From 5f308a655063e6ed95b99c578ce1c40f3ce5b57d Mon Sep 17 00:00:00 2001 From: Jovi Hsu Date: Tue, 17 Oct 2023 08:16:49 +0000 Subject: [PATCH 1/6] Fix some cfg annotations & test functions --- src/algorithm/public_key/mod.rs | 2 +- tests/algorithms.rs | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/algorithm/public_key/mod.rs b/src/algorithm/public_key/mod.rs index 62b47e8..485f40c 100644 --- a/src/algorithm/public_key/mod.rs +++ b/src/algorithm/public_key/mod.rs @@ -1,6 +1,6 @@ use crate::SshError; -#[cfg(feature = "deprecated-rsa-sha1")] +#[cfg(feature = "deprecated-dss-sha1")] mod dss; mod ed25519; mod rsa; diff --git a/tests/algorithms.rs b/tests/algorithms.rs index 056975b..6688964 100644 --- a/tests/algorithms.rs +++ b/tests/algorithms.rs @@ -15,6 +15,7 @@ mod test { env_getter!(username, "ubuntu"); env_getter!(server, "127.0.0.1:22"); env_getter!(pem_rsa, "./rsa_old"); + env_getter!(passwd, "password"); #[cfg(feature = "deprecated-rsa-sha1")] #[test] @@ -33,15 +34,15 @@ mod test { session.close(); } - #[cfg(feature = "deprecated-algorithms")] + #[cfg(feature = "deprecated-dss-sha1")] #[test] fn test_ssh_dss() { let session = ssh::create_session_without_default() .username(&get_username()) - .private_key_path(get_pem_rsa()) - .add_kex_algorithms(algorithm::Kex::DiffieHellmanGroup1Sha1) + .password(&get_passwd()) + .add_kex_algorithms(algorithm::Kex::DiffieHellmanGroup14Sha1) .add_pubkey_algorithms(algorithm::PubKey::SshDss) - .add_enc_algorithms(algorithm::Enc::Aes256Cbc) + .add_enc_algorithms(algorithm::Enc::Aes128Ctr) .add_compress_algorithms(algorithm::Compress::None) .add_mac_algortihms(algorithm::Mac::HmacSha1) .connect(get_server()) @@ -50,14 +51,14 @@ mod test { session.close(); } - #[cfg(feature = "deprecated-algorithms")] + #[cfg(feature = "deprecated-dh-group1-sha1")] #[test] fn test_dh_group1() { let session = ssh::create_session_without_default() .username(&get_username()) .private_key_path(get_pem_rsa()) .add_kex_algorithms(algorithm::Kex::DiffieHellmanGroup1Sha1) - .add_pubkey_algorithms(algorithm::PubKey::SshRsa) + .add_pubkey_algorithms(algorithm::PubKey::RsaSha2_256) .add_enc_algorithms(algorithm::Enc::Aes128Ctr) .add_compress_algorithms(algorithm::Compress::None) .add_mac_algortihms(algorithm::Mac::HmacSha1) From 6a5c56e860944d405a6be7ce80e37e35ff71ccfc Mon Sep 17 00:00:00 2001 From: Jovi Hsu Date: Tue, 17 Oct 2023 08:24:03 +0000 Subject: [PATCH 2/6] Fix CI for dsa tests --- .github/workflows/build.yml | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index be1524e..7f4363f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -83,8 +83,28 @@ jobs: run: apk add --no-cache --update sudo openssh bash openssh-keygen gcc musl-dev rust cargo - name: add user run: addgroup ubuntu && adduser --shell /bin/ash --disabled-password --home /home/ubuntu --ingroup ubuntu ubuntu && echo "ubuntu:password" | chpasswd - - name: config ssh - run: ssh-keygen -A && sed -i -E "s|(AuthorizedKeysFile).