Skip to content

feat(ssh): support dynamic list of algorithms #7345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 12, 2023
Merged

feat(ssh): support dynamic list of algorithms #7345

merged 4 commits into from
Feb 12, 2023

Conversation

unknwon
Copy link
Member

@unknwon unknwon commented Feb 12, 2023
edited
Loading

Describe the pull request

Adds a new configuration option [server] SSH_SERVER_ALGORITHMS for specifying the list of accepted key exchange algorithms for connections to builtin SSH server. Defaults to rsa, ecdsa, ed25519.

Link to the issue: fixes #6638

Checklist

  • I agree to follow the Code of Conduct by submitting this pull request.
  • I have read and acknowledge the Contributing guide.
  • I have added test cases to cover the new code.

Test plan

  1. Start built-in SSH server at port 2222

    2023/02/12 12:38:04 [ INFO] SSH server started on 0.0.0.0:2222
2023/02/12 12:38:04 [TRACE] SSH server cipher list: [aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128]
2023/02/12 12:38:04 [TRACE] SSH server MAC list: [hmac-sha2-256-etm@openssh.com hmac-sha2-256 hmac-sha1]
2023/02/12 12:38:04 [TRACE] SSH server algorithms: [rsa ecdsa ed25519]

  2. Do a host key scan:

    → ssh-keyscan -p 2222 localhost
# localhost:2222 SSH-2.0-Go
[localhost]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCkBxYqOzevbCUTR9aOK/vIOHL1kBPWrdck93Yme3bJYcnwj1jwd/xNNh8ne71IECNUEiAHsapVc8mal3hzAQfHu2wV5unmn5MG78aTEV97RlKaWsPZEpTjEYqzkw/Rgeezmro+LCwwLXk1IpKSOH4QxTLevQXwmAH0GhEMcJ3zDIf13QSRT4wBojMEnLyVKa+o8Yfg7CNNeyWWCXnDNypv4qziHIVbbRu9TcOokGT1U+SPtxB7H/G0ozee2M5mEURGFAbN2DyijE/jrzRE7OzoKVRLN0SNZhPchJjbDLCCHVSGVuSxyt0KZvMKkib9zKj54yyLNB7pa1oEp1qWv07vZi+Zg0zjLUuYz+2xVSTgQmpV99ckE1LhKb/wbYxGfxowQFvhnRFGmRakPaU0ynZ0dqEa/xhwl1Wm/O+3dyQ1rzWBZpa1f11IRVQ8RybiWBBbl7K7i5ZwskwqAGVa+k32Tss5Xe/8ben73GJwwEwHzZKVkOo6iQM2PRw/jEMVDQ0=
# localhost:2222 SSH-2.0-Go
[localhost]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGSideZF+SUQk0PmgSAxgOXw5MDnkYdybso1niF6DFtPlqRakBnLZ8tA6LPuGYUnIY2KsZLIXjf6Ky+OX31aQhg=
# localhost:2222 SSH-2.0-Go
[localhost]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICR0iqGkPT1p75RQUaDXse1oW6zIqLuFUYY1pqjQnlVK
# localhost:2222 SSH-2.0-Go
# localhost:2222 SSH-2.0-Go

@unknwon unknwon added this to the 0.12.11 milestone Feb 12, 2023
@codecov
Copy link

codecov bot commented Feb 12, 2023

Codecov Report

Merging #7345 (238c7ed) into main (3a28168) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7345   +/-   ##
=======================================
  Coverage   14.60%   14.60%           
=======================================
  Files         108      108           
  Lines       13872    13872           
=======================================
  Hits         2026     2026           
  Misses      11571    11571           
  Partials      275      275

@unknwon unknwon merged commit b34ee73 into main Feb 12, 2023
@unknwon unknwon deleted the jc/ssh-algorithms branch February 12, 2023 05:10
@unknwon unknwon mentioned this pull request Feb 12, 2023
Closed
@unknwon unknwon removed this from the 0.12.11 milestone Feb 12, 2023
dna2github pushed a commit to dna2fork/gogs that referenced this pull request May 1, 2023
@unknwon @dna2github
feat(ssh): support dynamic list of algorithms (gogs#7345)
e02b621
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OpenSSH 8.8p1 does not have ssh-rsa anymore, but built-in SSH server does not support anything except ssh-rsa
1 participant
@unknwon