Ukukhishwa kwe-OpenSSH 8.8 kushicilelwe, ukuqaliswa okuvulekile kweklayenti neseva ngokusebenza kusetshenziswa izivumelwano ze-SSH 2.0 ne-SFTP. Ukukhishwa kuphawuleka ngokukhubaza ngokuzenzakalela ikhono lokusebenzisa amasiginesha edijithali asekelwe kokhiye be-RSA abane-SHA-1 hash (“ssh-rsa”).
Ukumiswa kokusekelwa kwamasiginesha "ssh-rsa" kungenxa yokwanda kokusebenza kahle kokuhlaselwa kokushayisana ngesiqalo esinikeziwe (izindleko zokukhetha ukungqubuzana zilinganiselwa cishe ku-$50 ayizinkulungwane). Ukuze uhlole ukusetshenziswa kwe-ssh-rsa kumasistimu akho, ungazama ukuxhuma nge-ssh ngenketho ethi “-oHostKeyAlgorithms=-ssh-rsa”. Usekelo lwamasiginesha e-RSA ane-SHA-256 kanye ne-SHA-512 hashes (rsa-sha2-256/512), asekelwa kusukela ku-OpenSSH 7.2, kuhlala kungashintshile.
Ezimweni eziningi, ukuyeka ukusekelwa kwe-“ssh-rsa” ngeke kudinge noma yiziphi izenzo ezenziwa mathupha kubasebenzisi, njengoba i-OpenSSH ngaphambilini ibinokulungiselelwa kwe-UpdateHostKeys okuvunyelwe ngokuzenzakalela, okuthuthela amakhasimende ngokuzenzakalelayo kuma-algorithms athembeke kakhudlwana. Ngokufuduka, isandiso sephrothokholi "[i-imeyili ivikelwe]", okuvumela iseva, ngemva kokufakazela ubuqiniso, ukwazisa iklayenti ngabo bonke okhiye bosokhaya abatholakalayo. Esimeni sokuxhuma kubabungazi abanezinguqulo ezindala kakhulu ze-OpenSSH ohlangothini lweklayenti, ungakhetha ukubuyisela ikhono lokusebenzisa amasiginesha “ssh-rsa” ngokwengeza kokuthi ~/.ssh/config: Ibamba old_hostname HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms + ssh-rsa
Inguqulo entsha iphinda ixazulule inkinga yokuvikeleka edalwe i-sshd, iqala nge-OpenSSH 6.2, ingaqalisi kahle iqembu labasebenzisi lapho ikhipha imiyalo ecaciswe ku-AuthorizedKeysCommand kanye neziqondiso ze-AuthorizedPrincipalsCommand. Lezi ziqondiso bekufanele zivumele imiyalo ukuthi isetshenziswe ngaphansi komsebenzisi ohlukile, kodwa empeleni yazuza njengefa uhlu lwamaqembu asetshenziswa lapho kusetshenziswa i-sshd. Ngokunokwenzeka, lokhu kuziphatha, phambi kwezilungiselelo ezithile zesistimu, kuvumele isibambi esiqalisiwe ukuthi sithole amalungelo angeziwe kusistimu.
Inothi elisha lokukhishwa lihlanganisa nesexwayiso sokuthi i-scp izozenzakalela ibe yi-SFTP esikhundleni sephrothokholi yefa ye-SCP/RCP. I-SFTP isebenzisa izindlela zokuphatha amagama ezibikezelwe kakhudlwana futhi ayisebenzisi ukucutshungulwa kwegobolondo lamaphethini eglobhu emagameni wefayela ngakolunye uhlangothi lomsingathi, okudala izinkinga zokuphepha. Ikakhulukazi, lapho kusetshenziswa i-SCP ne-RCP, iseva inquma ukuthi yimaphi amafayela nezinkomba okufanele zithunyelwe kuklayenti, futhi iklayenti lihlola kuphela ukunemba kwamagama ezinto ezibuyisiwe, okuthi, lapho kungabikho amasheke afanele ohlangothini lweklayenti, avumele iseva ukudlulisa amanye amagama amafayela ahlukile kulawo aceliwe. Iphrothokholi ye-SFTP ayinazo lezi zinkinga, kodwa ayisekeli ukunwetshwa kwezindlela ezikhethekile njengokuthi “~/”. Ukuze kubhekwane nalo mehluko, ukukhishwa kwangaphambilini kwe-OpenSSH kwethule isandiso esisha sephrothokholi ye-SFTP kokuthi ~/ kanye ~umsebenzisi/ izindlela ekusetshenzisweni kweseva ye-SFTP.
Source: opennet.ru