summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
bd71667)
There are various security problems with RC4, this removes
RC4 from the ciphers used in the netconf ssh server.
Change-Id: I8973daf2dfb3670f0c77ffc9099eab2cc2a6cd05
Signed-off-by: Tomas Cere <tcere@cisco.com>
(cherry picked from commit
598345a6d62c4f0a2cfb55bfbc22b6ddd9c9bab7)
import java.io.IOException;
import java.nio.channels.AsynchronousChannelGroup;
import java.util.HashMap;
import java.io.IOException;
import java.nio.channels.AsynchronousChannelGroup;
import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.sshd.SshServer;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.sshd.SshServer;
+import org.apache.sshd.common.Cipher;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.RuntimeSshException;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.RuntimeSshException;
+import org.apache.sshd.common.cipher.ARCFOUR128;
+import org.apache.sshd.common.cipher.ARCFOUR256;
import org.apache.sshd.common.io.IoAcceptor;
import org.apache.sshd.common.io.IoConnector;
import org.apache.sshd.common.io.IoHandler;
import org.apache.sshd.common.io.IoAcceptor;
import org.apache.sshd.common.io.IoConnector;
import org.apache.sshd.common.io.IoHandler;
*/
public class SshProxyServer implements AutoCloseable {
*/
public class SshProxyServer implements AutoCloseable {
+ private static final ARCFOUR128.Factory DEFAULT_ARCFOUR128_FACTORY = new ARCFOUR128.Factory();
+ private static final ARCFOUR256.Factory DEFAULT_ARCFOUR256_FACTORY = new ARCFOUR256.Factory();
private final SshServer sshServer;
private final ScheduledExecutorService minaTimerExecutor;
private final EventLoopGroup clientGroup;
private final SshServer sshServer;
private final ScheduledExecutorService minaTimerExecutor;
private final EventLoopGroup clientGroup;
sshServer.setHost(sshProxyServerConfiguration.getBindingAddress().getHostString());
sshServer.setPort(sshProxyServerConfiguration.getBindingAddress().getPort());
sshServer.setHost(sshProxyServerConfiguration.getBindingAddress().getHostString());
sshServer.setPort(sshProxyServerConfiguration.getBindingAddress().getPort());
+ //remove rc4 ciphers
+ final List<NamedFactory<Cipher>> cipherFactories = sshServer.getCipherFactories();
+ for (Iterator<NamedFactory<Cipher>> i = cipherFactories.iterator(); i.hasNext(); ) {
+ final NamedFactory<Cipher> factory = i.next();
+ if (factory.getName().contains(DEFAULT_ARCFOUR128_FACTORY.getName())
+ || factory.getName().contains(DEFAULT_ARCFOUR256_FACTORY.getName())) {
+ i.remove();
+ }
+ }
sshServer.setPasswordAuthenticator(sshProxyServerConfiguration.getAuthenticator());
sshServer.setKeyPairProvider(sshProxyServerConfiguration.getKeyPairProvider());
sshServer.setPasswordAuthenticator(sshProxyServerConfiguration.getAuthenticator());
sshServer.setKeyPairProvider(sshProxyServerConfiguration.getKeyPairProvider());