Kumakhasimende e-SSH i-OpenSSH ne-PuTTY ( ku-PuTTY kanye ku-OpenSSH), okuholela ekuvuzeni kolwazi ku-algorithm yezingxoxo zokuxhuma. Ukuba sengozini kuvumela umhlaseli okwazi ukuvimbela ithrafikhi yeklayenti (isibonelo, lapho umsebenzisi exhuma ngendawo yokufinyelela engenantambo elawulwa umhlaseli) ukuze abone umzamo wokuqala wokuxhuma iklayenti kumsingathi lapho iklayenti lingakalondolozi ukhiye womsingathi.
Ngokwazi ukuthi iklayenti lizama ukuxhuma okokuqala ngqa futhi alikabi nawo ukhiye womsingathi ohlangothini lwalo, umhlaseli angasakaza uxhumo ngokwalo (i-MITM) futhi anikeze iklayenti ukhiye walo wokusingatha, iklayenti le-SSH elizowucabangela. ube ukhiye womsingathi oqondisiwe uma engaqinisekisi izigxivizo zeminwe zokhiye . Ngakho, umhlaseli angakwazi ukuhlela i-MITM ngaphandle kokuvusa izinsolo zomsebenzisi futhi azibe izikhathi lapho uhlangothi lweklayenti seluvele lugcine khona okhiye bokusingatha, umzamo wokushintsha ozoholela esixwayiso mayelana noshintsho lokhiye womsingathi. Ukuhlasela kusekelwe ekunganakeni kwabasebenzisi abangazihloli ngesandla izigxivizo zeminwe zokhiye womsingathi lapho beqala ukuxhuma. Labo abahlola izigxivizo zeminwe ezibalulekile bavikelekile ekuhlaselweni okunjalo.
Njengophawu lokunquma umzamo wokuqala wokuxhumana, ushintsho kuhlelo lokufakwa kuhlu lwama-algorithms wokhiye wokusingatha luyasetshenziswa. Uma uxhumano lokuqala lwenzeka, iklayenti lidlulisela uhlu lwama-algorithms azenzakalelayo, futhi uma ukhiye womsingathi usuvele usenqolobaneni, khona-ke i-algorithm ehambisanayo ibekwa endaweni yokuqala (ama-algorithms ahlungwa ngokulandelana okuthandwayo).
Inkinga ivela ku-OpenSSH ikhipha i-5.7 kuye ku-8.3 kanye ne-PuTTY 0.68 kuye ku-0.73. Inkinga odabeni ngokungeza inketho yokukhubaza ukwakhiwa okuguquguqukayo kohlu lwama-algorithms okucubungula ukhiye wokusingatha ngokukhetha ukufakwa kuhlu ama-algorithms ngokulandelana okungaguquki.
Iphrojekthi ye-OpenSSH ayihlelele ukushintsha ukuziphatha kweklayenti le-SSH, njengoba uma ungayicacisi i-algorithm yokhiye okhona kwasekuqaleni, kuzokwenziwa umzamo wokusebenzisa i-algorithm engahambisani nokhiye ogciniwe futhi. isexwayiso mayelana nokhiye ongaziwa sizovezwa. Labo. ukukhetha kuvela - noma ukuvuza kolwazi (OpenSSH ne-PuTTY), noma izexwayiso mayelana nokushintsha ukhiye (i-Dropbear SSH) uma ukhiye ogciniwe ungahambisani ne-algorithm yokuqala ohlwini oluzenzakalelayo.
Ukuze unikeze ukuphepha, i-OpenSSH inikeza ezinye izindlela zokuqinisekisa ukhiye womsingathi usebenzisa okufakiwe kwe-SSHFP ku-DNSSEC kanye nezitifiketi zokusingatha (i-PKI). Ungakwazi futhi ukukhubaza ukukhethwa okuguquguqukayo kwama-algorithms okhiye bosokhaya ngokusebenzisa inketho ye-HostKeyAlgorithms futhi usebenzise inketho ye-UpdateHostKeys ukuze uvumele iklayenti ukuthi lithole okhiye bosokhaya abengeziwe ngemva kokuqinisekisa.
Source: opennet.ru