Merge pull request #82 from HsuJv/v0_4_3

Release 0.4.3
1148118271 · Oct 17, 2023 · c574c9b · c574c9b
2 parents 477c37a + 5e727c5
commit c574c9b
Show file tree

Hide file tree

Showing 9 changed files with 45 additions and 22 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -83,8 +83,28 @@ jobs:
         run: apk add --no-cache --update sudo openssh bash openssh-keygen gcc musl-dev rust cargo
       - name: add user
         run: addgroup ubuntu && adduser --shell /bin/ash --disabled-password --home /home/ubuntu --ingroup ubuntu ubuntu && echo "ubuntu:password" | chpasswd
-      - name: config ssh
-        run: ssh-keygen -A && sed -i -E "s|(AuthorizedKeysFile).*|\1 %h/.ssh/authorized_keys|g" /etc/ssh/sshd_config && echo "HostKeyAlgorithms=+ssh-rsa,ssh-dss" >> /etc/ssh/sshd_config && echo "PubkeyAcceptedAlgorithms=+ssh-rsa,ssh-dss" >> /etc/ssh/sshd_config && echo "KexAlgorithms=+diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config &&  echo "Ciphers=+aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc" >> /etc/ssh/sshd_config && sed -i -E "s/#?(ChallengeResponseAuthentication|PasswordAuthentication).*/\1 yes/g" /etc/ssh/sshd_config
+      - name: config ssh keys
+        run: ssh-keygen -A 
+      - name: generate dsa keys
+        run: ssh-keygen -t dsa -b 1024 -N '' -f /etc/ssh/ssh_host_dsa_key
+      - name: add pubkey authentication
+        run: sed -i -E "s|(AuthorizedKeysFile).*|\1 %h/.ssh/authorized_keys|g" /etc/ssh/sshd_config
+      - name: enable password authentication
+        run: sed -i -E "s/#?(ChallengeResponseAuthentication|PasswordAuthentication).*/\1 yes/g" /etc/ssh/sshd_config
+      - name: add deprecated pubkeys
+        run: echo "HostKeyAlgorithms=+ssh-rsa,ssh-dss" >> /etc/ssh/sshd_config && echo "PubkeyAcceptedAlgorithms=+ssh-rsa,ssh-dss" >> /etc/ssh/sshd_config
+      - name: add deprecated kexes
+        run: echo "KexAlgorithms=+diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config
+      - name: add deprecated ciphers
+        run: echo "Ciphers=+aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc" >> /etc/ssh/sshd_config
+      - name: add deprecated dsa keys
+        run: echo "HostKey /etc/ssh/ssh_host_dsa_key" >> /etc/ssh/sshd_config
+      - name: add rsa keys
+        run: echo "HostKey /etc/ssh/ssh_host_rsa_key" >> /etc/ssh/sshd_config
+      - name: add ed25519 keys
+        run: echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
+      - name: add ecdsa keys
+        run: echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> /etc/ssh/sshd_config
       - name: create .ssh
         run: mkdir -p /home/ubuntu/.ssh && umask 066; touch /home/ubuntu/.ssh/authorized_keys
       - name: generate rsa files

diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ssh-rs"
-version = "0.4.2"
+version = "0.4.3"
 edition = "2021"
 authors = [
     "Gao Xiang Kang <[email protected]>",
@@ -59,7 +59,7 @@ cbc = { version = "0.1", optional = true }
 cipher = { version = "0.4", optional = true }
 ssh-key = { version = "0.6", features = ["rsa", "ed25519", "alloc"]}
 signature = "2.1"
-ring = "0.16"
+ring = "0.17"
 
 ## compression
 flate2 = "^1.0"
@@ -68,7 +68,7 @@ flate2 = "^1.0"
 filetime = { version = "0.2", optional = true }
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
-getrandom = { version = "0.2", features = ["js"] }
+ring = { version = "0.17", features = ["wasm32_unknown_unknown_js"] }
 