*|\1 %h/.ssh/authorized_keys|g" /etc/ssh/sshd_config && echo "HostKeyAlgorithms=+ssh-rsa,ssh-dss" >> /etc/ssh/sshd_config && echo "PubkeyAcceptedAlgorithms=+ssh-rsa,ssh-dss" >> /etc/ssh/sshd_config && echo "KexAlgorithms=+diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config && echo "Ciphers=+aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc" >> /etc/ssh/sshd_config && sed -i -E "s/#?(ChallengeResponseAuthentication|PasswordAuthentication).*/\1 yes/g" /etc/ssh/sshd_config + - name: config ssh keys + run: ssh-keygen -A + - name: generate dsa keys + run: ssh-keygen -t dsa -b 1024 -N '' -f /etc/ssh/ssh_host_dsa_key + - name: add pubkey authentication + run: sed -i -E "s|(AuthorizedKeysFile).*|\1 %h/.ssh/authorized_keys|g" /etc/ssh/sshd_config + - name: enable password authentication + run: sed -i -E "s/#?(ChallengeResponseAuthentication|PasswordAuthentication).*/\1 yes/g" /etc/ssh/sshd_config + - name: add deprecated pubkeys + run: echo "HostKeyAlgorithms=+ssh-rsa,ssh-dss" >> /etc/ssh/sshd_config && echo "PubkeyAcceptedAlgorithms=+ssh-rsa,ssh-dss" >> /etc/ssh/sshd_config + - name: add deprecated kexes + run: echo "KexAlgorithms=+diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config + - name: add deprecated ciphers + run: echo "Ciphers=+aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc" >> /etc/ssh/sshd_config + - name: add deprecated dsa keys + run: echo "HostKey /etc/ssh/ssh_host_dsa_key" >> /etc/ssh/sshd_config + - name: add rsa keys + run: echo "HostKey /etc/ssh/ssh_host_rsa_key" >> /etc/ssh/sshd_config + - name: add ed25519 keys + run: echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config + - name: add ecdsa keys + run: echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> /etc/ssh/sshd_config - name: create .ssh run: mkdir -p /home/ubuntu/.ssh && umask 066; touch /home/ubuntu/.ssh/authorized_keys - name: generate rsa files From f8d55f7bb23821f0ad09496896fa91d2c69647be Mon Sep 17 00:00:00 2001 From: Jovi Hsu Date: Tue, 17 Oct 2023 08:35:44 +0000 Subject: [PATCH 3/6] Bump ring to v0.17 --- Cargo.toml | 2 +- src/algorithm/key_exchange/mod.rs | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 7ada84a..c309016 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -59,7 +59,7 @@ cbc = { version = "0.1", optional = true } cipher = { version = "0.4", optional = true } ssh-key = { version = "0.6", features = ["rsa", "ed25519", "alloc"]} signature = "2.1" -ring = "0.16" +ring = "0.17" ## compression flate2 = "^1.0" diff --git a/src/algorithm/key_exchange/mod.rs b/src/algorithm/key_exchange/mod.rs index d894d16..7161b06 100644 --- a/src/algorithm/key_exchange/mod.rs +++ b/src/algorithm/key_exchange/mod.rs @@ -33,10 +33,9 @@ pub(crate) fn agree_ephemeral>( match agreement::agree_ephemeral( private_key, peer_public_key, - ring::error::Unspecified, |key_material| Ok(key_material.to_vec()), ) { - Ok(o) => Ok(o), + Ok(o) => o, Err(e) => Err(SshError::KexError(e.to_string())), } } From 03ecffd01a9aec0893fe51f0fb1eafff22d9c507 Mon Sep 17 00:00:00 2001 From: Jovi Hsu Date: Tue, 17 Oct 2023 08:36:26 +0000 Subject: [PATCH 4/6] Fix unused funcion under tests/ --- tests/algorithms.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/algorithms.rs b/tests/algorithms.rs index 6688964..d86e1bc 100644 --- a/tests/algorithms.rs +++ b/tests/algorithms.rs @@ -15,6 +15,7 @@ mod test { env_getter!