[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S

From: Jon Simons [jon@xxxxxxxxxxxxx]
Sent: Monday, January 4, 2016 4:51 PM
To: Michael Ulmer
Cc: libssh@xxxxxxxxxx
Subject: Re: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S

On 1/4/16, 4:31 PM, Michael Ulmer wrote:
> I've limited libssh's AES (in kex.c) to "aes256-ctr,aes192-ctr,aes128-ctr".
> In my ssh server implementation I create a server bind & session and want to
> dynamically add "aes256-cbc,aes192-cbc,aes128-cbc".
> I figured I could call ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, ciphers)
> where ciphers is "aes256-cbc,aes192-cbc,aes128-cbc". The function call appears
> ineffectual in allowing clients to connect with the new cipher spec--the server
> gives me the following:
> "no matching cipher found:
> client aes256-cbc,aes192-cbc,aes128-cbc
> server aes256-ctr,aes192-ctr,aes128-ctr"
> Is it possible to dynamically set a session's SSH_OPTIONS_CIPHERS_C_S?

There is a proposed new function 'ssh_server_init_kex(ssh_session)' in this patch
which I think will do what you want:


   (also here: https://github.com/simonsj/libssh/commit/00a48e2ac2961455e2a464a12864c1d09d3b7262)



Dynamically set session's SSH_OPTIONS_CIPHERS_C_SMichael Ulmer <mulmer@xxxxxxxxxxxxxxx>
Re: Dynamically set session's SSH_OPTIONS_CIPHERS_C_SJon Simons <jon@xxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org