From 323020c67188ad3b4348428cbbf0da10b363cda2 Mon Sep 17 00:00:00 2001 From: Tom Deseyn Date: Wed, 19 Feb 2025 08:45:54 +0100 Subject: [PATCH] Add workaround for Apache MINA SSHD. --- src/Tmds.Ssh/SshClientSettings.Defaults.cs | 6 +++++- test/Tmds.Ssh.Tests/SshClientSettingsTests.cs | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/Tmds.Ssh/SshClientSettings.Defaults.cs b/src/Tmds.Ssh/SshClientSettings.Defaults.cs index adb1480..680ba0f 100644 --- a/src/Tmds.Ssh/SshClientSettings.Defaults.cs +++ b/src/Tmds.Ssh/SshClientSettings.Defaults.cs @@ -51,7 +51,11 @@ partial class SshClientSettings AlgorithmNames.SshEd25519Cert, AlgorithmNames.EcdsaSha2Nistp521Cert, AlgorithmNames.EcdsaSha2Nistp384Cert, AlgorithmNames.EcdsaSha2Nistp256Cert, AlgorithmNames.RsaSshSha2_512Cert, AlgorithmNames.RsaSshSha2_256Cert, AlgorithmNames.SshEd25519, AlgorithmNames.EcdsaSha2Nistp521, AlgorithmNames.EcdsaSha2Nistp384, AlgorithmNames.EcdsaSha2Nistp256, AlgorithmNames.RsaSshSha2_512, AlgorithmNames.RsaSshSha2_256 ]; internal readonly static List SupportedCASignatureAlgorithms = [ AlgorithmNames.SshEd25519, AlgorithmNames.EcdsaSha2Nistp521, AlgorithmNames.EcdsaSha2Nistp384, AlgorithmNames.EcdsaSha2Nistp256, AlgorithmNames.RsaSshSha2_512, AlgorithmNames.RsaSshSha2_256 ]; - internal readonly static List SupportedMacAlgorithms = EmptyList; + internal readonly static List SupportedMacAlgorithms = [ + // The supported ciphers do not need a MAC. + // We add a MAC here to workaround an issue with Apache MINA SSHD server disconnecting when there is no common MAC algorithm (https://github.com/apache/mina-sshd/issues/664). + AlgorithmNames.HMacSha2_256 + ]; internal readonly static List SupportedCompressionAlgorithms = [ AlgorithmNames.None ]; internal readonly static List DefaultKeyExchangeAlgorithms = SupportedKeyExchangeAlgorithms; internal readonly static List DefaultServerHostKeyAlgorithms = SupportedServerHostKeyAlgorithms; diff --git a/test/Tmds.Ssh.Tests/SshClientSettingsTests.cs b/test/Tmds.Ssh.Tests/SshClientSettingsTests.cs index 4e33a4a..b4c06f1 100644 --- a/test/Tmds.Ssh.Tests/SshClientSettingsTests.cs +++ b/test/Tmds.Ssh.Tests/SshClientSettingsTests.cs @@ -31,8 +31,8 @@ public void Defaults() new Name("ssh-ed25519"), new Name("ecdsa-sha2-nistp521"), new Name("ecdsa-sha2-nistp384"), new Name("ecdsa-sha2-nistp256"), new Name("rsa-sha2-512"), new Name("rsa-sha2-256") }, SshClientSettings.SupportedPublicKeyAlgorithms); Assert.Equal(new[] { new Name("aes256-gcm@openssh.com"), new Name("aes128-gcm@openssh.com"), new Name("chacha20-poly1305@openssh.com") }, settings.EncryptionAlgorithmsClientToServer); Assert.Equal(new[] { new Name("aes256-gcm@openssh.com"), new Name("aes128-gcm@openssh.com"), new Name("chacha20-poly1305@openssh.com") }, settings.EncryptionAlgorithmsServerToClient); - Assert.Equal(Array.Empty(), settings.MacAlgorithmsClientToServer); - Assert.Equal(Array.Empty(), settings.MacAlgorithmsServerToClient); + Assert.Equal(new[] { new Name("hmac-sha2-256") }, settings.MacAlgorithmsClientToServer); + Assert.Equal(new[] { new Name("hmac-sha2-256") }, settings.MacAlgorithmsServerToClient); Assert.Equal(new[] { new Name("none") }, settings.CompressionAlgorithmsClientToServer); Assert.Equal(new[] { new Name("none") }, settings.CompressionAlgorithmsServerToClient); Assert.Equal(Array.Empty(), settings.LanguagesClientToServer);