Code Review / netconf.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 6d009fb)
Add diffie-hellman-group14-sha1 to the list of default key exchange algorithms 60/95460/2
authorOleksii Mozghovyi <oleksii.mozghovyi@pantheon.tech>
Wed, 10 Mar 2021 10:47:55 +0000 (12:47 +0200)
committerOleksii Mozghovyi <oleksii.mozghovyi@pantheon.tech>
Wed, 10 Mar 2021 18:41:06 +0000 (20:41 +0200)
The list of key exchange algorithms enabled by default has been changed
with a Mina SSHD uplift to the version of 2.6.0, leaving some of the
SHA1 algorithms disabled by default. Some the devices might still use
this algorithm, so this change brings back the
'diffie-hellman-group14-sha1' algorithm to the list.

JIRA: NETCONF-765
Change-Id: Iea58448981e19f1632799d05dbda8784415ebf1f
Signed-off-by: Oleksii Mozghovyi <oleksii.mozghovyi@pantheon.tech>
netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/client/NetconfClientBuilder.java patch | blob | history

diff --git a/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/client/NetconfClientBuilder.java b/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/client/NetconfClientBuilder.java
index cb2ba4edadcfae1564dcadadbc40c59d918a4e4f..c8ca24e4ea1809bdebb5797ca884320b0b290b27 100644 (file)
--- a/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/client/NetconfClientBuilder.java
+++ b/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/client/NetconfClientBuilder.java
@@ -13,9 +13,13 @@ import com.google.common.annotations.Beta;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Streams;
 import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Stream;
 import org.opendaylight.netconf.shaded.sshd.client.ClientBuilder;
 import org.opendaylight.netconf.shaded.sshd.client.SshClient;
 import org.opendaylight.netconf.shaded.sshd.common.NamedFactory;
+import org.opendaylight.netconf.shaded.sshd.common.kex.BuiltinDHFactories;
+import org.opendaylight.netconf.shaded.sshd.common.kex.KeyExchangeFactory;
 import org.opendaylight.netconf.shaded.sshd.common.signature.BuiltinSignatures;
 import org.opendaylight.netconf.shaded.sshd.common.signature.Signature;
 
@@ -33,6 +37,15 @@ public class NetconfClientBuilder extends ClientBuilder {
             .distinct()
             .collect(ImmutableList.<NamedFactory<Signature>>toImmutableList());
 
+    // The SHA1 algorithm is disabled by default in Mina SSHD since 2.6.0.
+    // More details available here: https://issues.apache.org/jira/browse/SSHD-1004
+    // This block adds diffie-hellman-group14-sha1 back to the list of supported algorithms.
+    private static final ImmutableList<BuiltinDHFactories> FULL_DH_FACTORIES_LIST =
+        Streams.concat(DEFAULT_KEX_PREFERENCE.stream(), Stream.of(BuiltinDHFactories.dhg14))
+            .collect(ImmutableList.toImmutableList());
+    private static final List<KeyExchangeFactory> FULL_KEX_PREFERENCE =
+        NamedFactory.setUpTransformedFactories(true, FULL_DH_FACTORIES_LIST, DH2KEX);
+
     @Override
     public NetconfSshClient build() {
         final SshClient client = super.build();
@@ -48,6 +61,9 @@ public class NetconfClientBuilder extends ClientBuilder {
         if (signatureFactories == null) {
             signatureFactories = FULL_SIGNATURE_PREFERENCE;
         }
+        if (keyExchangeFactories == null) {
+            keyExchangeFactories = FULL_KEX_PREFERENCE;
+        }
         return super.fillWithDefaultValues();
     }
 }
Netconf