From ec70c3e3ca9b4b1a87a225c7d728b9ac8d7c717b Mon Sep 17 00:00:00 2001 From: Ningyuan Li Date: Thu, 14 Sep 2023 13:35:30 +0900 Subject: [PATCH] supports legacy hmac and kex --- Cargo.lock | 6 ++--- Cargo.toml | 6 ++++- ares-device/Cargo.toml | 2 +- common/connection/src/session.rs | 38 ++++++++++++++++++++++++++++++-- 4 files changed, 44 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 61e1825..bbf1f14 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1010,8 +1010,7 @@ checksum = "7fc7aa29613bd6a620df431842069224d8bc9011086b1db4c0e0cd47fa03ec9a" [[package]] name = "libssh-rs" version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff892c443aa43a8e305913da313b5234bf33a7f17eae378f9c9ae4419dbbaa74" +source = "git+https://github.com/mariotaku/libssh-rs.git?branch=feature/more-auth-options#1f046b2800ff08de4b791927d1491426b275fcd5" dependencies = [ "bitflags", "libssh-rs-sys", @@ -1022,8 +1021,7 @@ dependencies = [ [[package]] name = "libssh-rs-sys" version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aad2e95f77dde4d6a636ca1c713f3efdaa46bb2dae33d7d2abeea992baeb9cb3" +source = "git+https://github.com/mariotaku/libssh-rs.git?branch=feature/more-auth-options#1f046b2800ff08de4b791927d1491426b275fcd5" dependencies = [ "cc", "libz-sys", diff --git a/Cargo.toml b/Cargo.toml index 77624fb..9a98568 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -7,4 +7,8 @@ members = [ "ares-push", "ares-launch", "ares-device", -] \ No newline at end of file +] + +[patch.crates-io] +libssh-rs = { git = "https://github.com/mariotaku/libssh-rs.git", branch = "feature/more-auth-options" } +libssh-rs-sys = { git = "https://github.com/mariotaku/libssh-rs.git", branch = "feature/more-auth-options" } diff --git a/ares-device/Cargo.toml b/ares-device/Cargo.toml index d9a42bb..82d9646 100644 --- a/ares-device/Cargo.toml +++ b/ares-device/Cargo.toml @@ -27,4 +27,4 @@ gtk = "0.17.1" embed-manifest = "1.3.1" [package.metadata.deb] -section = "devel" \ No newline at end of file +section = "devel" diff --git a/common/connection/src/session.rs b/common/connection/src/session.rs index 5e8ba6f..ffbeb67 100644 --- a/common/connection/src/session.rs +++ b/common/connection/src/session.rs @@ -19,13 +19,47 @@ pub enum SessionError { impl NewSession for Device { fn new_session(&self) -> Result { + let kex = vec![ + "curve25519-sha256", + "curve25519-sha256@libssh.org", + "ecdh-sha2-nistp256", + "ecdh-sha2-nistp384", + "ecdh-sha2-nistp521", + "diffie-hellman-group18-sha512", + "diffie-hellman-group16-sha512", + "diffie-hellman-group-exchange-sha256", + "diffie-hellman-group14-sha256", + "diffie-hellman-group1-sha1", + "diffie-hellman-group14-sha1", + ]; + let hmac = vec![ + "hmac-sha2-256-etm@openssh.com", + "hmac-sha2-512-etm@openssh.com", + "hmac-sha2-256", + "hmac-sha2-512", + "hmac-sha1-96", + "hmac-sha1", + "hmac-md5", + ]; + let key_types = vec![ + "ssh-ed25519", + "ecdsa-sha2-nistp521", + "ecdsa-sha2-nistp384", + "ecdsa-sha2-nistp256", + "rsa-sha2-512", + "rsa-sha2-256", + "ssh-rsa", + ]; let session = Session::new()?; session.set_option(SshOption::Timeout(Duration::from_secs(10)))?; session.set_option(SshOption::Hostname(self.host.clone()))?; session.set_option(SshOption::Port(self.port.clone()))?; session.set_option(SshOption::User(Some(self.username.clone())))?; - session.set_option(SshOption::HostKeys(format!("ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa")))?; - session.set_option(SshOption::PublicKeyAcceptedTypes(format!("ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa")))?; + session.set_option(SshOption::KeyExchange(kex.join(",")))?; + session.set_option(SshOption::HmacCS(hmac.join(",")))?; + session.set_option(SshOption::HmacSC(hmac.join(",")))?; + session.set_option(SshOption::HostKeys(key_types.join(",")))?; + session.set_option(SshOption::PublicKeyAcceptedTypes(key_types.join(",")))?; session.set_option(SshOption::ProcessConfig(false))?; #[cfg(windows)] {