karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ancoron Luciferis (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (KARAF-3622) Enhance SSH configuration mechanism
Date Thu, 19 Mar 2015 14:09:38 GMT

     [ https://issues.apache.org/jira/browse/KARAF-3622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Ancoron Luciferis updated KARAF-3622:
    Attachment: karaf-3.0.x-Improve-SSH-shell-configuration-support.patch

Attached patch [^karaf-3.0.x-Improve-SSH-shell-configuration-support.patch] applicable to
branch "karaf-3.0.x" which solves the problem in a more generic way by not hard-coding/duplicating
SSHD code or classes, but rely on the SSHD runtime configuration mechanism to figure our which
types are actually supported and configurable.

In case a configured name cannot be matched, a warning will be logged. The reason for that
is that users should be made aware if a high-security configuration cannot be applied.

> Enhance SSH configuration mechanism
> -----------------------------------
>                 Key: KARAF-3622
>                 URL: https://issues.apache.org/jira/browse/KARAF-3622
>             Project: Karaf
>          Issue Type: Improvement
>          Components: karaf-shell
>    Affects Versions: 3.0.3
>            Reporter: Ancoron Luciferis
>              Labels: security
>         Attachments: karaf-3.0.x-Improve-SSH-shell-configuration-support.patch
> Currently, the SSH configuration for the remote shell provides only limited access to
the configuration capabilities of the library being used (Apache MINA/SSHD).
> E.g., it is currently not possible to configure a better HMAC than SHA1, although the
SSHD core library version 0.12+ supports at least "hmac-sha2-512" and "hmac-sha2-256".
> Also, the key exchange mechanism is currently not configurable at all, which makes it
impossible to enforce highly secure connection establishment from the server side.

This message was sent by Atlassian JIRA

View raw message