From b9db527102b71f86268ce705f9dfed855c6e6a3c Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sun, 31 Mar 2019 10:08:53 +0100 Subject: [PATCH] Uppity: enable the des-cbc cipher. There was no way to enable it for testing purposes at all until now. Overriding the server KEX string to mention it doesn't help when it was prevented from getting into the list that scan_kexinit_lists will go through afterwards to find pointers to algorithm structures. --- sshserver.c | 13 +++++++++++++ sshserver.h | 2 ++ unix/uxserver.c | 3 +-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/sshserver.c b/sshserver.c index b2a2e24e..51bf2ff7 100644 --- a/sshserver.c +++ b/sshserver.c @@ -216,6 +216,19 @@ void ssh_conn_processed_data(Ssh *ssh) * around a peculiarity of the GUI event loop, I haven't yet. */ } +Conf *make_ssh_server_conf(void) +{ + Conf *conf = conf_new(); + load_open_settings(NULL, conf); + /* In Uppity, we support even the legacy des-cbc cipher by + * default, so that it will be available if the user forces it by + * overriding the KEXINIT strings. If the user wants it _not_ + * supported, of course, they can override KEXINIT in the other + * direction. */ + conf_set_bool(conf, CONF_ssh2_des_cbc, true); + return conf; +} + static const PlugVtable ssh_server_plugvt = { server_socket_log, server_closing, diff --git a/sshserver.h b/sshserver.h index a78b3eca..9a7696af 100644 --- a/sshserver.h +++ b/sshserver.h @@ -119,3 +119,5 @@ int platform_make_x11_server(Plug *plug, const char *progname, int mindisp, const char *screen_number_suffix, ptrlen authproto, ptrlen authdata, Socket **sockets, Conf *conf); + +Conf *make_ssh_server_conf(void); diff --git a/unix/uxserver.c b/unix/uxserver.c index 541c4ab2..524adef8 100644 --- a/unix/uxserver.c +++ b/unix/uxserver.c @@ -489,8 +489,7 @@ int main(int argc, char **argv) AuthPolicy ap; SshServerConfig ssc; - Conf *conf = conf_new(); - load_open_settings(NULL, conf); + Conf *conf = make_ssh_server_conf(); ap.kbdint_state = 0; ap.ssh1keys = NULL;