[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S
[Thread Prev] | [Thread Next]
- Subject: Re: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S
- From: Jon Simons <jon@xxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Mon, 04 Jan 2016 18:51:01 -0500
- To: mulmer@xxxxxxxxxxxxxxx
- Cc: libssh@xxxxxxxxxx
On 1/4/16, 4:31 PM, Michael Ulmer wrote:
I've limited libssh's AES (in kex.c) to "aes256-ctr,aes192-ctr,aes128-ctr". In my ssh server implementation I create a server bind & session and want to dynamically add "aes256-cbc,aes192-cbc,aes128-cbc". I figured I could call ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, ciphers) where ciphers is "aes256-cbc,aes192-cbc,aes128-cbc". The function call appears ineffectual in allowing clients to connect with the new cipher spec--the server gives me the following: "no matching cipher found: client aes256-cbc,aes192-cbc,aes128-cbc server aes256-ctr,aes192-ctr,aes128-ctr" Is it possible to dynamically set a session's SSH_OPTIONS_CIPHERS_C_S?
There is a proposed new function 'ssh_server_init_kex(ssh_session)' in this patch which I think will do what you want: https://red.libssh.org/issues/159#note-11 (also here: https://github.com/simonsj/libssh/commit/00a48e2ac2961455e2a464a12864c1d09d3b7262) -Jon
| RE: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S | Michael Ulmer <mulmer@xxxxxxxxxxxxxxx> |
| Dynamically set session's SSH_OPTIONS_CIPHERS_C_S | Michael Ulmer <mulmer@xxxxxxxxxxxxxxx> |