I have reintroduced aes*-cbc ciphers into the ssh library, based on older
patches here: https://codereview.appspot.com/5342057/, specifically
patchset 6. I require these block ciphers such that I can connect to older
Cisco networking equipment for configuration monitoring; much of this
equipment can't be upgraded.

These block ciphers are known to be insecure, so in my implementation thus
far they are disabled by default, and must be requested through the
ssh.Config structure as follows:
         sshConfig := ssh.ClientConfig{
                 User: opts.Username,
Auth: []ssh.AuthMethod{ ...auth stuff... },
                 Config: ssh.Config{
                         Ciphers: ssh.AllSupportedCiphers(), // include cbc

At the moment, this change re-introduces more readPacket()/writePacket()
routines for use with block ciphers; the rest is minor refactoring and
plumbing code in order to have stream ciphers and block ciphers using the
appropriate readPacket/writePacket pairs.

Is this approach sound? Any comments/criticisms are appreciated. It would
be nice to merge this back to the go.crypto mainline.

Code change thus far is
here: https://code.google.com/r/marksheahan-sshblock/source/detail?r=4b0b9c4a2d4ea9d06849724fe8f7391107e35274


You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
postedNov 4, '14 at 12:54a
activeNov 4, '14 at 12:54a

1 user in discussion

Mark Sheahan: 1 post



site design / logo © 2022 Grokbase