 
 [dev-dependencies]

diff --git a/changelog b/changelog
@@ -1,3 +1,7 @@
+v0.4.3 (2023-10-18)
+    1. Bump ring to 0.17
+    2. Add ssh-dss support (behind feature deprecated-dss-sha1)
+
 v0.4.2 (2023-10-13)
     1. Bump trace version, see #75 for more details
     2. Bugfix: Do not panic at non-ssh server connections, see #77 for more

diff --git a/src/algorithm/key_exchange/mod.rs b/src/algorithm/key_exchange/mod.rs
@@ -30,13 +30,10 @@ pub(crate) fn agree_ephemeral<B: AsRef<[u8]>>(
     private_key: EphemeralPrivateKey,
     peer_public_key: &UnparsedPublicKey<B>,
 ) -> SshResult<Vec<u8>> {
-    match agreement::agree_ephemeral(
-        private_key,
-        peer_public_key,
-        ring::error::Unspecified,
-        |key_material| Ok(key_material.to_vec()),
-    ) {
-        Ok(o) => Ok(o),
+    match agreement::agree_ephemeral(private_key, peer_public_key, |key_material| {
+        Ok(key_material.to_vec())
+    }) {
+        Ok(o) => o,
         Err(e) => Err(SshError::KexError(e.to_string())),
     }
 }

diff --git a/src/algorithm/public_key/mod.rs b/src/algorithm/public_key/mod.rs
@@ -1,6 +1,6 @@
 use crate::SshError;
 
-#[cfg(feature = "deprecated-rsa-sha1")]
+#[cfg(feature = "deprecated-dss-sha1")]
 mod dss;
 mod ed25519;
 mod rsa;

diff --git a/src/constant.rs b/src/constant.rs
@@ -1,5 +1,5 @@
 /// The client version
-pub(crate) const CLIENT_VERSION: &str = "SSH-2.0-SSH_RS-0.4.2";
+pub(crate) const CLIENT_VERSION: &str = "SSH-2.0-SSH_RS-0.4.3";
 pub(crate) const SSH_MAGIC: &[u8] = b"SSH-";
 
 /// The constant strings that used for ssh communication

diff --git a/src/lib.rs b/src/lib.rs
@@ -1,6 +1,6 @@
 //! Dependencies
 //! ```toml
-//! ssh-rs = "0.4.2"
+//! ssh-rs = "0.4.3"
 //! ```
 //!
 //!Rust implementation of ssh2.0 client.

diff --git a/tests/algorithms.rs b/tests/algorithms.rs
@@ -15,6 +15,8 @@ mod test {
     env_getter!(username, "ubuntu");
     env_getter!(server, "127.0.0.1:22");
     env_getter!(pem_rsa, "./rsa_old");
+    #[cfg(feature = "deprecated-dss-sha1")]
+    env_getter!(passwd, "password");
 
     #[cfg(feature = "deprecated-rsa-sha1")]
     #[test]
@@ -33,15 +35,15 @@ mod test {
         session.close();
     }
 
-    #[cfg(feature = "deprecated-algorithms")]
+    #[cfg(feature = "deprecated-dss-sha1")]
     #[test]
     fn test_ssh_dss() {
         let session = ssh::create_session_without_default()
             .username(&get_username())
-            .private_key_path(get_pem_rsa())
-            .add_kex_algorithms(algorithm::Kex::DiffieHellmanGroup1Sha1)
+            .password(&get_passwd())
+            .add_kex_algorithms(algorithm::Kex::DiffieHellmanGroup14Sha1)
             .add_pubkey_algorithms(algorithm::PubKey::SshDss)
-            .add_enc_algorithms(algorithm::Enc::Aes256Cbc)
+            .add_enc_algorithms(algorithm::Enc::Aes128Ctr)
             .add_compress_algorithms(algorithm::Compress::None)
             .add_mac_algortihms(algorithm::Mac::HmacSha1)
             .connect(get_server())
@@ -50,14 +52,14 @@ mod test {
         session.close();
     }
 
-    #[cfg(feature = "deprecated-algorithms")]
+    #[cfg(feature = "deprecated-dh-group1-sha1")]
     #[test]
     fn test_dh_group1() {
         let session = ssh::create_session_without_default()
             .username(&get_username())
             .private_key_path(get_pem_rsa())
             .add_kex_algorithms(algorithm::Kex::DiffieHellmanGroup1Sha1)
-            .add_pubkey_algorithms(algorithm::PubKey::SshRsa)
+            .add_pubkey_algorithms(algorithm::PubKey::RsaSha2_256)
             .add_enc_algorithms(algorithm::Enc::Aes128Ctr)
             .add_compress_algorithms(algorithm::Compress::None)
             .add_mac_algortihms(algorithm::Mac::HmacSha1)

diff --git a/version b/version
@@ -1 +1 @@
-0.4.2
+0.4.3