summaryrefslogtreecommitdiff
path: root/lib/net/ssh/transport/algorithms.rb
Commit message (Collapse)AuthorAgeFilesLines
* Fix rubocop coding style.Florian Wininger2021-10-251-12/+12
| | | | Lot of spacing issues :)
* HostKeyEntries classesMiklós Fazekas2021-08-051-1/+1
|
* Add support for diffie-hellman-group14-sha256, fixes #794mfazekas/diffie-hellman-group14-sha256Richard Schwab2021-03-151-0/+1
|
* Rubocop fixesMiklos Fazekas2020-06-101-2/+1
|
* Implemented rsa-sha2-512, rsa-sha2-256 host_key algsMiklos Fazekas2020-06-101-1/+4
|
* Revert "Make hmac-sha2-{256,512}-etm opt-in"revert-757-opt-in-etm-hmacMiklós Fazekas2020-04-251-4/+3
|
* Merge pull request #751 from maxfierke/mf-support_algo_subtractionMiklós Fazekas2020-04-241-3/+17
|\ | | | | Support algorithm subtraction syntax from ssh_config
| * Support algorithm subtraction syntax from ssh_configMax Fierke2020-04-141-3/+17
| | | | | | | | | | | | | | | | | | | | As per `man ssh_config` for KexAlgorithms, MACs, and similar options: ``` Multiple algorithms must be comma-separated. Alternately if the specified value begins with a '+' character, then the specified methods will be appended to the default set instead of replacing them. If the specified value begins with a '-' character, then the specified methods (including wildcards) will be removed from the default set instead of replacing them. ``` Without this, having these subtraction options in your SSH config will replace the default algorithms and cause Net::SSH to raise with `Net::SSH::Exception` and "could not settle on host_key algorithm". i.e. it uses `-ssh-rsa` as the algorithm, rather than removing `ssh-rsa` from the algorithm preferences.
* | Make hmac-md5-96 hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com ↵Miklos Fazekas2020-04-241-3/+4
|/ | | | opt in instead of default because of the currpoted hmac issue
* Fix kex algorithm nameAlexander Pyatkin2020-02-111-1/+1
|
* Original (brbrady) Add support for all algorithms in ↵Brandon Weaver2019-10-251-2/+2
| | | | Transport::Algorithms#host_key_format
* Define rubocop metric lengthFlorian Wininger2019-09-251-1/+2
| | | | Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
* Add sha2-{256,512}-etm@openssh.com MAC algorithmsHans de Graaff2019-09-171-1/+2
| | | | | | | | | | | | | | | Implement the Encrypt-Then-Mac versions of the SHA2-256 and SHA2-512 MACs. These MACs are implemented by openssh and may be the only MACs available on a hardened installation of openssh. With EtM the MAC is calculated over the unencrypted packet length and the encrypted payload (which includes padding length and padding). The main benefit of EtM schemes is that it allows the encrypted payload to be authenticated before it gets passed to the encryption engine. This patch does not implement that mechanism, but this can be added later to the poll_next_packet method. Note that all current MACs already pass unauthenticated data to the encryption engine.
* Add Curve25519Sha256Florian Wininger2019-09-101-17/+25
| | | | Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
* Disable by default unsecure algorithmFlorian Wininger2019-09-021-25/+41
| | | | Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
* Remove unnecessary defined?(OpenSSL::PKey::EC) and ↵Florian Wininger2019-08-231-20/+15
| | | | | | defined?(OpenSSL::Digest::SHA256) Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
* Merge pull request #671 from jmutkawoa/masterMiklós Fazekas2019-05-291-1/+1
|\ | | | | Deprecating RC4 as per https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-10
| * remove RC4 from algorithmjmutkawoa2019-03-231-1/+1
| |
* | Add algorithm preferences to exception messageDan Jensen2019-05-061-5/+3
| | | | | | | | | | | | Display server and client algorithm preferences in the 'could not settle' exception message. This is much simpler than logging the preferences and suggesting the user check the log.
* | Log details of failure to negotiate algorithmsDan Jensen2019-05-061-1/+7
|/ | | | | | | Failure to negotiate algorithms is a common cause of connection difficulties. This adds essential troubleshooting information to the log (at the 'error' level), plus a suggestion to check the log. The intent is to clarify the problem and make troubleshooting easier.
* Fix travis ci errors and rubocop issuesMiklos Fazekas2018-11-281-78/+86
|
* Prefer more modern cryptographic algorithms -- fixes #627Tray Torrance2018-10-121-23/+32
| | | | | This commit modifies Net::SSH to prefer strong encryption for HMAC, Cipher, Host Key Authentication and Key Exchange operations.
* Use host_key_fomrmat to compare sig_type as format can be different from algMiklos Fazekas2018-05-261-4/+13
|
* Whitespace fixeswhitespace-fixesMiklos Fazekas2018-03-211-1/+3
|
* Updated rubocopMiklos Fazekas2018-03-211-412/+411
|
* Move `none` cipher to end of cipher listBrian Cain2017-06-081-2/+2
| | | | | | | | | If a consumer used the default for the `:encryption` setting and the host attempted to negotiate cipher suites with only supported suites after `none` (but supported none), it would go ahead and use `none` rather than the other supported cipher suites. This commit updates that behavior to first allow Net::SSH to enumerate all of the possible default cipher suites before ending on `none`.
* s/negoitation/negotiation/Akira Matsuda2017-02-101-1/+1
|
* s/recieved/received/Akira Matsuda2017-02-101-1/+1
|
* Fixed string interpolation issue (#483)Mark Hughes2017-01-071-1/+1
| | | | | | Removed the interpolation of a missing variable which would raise a `NameError` when a `Session` or `Algorithms` instance had a valid `logger` object regardless of log level. Added a test that exercises the method in question, including an assertion that the output log includes the expected string.
* Merge pull request #470 from clupprich/support-parse-plus-in-configsMiklós Fazekas2016-12-191-18/+34
|\ | | | | Correctly parse '+' in config files
| * Extract composing of algorithm list into own methodChristoph Lupprich2016-12-191-29/+34
| |
| * Guard against empty ArrayChristoph Lupprich2016-12-191-1/+1
| |
| * Change name for option-supplied algorithmsChristoph Lupprich2016-12-181-5/+5
| |
| * Add back check for unsupported algorithms in all casesChristoph Lupprich2016-12-181-8/+9
| |
| * Correctly parse '+' in config filesChristoph Lupprich2016-12-171-13/+23
| | | | | | | | | | | | Given “+ssh-dss” in HostkeyAlgorithms, this will no longer reset the list of algorithms, but instead add the specified algorithms to the list of supported ones
* | Rubocop update to 0.46.0Miklos Fazekas2016-12-151-2/+1
|/
* Use 1.9 hash syntaxMiklos Fazekas2016-12-111-43/+43
|
* Added ssh-ed25519 to HostKeys algorithmsMiklos Fazekas2016-12-111-1/+5
|
* UTF-8: Optimize away dup when it's safe, added integrations testsMiklos Fazekas2016-07-231-2/+2
|
* Adds minimum_dh_bits option.Aaron Bedra2016-05-051-0/+1
| | | | | | | This commit introduces a new option, minimum_dh_bits. This option allows the user to specify the minimum required bits for a diffie helman key exchange in situations where the minimum hardcoded value of 1024 is too weak.
* Send KEXINIT without waiting from server.Miklos Fazekas2016-05-011-0/+6
|
* Remove camellia chipher suiteMiklos Fazekas2016-03-191-8/+0
| | | | Closes #278
* Memoize session host keysJean Boussier2016-02-101-2/+1
|
* Allow to substitute Net::SSH::KnownHosts with a custom implementationJean Boussier2016-02-031-1/+2
|
* Fixed tests added option to append all supported algorithmsMiklos Fazekas2015-03-051-0/+4
|
* Stop appending algorithms the user hasn't configuredSimon Kohlmeyer2015-03-051-5/+0
| | | | | | By appending these algorithms, the user configuration is used as a preference list instead of a white list. This means that a connection might use a weaker algorithm than expected.
* Removed unsupported curve25519-sha256@libsshMiklos Fazekas2015-01-071-2/+1
|
* Revert aes-gcm @ opensslrevert_aes_gcmMiklos Fazkeas2014-11-111-1/+0
|
* removed unimplemented hmac, host_key and we now warn instead of fail for ↵Miklos Fazkeas2014-10-031-8/+10
| | | | unimplemented algs
* Update HostKey, HMAC and Kex ciphersChris Aumann2014-04-161-4/+13
| | | | Add ciphers recently added to openssh (since openssh-6.4)
View Lorry Controller Status