Configurable SSH cipher suite (#913)

* Configurable SSH cipher suite * Update configuration file comment * Add default in settings loading code * Fix fmt and log messsage * Remove default from code as this could probably might not be good idea
2017-10-21 14:13:41 +01:00 · 2017-10-21 14:13:41 +01:00 · 7131c7d40d
commit 7131c7d40d
parent 985a39590b
4 changed files with 11 additions and 3 deletions
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -96,6 +96,7 @@ var (
 		ListenHost           string         `ini:"SSH_LISTEN_HOST"`
 		ListenPort           int            `ini:"SSH_LISTEN_PORT"`
 		RootPath             string         `ini:"SSH_ROOT_PATH"`
+		ServerCiphers        []string       `ini:"SSH_SERVER_CIPHERS"`
 		KeyTestPath          string         `ini:"SSH_KEY_TEST_PATH"`
 		KeygenPath           string         `ini:"SSH_KEYGEN_PATH"`
 		AuthorizedKeysBackup bool           `ini:"SSH_AUTHORIZED_KEYS_BACKUP"`
@ -708,6 +709,7 @@ func NewContext() {
 		SSH.Domain = Domain
 	}
 	SSH.RootPath = path.Join(homeDir, ".ssh")
+	SSH.ServerCiphers = sec.Key("SSH_SERVER_CIPHERS").Strings(",")
 	SSH.KeyTestPath = os.TempDir()
 	if err = Cfg.Section("server").MapTo(&SSH); err != nil {
 		log.Fatal(4, "Failed to map SSH settings: %v", err)
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@ -151,8 +151,11 @@ func listen(config *ssh.ServerConfig, host string, port int) {
 }

 // Listen starts a SSH server listens on given port.
-func Listen(host string, port int) {
+func Listen(host string, port int, ciphers []string) {
 	config := &ssh.ServerConfig{
+		Config: ssh.Config{
+			Ciphers: ciphers,
+		},
 		PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
 			pkey, err := models.SearchPublicKeyByContent(strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key))))
 			if err != nil {