summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/setting/setting.go2
-rw-r--r--modules/ssh/ssh.go56
2 files changed, 1 insertions, 57 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index f93dc53c32..2a189ec9b3 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -164,7 +164,7 @@ var (
Domain: "",
Port: 22,
ServerCiphers: []string{"chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"},
- ServerKeyExchanges: []string{"curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha1"},
+ ServerKeyExchanges: []string{"curve25519-sha256", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"},
ServerMACs: []string{"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha1"},
KeygenPath: "ssh-keygen",
MinimumKeySizeCheck: true,
diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go
index 6f4e993457..1a92edb795 100644
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@@ -317,65 +317,9 @@ func Listen(host string, port int, ciphers, keyExchanges, macs []string) {
}
}
- // Workaround slightly broken behaviour in x/crypto/ssh/handshake.go:458-463
- //
- // Fundamentally the issue here is that HostKeyAlgos make the incorrect assumption
- // that the PublicKey().Type() matches the signature algorithm.
- //
- // Therefore we need to add duplicates for the RSA with different signing algorithms.
- signers := make([]ssh.Signer, 0, len(srv.HostSigners))
- for _, signer := range srv.HostSigners {
- if signer.PublicKey().Type() == "ssh-rsa" {
- signers = append(signers,
- &wrapSigner{
- Signer: signer,
- algorithm: gossh.SigAlgoRSASHA2512,
- },
- &wrapSigner{
- Signer: signer,
- algorithm: gossh.SigAlgoRSASHA2256,
- },
- )
- }
- signers = append(signers, signer)
- }
- srv.HostSigners = signers
-
go listen(&srv)
}
-// wrapSigner wraps a signer and overrides its public key type with the provided algorithm
-type wrapSigner struct {
- ssh.Signer
- algorithm string
-}
-
-// PublicKey returns an associated PublicKey instance.
-func (s *wrapSigner) PublicKey() gossh.PublicKey {
- return &wrapPublicKey{
- PublicKey: s.Signer.PublicKey(),
- algorithm: s.algorithm,
- }
-}
-
-// Sign returns raw signature for the given data. This method
-// will apply the hash specified for the keytype to the data using
-// the algorithm assigned for this key
-func (s *wrapSigner) Sign(rand io.Reader, data []byte) (*gossh.Signature, error) {
- return s.Signer.(gossh.AlgorithmSigner).SignWithAlgorithm(rand, data, s.algorithm)
-}
-
-// wrapPublicKey wraps a PublicKey and overrides its type
-type wrapPublicKey struct {
- gossh.PublicKey
- algorithm string
-}
-
-// Type returns the algorithm
-func (k *wrapPublicKey) Type() string {
- return k.algorithm
-}
-
// GenKeyPair make a pair of public and private keys for SSH access.
// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
// Private Key generated is PEM encoded