From f4c787ab74c1efe0eb242b3e867cc20b9ddb61c9 Mon Sep 17 00:00:00 2001 From: Joel Date: Thu, 30 Mar 2023 18:00:54 +0100 Subject: [PATCH] sftp: add --sftp-host-key-algorithms to allow specifying SSH host key algorithms --- backend/sftp/sftp.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/backend/sftp/sftp.go b/backend/sftp/sftp.go index 1d6097894..3554343b8 100644 --- a/backend/sftp/sftp.go +++ b/backend/sftp/sftp.go @@ -368,6 +368,20 @@ At least one must match with server configuration. This can be checked for examp Example: umac-64-etm@openssh.com umac-128-etm@openssh.com hmac-sha2-256-etm@openssh.com +`, + Advanced: true, + }, { + Name: "host_key_algorithms", + Default: fs.SpaceSepList{}, + Help: `Space separated list of host key algorithms, ordered by preference. + +At least one must match with server configuration. This can be checked for example using ssh -Q HostKeyAlgorithms. + +Note: This can affect the outcome of key negotiation with the server even if server host key validation is not enabled. + +Example: + + ssh-ed25519 ssh-rsa ssh-dss `, Advanced: true, }}, @@ -408,6 +422,7 @@ type Options struct { Ciphers fs.SpaceSepList `config:"ciphers"` KeyExchange fs.SpaceSepList `config:"key_exchange"` MACs fs.SpaceSepList `config:"macs"` + HostKeyAlgorithms fs.SpaceSepList `config:"host_key_algorithms"` } // Fs stores the interface to the remote SFTP files @@ -740,6 +755,10 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e ClientVersion: "SSH-2.0-" + f.ci.UserAgent, } + if len(opt.HostKeyAlgorithms) != 0 { + sshConfig.HostKeyAlgorithms = []string(opt.HostKeyAlgorithms) + } + if opt.KnownHostsFile != "" { hostcallback, err := knownhosts.New(env.ShellExpand(opt.KnownHostsFile)) if err != nil {