Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: x/crypto/ssh: expose client/sever supported algorithms #46638

Open
crazed opened this issue Jun 7, 2021 · 3 comments
Open

proposal: x/crypto/ssh: expose client/sever supported algorithms #46638

crazed opened this issue Jun 7, 2021 · 3 comments
Labels
Proposal Proposal-Crypto
Milestone

Comments

@crazed
Copy link

@crazed crazed commented Jun 7, 2021

When working with a variety of SSH client/server software, it can be useful to expose the supported Key Exchange, MAC, and Ciphers for both client and server side. Primarily this allows someone to answer questions like, "if we remove support for X, will any of our clients fail?."

When looking into this, initially I thought we could expose this on the ConnMetadata interface (*sshConn implements this), and additionally extend ssh.Client with a new GetConnMetadata() ConnMetadata function which returns the underlying *sshConn.

This would involve exposing the values stored in the server/client *kexInitMsg on up, possibly through new fields on *handshakeTransport as clientInitMsg *kexInitMsg and serverInitMsg *kexInitMsg.

Is this something that would be appropriate for a PR or are other implementation options preferred here?

@gopherbot gopherbot added this to the Proposal milestone Jun 7, 2021
@ianlancetaylor ianlancetaylor changed the title proposal: x/crypto/ssh expose client/sever supported algorithms proposal: x/crypto/ssh: expose client/sever supported algorithms Jun 7, 2021
@ianlancetaylor ianlancetaylor added the Proposal-Crypto label Jun 7, 2021
@ianlancetaylor ianlancetaylor added this to Incoming in Proposals Jun 7, 2021
@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Jun 7, 2021

CC @FiloSottile

@seankhliao
Copy link
Member

@seankhliao seankhliao commented Nov 2, 2021

I believe this can be closed as a duplicate of the declined #46232

@crazed
Copy link
Author

@crazed crazed commented Nov 2, 2021

I believe this can be closed as a duplicate of the declined #46232

This is not a duplicate, the referenced issue seems to be about the package as a whole supporting various algo types.

This issue is specifically about exposing what algorithms a client and server have negotiated as supporting during the connection setup process. Today there is no way to retrieve what was exposed by the client or server as acceptable options.

@seankhliao seankhliao reopened this Nov 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Proposal Proposal-Crypto
Projects
Proposals
Incoming
Development

No branches or pull requests

4 participants