github/rclone
1
Fork 0
mirror of https://github.com/rclone/rclone synced 2024-10-18 04:15:01 +02:00
Code Releases Activity

ssh: opt-in support for diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 - fixes #1810

Browse Source
This commit is contained in:
Yi FU 2019-07-10 14:23:02 +02:00 committed by buengese
parent 5433021e8b
commit 0a1169e659
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
backend/sftp/sftp.go
View File

@ -86,7 +86,7 @@ when the ssh-agent contains many keys.`,
Default: false, Default: false,
}, { }, {
Name: "use_insecure_cipher", Name: "use_insecure_cipher",
Help: "Enable the use of the aes128-cbc cipher. This cipher is insecure and may allow plaintext data to be recovered by an attacker.", Help: "Enable the use of the aes128-cbc cipher and diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1 key exchange. Those algorithms are insecure and may allow plaintext data to be recovered by an attacker.",
Default: false, Default: false,
Examples: []fs.OptionExample{ Examples: []fs.OptionExample{
{ {
@ -94,7 +94,7 @@ when the ssh-agent contains many keys.`,
Help: "Use default Cipher list.", Help: "Use default Cipher list.",
}, { }, {
Value: "true", Value: "true",
Help: "Enables the use of the aes128-cbc cipher.", Help: "Enables the use of the aes128-cbc cipher and diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1 key exchange.",
}, },
}, },
}, { }, {
@ -345,6 +345,7 @@ func NewFs(name, root string, m configmap.Mapper) (fs.Fs, error) {
if opt.UseInsecureCipher { if opt.UseInsecureCipher {
sshConfig.Config.SetDefaults() sshConfig.Config.SetDefaults()
sshConfig.Config.Ciphers = append(sshConfig.Config.Ciphers, "aes128-cbc") sshConfig.Config.Ciphers = append(sshConfig.Config.Ciphers, "aes128-cbc")
sshConfig.Config.KeyExchanges = append(sshConfig.Config.KeyExchanges, "diffie-hellman-group-exchange-sha1", "diffie-hellman-group-exchange-sha256")
} }
keyFile := env.ShellExpand(opt.KeyFile) keyFile := env.ShellExpand(opt.KeyFile)

4
docs/content/sftp.md
View File

@ -243,7 +243,7 @@ when the ssh-agent contains many keys.
#### --sftp-use-insecure-cipher #### --sftp-use-insecure-cipher
Enable the use of the aes128-cbc cipher. This cipher is insecure and may allow plaintext data to be recovered by an attacker. Enable the use of the aes128-cbc cipher and diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1 key exchange. Those algorithms are insecure and may allow plaintext data to be recovered by an attacker.
- Config: use_insecure_cipher - Config: use_insecure_cipher
- Env Var: RCLONE_SFTP_USE_INSECURE_CIPHER - Env Var: RCLONE_SFTP_USE_INSECURE_CIPHER
@ -253,7 +253,7 @@ Enable the use of the aes128-cbc cipher. This cipher is insecure and may allow p
- "false" - "false"
- Use default Cipher list. - Use default Cipher list.
- "true" - "true"
- Enables the use of the aes128-cbc cipher. - Enables the use of the aes128-cbc cipher and diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1 key exchange.
#### --sftp-disable-hashcheck #### --sftp-disable-hashcheck