[jira] [Commented] (SSHD-1142) To pick up Mac/Cipher preferred values out of the default list

Tue, 16 Mar 2021 10:47:06 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-1142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17302743#comment-17302743
 ] 

Lyor Goldstein commented on SSHD-1142:
--------------------------------------

The order in the list defines the preference - the default one is the 
recommended, but you can override it:
{code:java}
sshd.setMacFactoriesNames(Arrays.asList("mac1", "mac2", "mac3", ...));
{code}
I do want to remind you though that the actual used value depends on the 
client's preferences, so even though the server lists MAC1 as the most 
preferred one, if the client lists MAC5 as its preferred one then MAC5 will be 
used. In other words, the only way to force a client (or server) to use a 
specific MAC (or cipher or key) is to list only that MAC - but then clients (or 
servers) who do not support it will not be able to connect.

> To pick up Mac/Cipher preferred values out of the default list
> --------------------------------------------------------------
>
>                 Key: SSHD-1142
>                 URL: https://issues.apache.org/jira/browse/SSHD-1142
>             Project: MINA SSHD
>          Issue Type: Question
>            Reporter: Susmit Sarkar
>            Priority: Blocker
>
> Hello Lyor,
> I want to use a preferred value while configuring sftp adapter for both 
> cipher and mac algos:
> System.out.println(sshd.getMacFactories());
> [[email protected], [email protected], 
> [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1, hmac-md5, 
> hmac-sha1-96, hmac-md5-96]
> Now if the customer wants a preferred value of *hmac-md5* how can I give it 
> priority compared to all other default ciphers?
> sshd.setMacFactoriesNames(Arrays.asList("hmac-md5"));
> This only sets to hmac-md5, but the list should contain all only the hmac-md5 
> will be in the priority order 1
> *[ hmac-md5]*
> [https://github.com/apache/mina-sshd/blob/master/docs/server-setup.md#configuring-ciphers-macs-digest]
> *One can configure other security components using built-in factories the 
> same way. It is important to remember though that the order of the factories 
> is important as it affects the key exchange phase where the client and server 
> decide what options to use out of each peer's reported preferences.*
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to