FAQ
Hi,

I have reintroduced aes*-cbc ciphers into the ssh library, based on older
patches here: https://codereview.appspot.com/5342057/, specifically
patchset 6. I require these block ciphers such that I can connect to older
Cisco networking equipment for configuration monitoring; much of this
equipment can't be upgraded.

These block ciphers are known to be insecure, so in my implementation thus
far they are disabled by default, and must be requested through the
ssh.Config structure as follows:
         sshConfig := ssh.ClientConfig{
                 User: opts.Username,
Auth: []ssh.AuthMethod{ ...auth stuff... },
                 Config: ssh.Config{
                         Ciphers: ssh.AllSupportedCiphers(), // include cbc
ciphers
                 },
         }

At the moment, this change re-introduces more readPacket()/writePacket()
routines for use with block ciphers; the rest is minor refactoring and
plumbing code in order to have stream ciphers and block ciphers using the
appropriate readPacket/writePacket pairs.

Is this approach sound? Any comments/criticisms are appreciated. It would
be nice to merge this back to the go.crypto mainline.

Code change thus far is
here: https://code.google.com/r/marksheahan-sshblock/source/detail?r=4b0b9c4a2d4ea9d06849724fe8f7391107e35274

Thanks,
Mark


--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedNov 4, '14 at 12:54a
activeNov 4, '14 at 12:54a
posts1
users1
websitegolang.org

1 user in discussion

Mark Sheahan: 1 post

People

Translate

site design / logo © 2022 Grokbase