SyncTERM SSH support
+ Enabled all ssh2-streams supported KEX, ciphers, etc. for now. Will communicate with Deuce about this.
This commit is contained in:
Bryan Ashby
parent
206312302a
commit
25560cb47a
|
|
@ -242,6 +242,57 @@ function getDefaultConfig() {
|
||||||
privateKeyPem : paths.join(__dirname, './../config/ssh_private_key.pem'),
|
privateKeyPem : paths.join(__dirname, './../config/ssh_private_key.pem'),
|
||||||
firstMenu : 'sshConnected',
|
firstMenu : 'sshConnected',
|
||||||
firstMenuNewUser : 'sshConnectedNewUser',
|
firstMenuNewUser : 'sshConnectedNewUser',
|
||||||
|
|
||||||
|
//
|
||||||
|
// SSH details that can affect security. Stronger ciphers are better for example,
|
||||||
|
// but terminals such as SyncTERM require KEX diffie-hellman-group14-sha1,
|
||||||
|
// cipher 3des-cbc, etc.
|
||||||
|
//
|
||||||
|
// See https://github.com/mscdex/ssh2-streams for the full list of supported
|
||||||
|
// algorithms.
|
||||||
|
//
|
||||||
|
algorithms : {
|
||||||
|
kex : [
|
||||||
|
'ecdh-sha2-nistp256',
|
||||||
|
'ecdh-sha2-nistp384',
|
||||||
|
'ecdh-sha2-nistp521',
|
||||||
|
'diffie-hellman-group-exchange-sha256',
|
||||||
|
'diffie-hellman-group14-sha1',
|
||||||
|
'diffie-hellman-group-exchange-sha1',
|
||||||
|
'diffie-hellman-group1-sha1',
|
||||||
|
],
|
||||||
|
cipher : [
|
||||||
|
'aes128-ctr',
|
||||||
|
'aes192-ctr',
|
||||||
|
'aes256-ctr',
|
||||||
|
'aes128-gcm',
|
||||||
|
'aes128-gcm@openssh.com',
|
||||||
|
'aes256-gcm',
|
||||||
|
'aes256-gcm@openssh.com',
|
||||||
|
'aes256-cbc',
|
||||||
|
'aes192-cbc',
|
||||||
|
'aes128-cbc',
|
||||||
|
'blowfish-cbc',
|
||||||
|
'3des-cbc',
|
||||||
|
'arcfour256',
|
||||||
|
'arcfour128',
|
||||||
|
'cast128-cbc',
|
||||||
|
'arcfour',
|
||||||
|
],
|
||||||
|
hmac : [
|
||||||
|
'hmac-sha2-256',
|
||||||
|
'hmac-sha2-512',
|
||||||
|
'hmac-sha1',
|
||||||
|
'hmac-md5',
|
||||||
|
'hmac-sha2-256-96',
|
||||||
|
'hmac-sha2-512-96',
|
||||||
|
'hmac-ripemd160',
|
||||||
|
'hmac-sha1-96',
|
||||||
|
'hmac-md5-96',
|
||||||
|
],
|
||||||
|
// note that we disable compression by default due to issues with many clients. YMMV.
|
||||||
|
compress : [ 'none' ]
|
||||||
|
},
|
||||||
},
|
},
|
||||||
webSocket : {
|
webSocket : {
|
||||||
ws : {
|
ws : {
|
||||||
|
|
|
||||||
|
|
@ -251,12 +251,13 @@ exports.getModule = class SSHServerModule extends LoginServerModule {
|
||||||
ident : 'enigma-bbs-' + enigVersion + '-srv',
|
ident : 'enigma-bbs-' + enigVersion + '-srv',
|
||||||
|
|
||||||
// Note that sending 'banner' breaks at least EtherTerm!
|
// Note that sending 'banner' breaks at least EtherTerm!
|
||||||
|
|
||||||
debug : (sshDebugLine) => {
|
debug : (sshDebugLine) => {
|
||||||
if(true === config.loginServers.ssh.traceConnections) {
|
if(true === config.loginServers.ssh.traceConnections) {
|
||||||
Log.trace(`SSH: ${sshDebugLine}`);
|
Log.trace(`SSH: ${sshDebugLine}`);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
algorithms: { compress: ['none'] },
|
algorithms : config.loginServers.ssh.algorithms,
|
||||||
};
|
};
|
||||||
|
|
||||||
this.server = ssh2.Server(serverConf);
|
this.server = ssh2.Server(serverConf);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue