[
https://issues.apache.org/jira/browse/KARAF-3622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ancoron Luciferis updated KARAF-3622:
-------------------------------------
Attachment: karaf-3.0.x-Improve-SSH-shell-configuration-support.patch
Attached patch [^karaf-3.0.x-Improve-SSH-shell-configuration-support.patch]
applicable to branch "karaf-3.0.x" which solves the problem in a more generic
way by not hard-coding/duplicating SSHD code or classes, but rely on the SSHD
runtime configuration mechanism to figure our which types are actually
supported and configurable.
In case a configured name cannot be matched, a warning will be logged. The
reason for that is that users should be made aware if a high-security
configuration cannot be applied.
> Enhance SSH configuration mechanism
> -----------------------------------
>
> Key: KARAF-3622
> URL: https://issues.apache.org/jira/browse/KARAF-3622
> Project: Karaf
> Issue Type: Improvement
> Components: karaf-shell
> Affects Versions: 3.0.3
> Reporter: Ancoron Luciferis
> Labels: security
> Attachments: karaf-3.0.x-Improve-SSH-shell-configuration-support.patch
>
>
> Currently, the SSH configuration for the remote shell provides only limited
> access to the configuration capabilities of the library being used (Apache
> MINA/SSHD).
> E.g., it is currently not possible to configure a better HMAC than SHA1,
> although the SSHD core library version 0.12+ supports at least
> "hmac-sha2-512" and "hmac-sha2-256".
> Also, the key exchange mechanism is currently not configurable at all, which
> makes it impossible to enforce highly secure connection establishment from
> the server side.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
