwanda kokusebenza kahle kokuhlaselwa kokushayisana ngesiqalo esinikeziwe (izindleko zokukhetha ukushayisana zilinganiselwa cishe kumadola ayizinkulungwane ezingama-50). Ukuze uhlole ukusetshenziswa kwe-ssh-rsa kumasistimu akho, ungazama ukuxhuma nge-ssh ngenketho ethi “-oHostKeyAlgorithms=-ssh-rsa”.
Source: opennet.ru