[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S


On 1/4/16, 4:31 PM, Michael Ulmer wrote:
I've limited libssh's AES (in kex.c) to "aes256-ctr,aes192-ctr,aes128-ctr".

In my ssh server implementation I create a server bind & session and want to
dynamically add "aes256-cbc,aes192-cbc,aes128-cbc".

I figured I could call ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, ciphers)
where ciphers is "aes256-cbc,aes192-cbc,aes128-cbc". The function call appears
ineffectual in allowing clients to connect with the new cipher spec--the server
gives me the following:

"no matching cipher found:
client aes256-cbc,aes192-cbc,aes128-cbc
server aes256-ctr,aes192-ctr,aes128-ctr"

Is it possible to dynamically set a session's SSH_OPTIONS_CIPHERS_C_S?

There is a proposed new function 'ssh_server_init_kex(ssh_session)' in this patch
which I think will do what you want:

  https://red.libssh.org/issues/159#note-11

  (also here: https://github.com/simonsj/libssh/commit/00a48e2ac2961455e2a464a12864c1d09d3b7262)


-Jon

Follow-Ups:
RE: Dynamically set session's SSH_OPTIONS_CIPHERS_C_SMichael Ulmer <mulmer@xxxxxxxxxxxxxxx>
References:
Dynamically set session's SSH_OPTIONS_CIPHERS_C_SMichael Ulmer <mulmer@xxxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org