Added support for custom cryptographic policy values

Author: winromulus

src/ES.SFTP.Host/Configuration/Elements/GlobalConfiguration.cs

@@ -9,5 +9,10 @@ public class GlobalConfiguration
         public LoggingDefinition Logging { get; set; } = new LoggingDefinition();
         public HostKeysDefinition HostKeys { get; set; } = new HostKeysDefinition();
         public HooksDefinition Hooks { get; set; } = new HooksDefinition();
+
+        public string Ciphers { get; set; }
+        public string HostKeyAlgorithms { get; set; }
+        public string KexAlgorithms { get; set; }
+        public string MACs { get; set; }
     }
 }

src/ES.SFTP.Host/ES.SFTP.Host.csproj

@@ -17,11 +17,11 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Autofac.Extensions.DependencyInjection" Version="6.0.0" />
+    <PackageReference Include="Autofac.Extensions.DependencyInjection" Version="7.0.1" />
     <PackageReference Include="MediatR.Extensions.Microsoft.DependencyInjection" Version="8.1.0" />
-    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="3.1.6" />
+    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="3.1.8" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.10.8" />
-    <PackageReference Include="Serilog" Version="2.9.0" />
+    <PackageReference Include="Serilog" Version="2.10.0" />
     <PackageReference Include="Serilog.AspNetCore" Version="3.4.0" />
     <PackageReference Include="Serilog.Extensions.Hosting" Version="3.1.0" />
   </ItemGroup>

src/ES.SFTP.Host/SSH/Configuration/SSHConfiguration.cs

@@ -9,6 +9,11 @@ public class SSHConfiguration
 
         public List<string> AllowUsers { get; } = new List<string>();
 
+        public string Ciphers { get; set; }
+        public string HostKeyAlgorithms { get; set; }
+        public string KexAlgorithms { get; set; }
+        public string MACs { get; set; }
+
         public override string ToString()
         {
             var builder = new StringBuilder();
@@ -22,6 +27,12 @@ public override string ToString()
             builder.AppendLine("HostKey /etc/ssh/ssh_host_ed25519_key");
             builder.AppendLine("HostKey /etc/ssh/ssh_host_rsa_key");
             builder.AppendLine();
+            builder.AppendLine("# Cryptographic policy");
+            if (!string.IsNullOrWhiteSpace(Ciphers)) builder.AppendLine($"Ciphers {Ciphers}");
+            if (!string.IsNullOrWhiteSpace(HostKeyAlgorithms)) builder.AppendLine($"HostKeyAlgorithms {HostKeyAlgorithms}");
+            if (!string.IsNullOrWhiteSpace(KexAlgorithms)) builder.AppendLine($"KexAlgorithms {KexAlgorithms}");
+            if (!string.IsNullOrWhiteSpace(MACs)) builder.AppendLine($"MACs {MACs }");
+            builder.AppendLine();
             builder.AppendLine("# Disable DNS for fast connections");
             builder.AppendLine("UseDNS no");
             builder.AppendLine();

src/ES.SFTP.Host/SSH/SSHService.cs

@@ -62,7 +62,14 @@ private async Task UpdateConfiguration()
             var sftpConfig = await _mediator.Send(new SftpConfigurationRequest());
             _loggingIgnoreNoIdentificationString = sftpConfig.Global.Logging.IgnoreNoIdentificationString;
 
-            var sshdConfig = new SSHConfiguration();
+            var sshdConfig = new SSHConfiguration
+            {
+                Ciphers = sftpConfig.Global.Ciphers,
+                HostKeyAlgorithms = sftpConfig.Global.HostKeyAlgorithms,
+                KexAlgorithms = sftpConfig.Global.KexAlgorithms,
+                MACs = sftpConfig.Global.MACs,
+            };
+
             var exceptionalUsers = sftpConfig.Users.Where(s => s.Chroot != null).ToList();
 
             var standardDeclarations = new[]