@@ -29,6 +29,67 @@ const (
2929 upstreamDialTimeout = time .Second * 10
3030)
3131
32+ // allowed* algorithms are closely copied from the OpenSSH_10.0p2 Ubuntu-5ubuntu5.1 default config.
33+ // ssh.SupportedAlgorithms() returns almost the same, but the order slightly differs and some items are missing.
34+ // It was decided to explicitly list all algos instead of using library-provided defaults.
35+ // As a consequence, the lists must be periodically checked against the current version of OpenSSH
36+ // and updated if necessary.
37+
38+ var allowedKeyExchanges = []string {
39+ ssh .KeyExchangeMLKEM768X25519 ,
40+ ssh .KeyExchangeCurve25519 ,
41+ ssh .KeyExchangeECDHP256 ,
42+ ssh .KeyExchangeECDHP384 ,
43+ ssh .KeyExchangeECDHP521 ,
44+ }
45+
46+ var allowedCiphers = []string {
47+ ssh .CipherChaCha20Poly1305 ,
48+ ssh .CipherAES128GCM ,
49+ ssh .CipherAES256GCM ,
50+ ssh .CipherAES128CTR ,
51+ ssh .CipherAES192CTR ,
52+ ssh .CipherAES256CTR ,
53+ }
54+
55+ var allowedMACs = []string {
56+ ssh .HMACSHA256ETM ,
57+ ssh .HMACSHA512ETM ,
58+ ssh .HMACSHA256 ,
59+ ssh .HMACSHA512 ,
60+ ssh .HMACSHA1 ,
61+ }
62+
63+ var allowedPublicKeyAuthAlgorithms = []string {
64+ ssh .KeyAlgoED25519 ,
65+ ssh .KeyAlgoECDSA256 ,
66+ ssh .KeyAlgoECDSA384 ,
67+ ssh .KeyAlgoECDSA521 ,
68+ ssh .KeyAlgoSKED25519 ,
69+ ssh .KeyAlgoSKECDSA256 ,
70+ ssh .KeyAlgoRSASHA512 ,
71+ ssh .KeyAlgoRSASHA256 ,
72+ }
73+
74+ var allowedHostKeyAlgorithms = []string {
75+ ssh .CertAlgoED25519v01 ,
76+ ssh .CertAlgoECDSA256v01 ,
77+ ssh .CertAlgoECDSA384v01 ,
78+ ssh .CertAlgoECDSA521v01 ,
79+ ssh .CertAlgoSKED25519v01 ,
80+ ssh .CertAlgoSKECDSA256v01 ,
81+ ssh .CertAlgoRSASHA512v01 ,
82+ ssh .CertAlgoRSASHA256v01 ,
83+ ssh .KeyAlgoED25519 ,
84+ ssh .KeyAlgoECDSA256 ,
85+ ssh .KeyAlgoECDSA384 ,
86+ ssh .KeyAlgoECDSA521 ,
87+ ssh .KeyAlgoSKED25519 ,
88+ ssh .KeyAlgoSKECDSA256 ,
89+ ssh .KeyAlgoRSASHA512 ,
90+ ssh .KeyAlgoRSASHA256 ,
91+ }
92+
3293var blacklistedGlobalRequests = []string {
3394 // Host key update mechanism for SSH: https://www.ietf.org/archive/id/draft-miller-sshm-hostkey-update-02.html
3495 // Reasons to blacklist:
@@ -87,7 +148,13 @@ func NewServer(
87148) * Server {
88149 logger := log .GetLogger (ctx )
89150 config := & ssh.ServerConfig {
90- ServerVersion : serverVersion ,
151+ Config : ssh.Config {
152+ KeyExchanges : allowedKeyExchanges ,
153+ Ciphers : allowedCiphers ,
154+ MACs : allowedMACs ,
155+ },
156+ PublicKeyAuthAlgorithms : allowedPublicKeyAuthAlgorithms ,
157+ ServerVersion : serverVersion ,
91158 }
92159
93160 for _ , key := range hostKeys {
@@ -363,11 +430,17 @@ func connectToUpstream(
363430
364431 for i , host := range upstream .hosts {
365432 config := & ssh.ClientConfig {
433+ Config : ssh.Config {
434+ KeyExchanges : allowedKeyExchanges ,
435+ Ciphers : allowedCiphers ,
436+ MACs : allowedMACs ,
437+ },
366438 User : host .user ,
367439 Auth : []ssh.AuthMethod {
368440 ssh .PublicKeys (host .privateKey ),
369441 },
370- HostKeyCallback : ssh .InsecureIgnoreHostKey (),
442+ HostKeyCallback : ssh .InsecureIgnoreHostKey (),
443+ HostKeyAlgorithms : allowedHostKeyAlgorithms ,
371444 }
372445
373446 var netConn net.Conn
0 commit comments