Zimbalwa izinsuku ezedlule IGitHub imemezele izinguquko eziningi ku- insizakalo ehlobene nokuqiniswa kweprotocol I-Git, esetshenziswa ngesikhathi se-git Push kanye nemisebenzi yokudonsa nge-SSH noma isikimu se- "git: //".
Kushiwo lokho izicelo nge-https: // ngeke zithinteke futhi uma ushintsho seluqala ukusebenza, okungenani inguqulo 7.2 ye-OpenSSH izodingeka (ikhishwe ngo-2016) noma inguqulo 0.75 kusuka ku-PuTTY (ikhishwe ngoMeyi walo nyaka) ukuxhuma kwiGitHub ngeSSH.
Isibonelo, ukwesekwa kweklayenti le-SSH le-CentOS 6 ne-Ubuntu 14.04, osekuvele kumisiwe, kuzophulwa.
Sawubona kusuka kwa-Git Systems, iqembu le-GitHub eliqinisekisa ukuthi ikhodi yakho yomthombo iyatholakala futhi ivikelekile. Senza ushintsho oluthile ukwenza ngcono ukuphepha kweprotocol uma ufaka noma ukhipha idatha kwi-Git. Siyethemba ukuthi bambalwa kakhulu abantu abazolubona lolu shintsho, njengoba silusebenzisa ngokushelela ngangokunokwenzeka, kepha sisafuna ukwazisa kusenesikhathi.
Ngokuyinhloko kushiwo lokho changes ubilise ekuyekeleni ukusekelwa kwezingcingo ze-Git ezingabhalwanga ngokusebenzisa i- "git: //" bese ulungisa izidingo zokhiye be-SSH ezisetshenziswa lapho ufinyelela i-GitHub, lokhu ngenhloso yokuthuthukisa ukuphepha kokuxhumana okwenziwe ngabasebenzisi, ngoba iGitHub ibalula ukuthi indlela okwakwenziwa ngayo isivele ingasasebenzi futhi akuphephile.
IGitHub ngeke isasekela zonke izinkinobho ze-DSA nama-algorithms wefa le-SSH, njenge-CBC ciphers (aes256-cbc, aes192-cbc aes128-cbc) ne-HMAC-SHA-1. Ngokwengeziwe, kwethulwa izidingo ezingeziwe zokhiye abasha be-RSA (ukusayinwa kwe-SHA-1 kuzovinjelwa) futhi ukwesekwa kokhiye bokusingathwa kwe-ECDSA kanye ne-Ed25519 kuyasetshenziswa.
Yini eguqukayo?
Siguqula ukuthi yiziphi izinkinobho ezihambisana ne-SSH futhi sisusa umthetho olandelwayo we-Git. Ngokuqondile thina:Isusa ukusekelwa kwazo zonke izinkinobho ze-DSA
Ukungeza Izidingo Zokhiye Bakwa-RSA Abasanda Kwengezwa
Ukususwa kwamanye ama-algorithms wefa le-SSH (HMAC-SHA-1 kanye ne-CBC ciphers)
Faka okhiye bokubamba be-ECDSA ne-Ed25519 be-SSH
Khubaza umthetho olandelwayo we-Git
Abasebenzisi abaxhuma nge-SSH noma i-git: // kuphela abathintekayo. Uma ama-Git remotes wakho eqala ngo-https: // lutho kulokhu okuthunyelwe kuzokuthinta. Uma ungumsebenzisi we-SSH, funda ukuze uthole imininingwane nohlelo.Sisanda kumisa ukusekela amaphasiwedi nge-HTTPS. Lezi zinguquko ze-SSH, ngenkathi zingahlobene nobuchwepheshe, ziyingxenye yedrayivu efanayo yokugcina idatha yekhasimende le-GitHub iphephe ngangokunokwenzeka.
Izinguquko zizokwenziwa kancane kancane kanti okhiye abasha bokubamba i-ECDSA no-Ed25519 bazokwenziwa ngoSepthemba 14. Ukusekelwa kokusayinwa kokhiye we-RSA kusetshenziswa i-SHA-1 hash kuzomiswa ngoNovemba 2 (okhiye abenziwe ngaphambilini bazoqhubeka nokusebenza).
NgoNovemba 16, ukwesekwa kokhiye bokubamba abasuselwa kwi-DSA kuzomiswa. NgoJanuwari 11, 2022, njengesilingo, ukusekelwa kwama-algorithms amadala e-SSH kanye nokukwazi ukufinyelela ngaphandle kokubethela kuzomiswa okwesikhashana. NgoMashi 15, ukusekelwa kwama-algorithms wefa kuzokhutshazwa unomphela.
Ngaphezu kwalokho, kushiwo ukuthi kufanele kuqashelwe ukuthi isisekelo sekhodi se-OpenSSH silungiswe ngokuzenzakalela ukukhubaza ukusayinwa kokhiye we-RSA kusetshenziswa i-SHA-1 hash ("ssh-rsa").
Ukusekelwa kwe-SHA-256 ne-SHA-512 (rsa-sha2-256 / 512) kusayini amasiginesha ahlala engashintshiwe. Ukuphela kokwesekwa kwamasiginesha we- "ssh-rsa" kungenxa yokwanda kokusebenza kokuhlaselwa kokushayisana nesiqalo esinikeziwe (izindleko zokuqagela ukushayisana zilinganiselwa ku- $ 50).
Ukuhlola ukusetshenziswa kwe-ssh-rsa kumasistimu akho, ungazama ukuxhuma nge-ssh ngenketho "-oHostKeyAlgorithms = -ssh-rsa".
Ekugcineni sUma unesifiso sokwazi okwengeziwe ngakho mayelana nezinguquko ezenziwa yiGitHub, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.