Home Explore
Register Sign In
Endevir
/
git-server
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Configurable SSH cipher suite (#4109)

* Configurable SSH cipher suite

* Maintain ordering
spacetourist 8 years ago
parent
563fc7c6d7
commit
29722af1ae
4 changed files with 10 additions and 3 deletions
Split View Show Diff Stats
  1. 2 0
      conf/app.ini
  2. 2 0
      modules/setting/setting.go
  3. 4 1
      modules/ssh/ssh.go
  4. 2 2
      routers/install.go

+ 2 - 0
conf/app.ini
View File 

@@ -116,6 +116,8 @@ SSH_LISTEN_HOST = 0.0.0.0
 
 SSH_LISTEN_PORT = %(SSH_PORT)s
 
 ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
 
 SSH_ROOT_PATH =
 
+; Choose the ciphers to support for SSH connections
 
+SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
 
 ; Directory to create temporary files when test publick key using ssh-keygen,
 
 ; default is system temporary directory.
 
 SSH_KEY_TEST_PATH =

+ 2 - 0
modules/setting/setting.go
View File 

@@ -85,6 +85,7 @@ var (
 
 		ListenHost          string         `ini:"SSH_LISTEN_HOST"`
 
 		ListenPort          int            `ini:"SSH_LISTEN_PORT"`
 
 		RootPath            string         `ini:"SSH_ROOT_PATH"`
 
+		ServerCiphers       []string       `ini:"SSH_SERVER_CIPHERS"`
 
 		KeyTestPath         string         `ini:"SSH_KEY_TEST_PATH"`
 
 		KeygenPath          string         `ini:"SSH_KEYGEN_PATH"`
 
 		MinimumKeySizeCheck bool           `ini:"-"`
 
@@ -425,6 +426,7 @@ func NewContext() {
 
 	}
 
 
 	SSH.RootPath = path.Join(homeDir, ".ssh")
 
+	SSH.ServerCiphers = sec.Key("SSH_SERVER_CIPHERS").Strings(",")
 
 	SSH.KeyTestPath = os.TempDir()
 
 	if err = Cfg.Section("server").MapTo(&SSH); err != nil {
 
 		log.Fatal(4, "Fail to map SSH settings: %v", err)

+ 4 - 1
modules/ssh/ssh.go
View File 

@@ -148,8 +148,11 @@ func listen(config *ssh.ServerConfig, host string, port int) {
 
 }
 
 
 // Listen starts a SSH server listens on given port.
 
-func Listen(host string, port int) {
 
+func Listen(host string, port int, ciphers []string) {
 
 	config := &ssh.ServerConfig{
 
+		Config: ssh.Config{
 
+			Ciphers: ciphers,
 
+		},
 
 		PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
 
 			pkey, err := models.SearchPublicKeyByContent(strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key))))
 
 			if err != nil {

+ 2 - 2
routers/install.go
View File 

@@ -86,8 +86,8 @@ func GlobalInit() {
 
 	checkRunMode()
 
 
 	if setting.InstallLock && setting.SSH.StartBuiltinServer {
 
-		ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort)
 
-		log.Info("SSH server started on %s:%v", setting.SSH.ListenHost, setting.SSH.ListenPort)
 
+		ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers)
 
+		log.Info("SSH server started on %s:%v. Cipher list (%v)", setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers)
 
 	}
 
 }