[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S

Subject: RE: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S
From: Michael Ulmer <mulmer@xxxxxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Tue, 5 Jan 2016 16:56:20 +0000
To: Jon Simons <jon@xxxxxxxxxxxxx>
Cc: "libssh@xxxxxxxxxx" <libssh@xxxxxxxxxx>

Thanks!
________________________________________
From: Jon Simons [jon@xxxxxxxxxxxxx]
Sent: Monday, January 4, 2016 4:51 PM
To: Michael Ulmer
Cc: libssh@xxxxxxxxxx
Subject: Re: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S

On 1/4/16, 4:31 PM, Michael Ulmer wrote:
> I've limited libssh's AES (in kex.c) to "aes256-ctr,aes192-ctr,aes128-ctr".
>
> In my ssh server implementation I create a server bind & session and want to
> dynamically add "aes256-cbc,aes192-cbc,aes128-cbc".
>
> I figured I could call ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, ciphers)
> where ciphers is "aes256-cbc,aes192-cbc,aes128-cbc". The function call appears
> ineffectual in allowing clients to connect with the new cipher spec--the server
> gives me the following:
>
> "no matching cipher found:
> client aes256-cbc,aes192-cbc,aes128-cbc
> server aes256-ctr,aes192-ctr,aes128-ctr"
>
> Is it possible to dynamically set a session's SSH_OPTIONS_CIPHERS_C_S?

There is a proposed new function 'ssh_server_init_kex(ssh_session)' in this patch
which I think will do what you want:

   https://red.libssh.org/issues/159#note-11

   (also here: https://github.com/simonsj/libssh/commit/00a48e2ac2961455e2a464a12864c1d09d3b7262)


-Jon

!SIG:568b0592194811950318924!

References:
Dynamically set session's SSH_OPTIONS_CIPHERS_C_S	Michael Ulmer <mulmer@xxxxxxxxxxxxxxx>
Re: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S	Jon Simons <jon@xxxxxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org