You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Lyor Goldstein (Jira)" <ji...@apache.org> on 2020/07/17 08:03:00 UTC
[jira] [Commented] (SSHD-1036) Full support mac and Cipher list
[ https://issues.apache.org/jira/browse/SSHD-1036?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17159764#comment-17159764 ]
Lyor Goldstein commented on SSHD-1036:
--------------------------------------
{quote}
sshd.getMacFactories() this method call, I always get 6 only but as per the above list default macs are 10.
sshd.getCipherFactories() this method call, I always get 10 only but as per the above list default macs are 12.
{quote}
While we support many ciphers, macs, etc. (see https://github.com/apache/mina-sshd/#implementedavailable-support) by default we include only the ones that are considered safe/recommended by the current security guidelines. In this context, please note that we are going to reduce the +default+ supported ciphers, MACs, etc. further in view of the latest guidelines (see SSHD-1004).
{quote}
Can you guide us on how to give all 12 cipher and 10mac support?
{quote}
You can easily add / remove MACs, ciphers, etc... that we support by calling the relevant {{setMAC/Cipher/etc./Factories}}
{code:java}
SshServer sshd = SshServer.setupDefaultServer();
sshd.setCipherFactories(...);
sshd.setMacFactories(...);
sshd.setKeyExchangeFactories(...);
{code}
The supported relevant factories are enum(s) called {{BuiltinXX}} - e.g. {{BuiltinCiphers, BuiltinMacs, BuiltinSignatures}}, and you can simply use them. I understand that you might want to have your server support as many standards as possible, but I do not recommend it as it involves using +weak security+. We try to set up the default according to the community recommendations, but you may decide to take the chance - up to you.
> Full support mac and Cipher list
> ---------------------------------
>
> Key: SSHD-1036
> URL: https://issues.apache.org/jira/browse/SSHD-1036
> Project: MINA SSHD
> Issue Type: Question
> Reporter: Sandeep
> Priority: Major
>
>
> This is the default mac and cipher list I have taken it from ConfigFileReaderSupport
> 1. DEFAULT_MACS= hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96
> 2.DEFAULT_CIPHERS=aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour
>
> But the problem is as follows,
> 1. sshd.getMacFactories() this method call, I always get 6 only but as per the above list default macs are 10.
> 2. sshd.getCipherFactories() this method call, I always get 10 only but as per the above list default macs are 12.
>
> Can you guide us on how to give all 12 cipher and 10mac support?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org