(username, "ubuntu"); env_getter!(server, "127.0.0.1:22"); env_getter!(pem_rsa, "./rsa_old"); + #[cfg(feature = "deprecated-dss-sha1")] env_getter!(passwd, "password"); #[cfg(feature = "deprecated-rsa-sha1")] From 8bee98a74a037f0229c20bf6368a1c7ec9fddd6a Mon Sep 17 00:00:00 2001 From: Jovi Hsu Date: Tue, 17 Oct 2023 08:50:06 +0000 Subject: [PATCH 5/6] Fix cargo fmt & build issue for wasm32 --- Cargo.toml | 2 +- src/algorithm/key_exchange/mod.rs | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c309016..875f60c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -68,7 +68,7 @@ flate2 = "^1.0" filetime = { version = "0.2", optional = true } [target.'cfg(target_arch = "wasm32")'.dependencies] -getrandom = { version = "0.2", features = ["js"] } +ring = { version = "0.17", features = ["wasm32_unknown_unknown_js"] } [dev-dependencies] diff --git a/src/algorithm/key_exchange/mod.rs b/src/algorithm/key_exchange/mod.rs index 7161b06..d860edc 100644 --- a/src/algorithm/key_exchange/mod.rs +++ b/src/algorithm/key_exchange/mod.rs @@ -30,11 +30,9 @@ pub(crate) fn agree_ephemeral>( private_key: EphemeralPrivateKey, peer_public_key: &UnparsedPublicKey, ) -> SshResult> { - match agreement::agree_ephemeral( - private_key, - peer_public_key, - |key_material| Ok(key_material.to_vec()), - ) { + match agreement::agree_ephemeral(private_key, peer_public_key, |key_material| { + Ok(key_material.to_vec()) + }) { Ok(o) => o, Err(e) => Err(SshError::KexError(e.to_string())), } From 5e727c519d019338574947cbd68652ab13a977cc Mon Sep 17 00:00:00 2001 From: Jovi Hsu Date: Tue, 17 Oct 2023 09:16:29 +0000 Subject: [PATCH 6/6] Release 0.4.3 --- Cargo.toml | 2 +- changelog | 4 ++++ src/constant.rs | 2 +- src/lib.rs | 2 +- version | 2 +- 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 875f60c..4735f36 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "ssh-rs" -version = "0.4.2" +version = "0.4.3" edition = "2021" authors = [ "Gao Xiang Kang <1148118271@qq.com>", diff --git a/changelog b/changelog index b1d55c9..86c97f3 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,7 @@ +v0.4.3 (2023-10-18) + 1. Bump ring to 0.17 + 2. Add ssh-dss support (behind feature deprecated-dss-sha1) + v0.4.2 (2023-10-13) 1. Bump trace version, see #75 for more details 2. Bugfix: Do not panic at non-ssh server connections, see #77 for more diff --git a/src/constant.rs b/src/constant.rs index 921e6d1..51098fc 100644 --- a/src/constant.rs +++ b/src/constant.rs @@ -1,5 +1,5 @@ /// The client version -pub(crate) const CLIENT_VERSION: &str = "SSH-2.0-SSH_RS-0.4.2"; +pub(crate) const CLIENT_VERSION: &str = "SSH-2.0-SSH_RS-0.4.3"; pub(crate) const SSH_MAGIC: &[u8] = b"SSH-"; /// The constant strings that used for ssh communication diff --git a/src/lib.rs b/src/lib.rs index 6a47fda..b7dcc40 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,6 +1,6 @@ //! Dependencies //! ```toml -//! ssh-rs = "0.4.2" +//! ssh-rs = "0.4.3" //! ``` //! //!Rust implementation of ssh2.0 client. diff --git a/version b/version index 2b7c5ae..17b2ccd 100644 --- a/version +++ b/version @@ -1 +1 @@ -0.4.2 +0.4.3