如何在ganymed-ssh2-build210.jar中禁用diffie-hellman-group1-sha1

Question

在Java中，我们使用ganymed-ssh2-build210.jar通过ssh连接到服务器。我需要特别限制较弱的算法“diffie-hellman-group1-sha1”。

ganymed-ssh2-build210.jar中有任何可自定义的设置允许限制吗？

是否有可用于限制相同的java.security设置？

Answer 1

如果您无法控制服务器而是控制客户端上的库。

以下可能是一个选项

• 获取库ganymed-ssh2-build210-sources.jar
的来源
• 修改ch/ethz/ssh2/transport/KexManager.java不再支持diffie-hellman-group1-sha1
• 编译修改后的代码
• 将修补后的库创建为ganymed-ssh2-build210_1.jar，并将其与客户端应用程序一起使用

编辑查找逐步说明以验证上述内容。

假设以下结构

bin/
apache-sshd-1.6.0.tar.gz
ganymed-ssh2-build210.jar
ganymed-ssh2-build210-sources.jar
SshClientDemo.java
SshServerDemo.java

• 下载档案
  choose a mirror for apache-sshd-1.6.0.tar.gz
  ganymed-ssh2-build210.jar
  ganymed-ssh2-build210-sources.jar

<强> SshServerDemo.java

package sub.optimal;

import java.nio.file.Paths;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.kex.KeyExchange;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
import org.apache.sshd.server.scp.ScpCommandFactory;
import org.apache.sshd.server.shell.InteractiveProcessShellFactory;
import org.apache.sshd.server.shell.ProcessShellFactory;

public class SshServerDemo extends Thread {

    public static void main(String[] args) throws Exception {
        Logger.getGlobal().setLevel(Level.FINEST);
        SshServer sshd = SshServer.setUpDefaultServer();
        sshd.setPort(2222);
        sshd.setKeyPairProvider(
                new SimpleGeneratorHostKeyProvider(Paths.get("hostkey.ser"))
        );
        sshd.setShellFactory(InteractiveProcessShellFactory.INSTANCE);
        sshd.setCommandFactory(
                new ScpCommandFactory.Builder().withDelegate(
                        cmd -> new ProcessShellFactory(
                                GenericUtils.split(cmd, ' ')
                        ).create()
                ).build()
        );

        List<NamedFactory<KeyExchange>> keyExchangeFactories;
        keyExchangeFactories = sshd.getKeyExchangeFactories();
        keyExchangeFactories.removeIf(
                e -> !e.getName().equals("diffie-hellman-group1-sha1")
        );

        sshd.setKeyExchangeFactories(keyExchangeFactories);
        sshd.setPasswordAuthenticator(
                (username, password, session) -> username.equals(password)
        );

        sshd.start();
        Thread.sleep(Long.MAX_VALUE);
    }
}

<强> SshClientDemo.java

package sub.optimal;

import ch.ethz.ssh2.Connection;
import ch.ethz.ssh2.Session;
import ch.ethz.ssh2.StreamGobbler;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;

public class SshClientDemo {

    public static void main(String[] args) throws Exception {
        Connection conn = new Connection("localhost", 2222);
        conn.connect();
        boolean isAuthenticated = conn.authenticateWithPassword("foo", "foo");
        Session sess = conn.openSession();
        System.out.println("session is authenticated: " + isAuthenticated);

        sess.execCommand("echo I'm there...");

        InputStream stdout = new StreamGobbler(sess.getStdout());
        BufferedReader br = new BufferedReader(new InputStreamReader(stdout));

        while (true) {
            String line = br.readLine();
            if (line == null) {
                break;
            }
            System.out.println(line);
        }

        sess.close();
        conn.close();
    }
}

• 解压Apache服务器

  tar xzf apache-sshd-1.6.0.tar.gz
  

• 编译演示类

  javac -cp "apache-sshd-1.6.0/lib/*" -d bin/ SshServerDemo.java
  javac -cp ganymed-ssh2-build210.jar -d bin/ SshClientDemo.java
  

• 提取KexManager.java

  jar vxf ganymed-ssh2-build210-sources.jar \
      ch/ethz/ssh2/transport/KexManager.java
  

• 修改文件KexManager.java

  public static final String[] getDefaultKexAlgorithmList() {
      return new String[] { 
          "diffie-hellman-group-exchange-sha1", 
          "diffie-hellman-group14-sha1"// ,
          // "diffie-hellman-group1-sha1"
      };
  }
  ...
  public static final void checkKexAlgorithmList(String[] algos)
      ...
      if ("diffie-hellman-group14-sha1".equals(algos[i]))
          continue;
  
      // if ("diffie-hellman-group1-sha1".equals(algos[i]))
      //    continue;
      ...
  

• 编译已修补的KexManager.java

  javac -cp ganymed-ssh2-build210.jar ch/ethz/ssh2/transport/KexManager.java
  

• 创建修补库

  cp ganymed-ssh2-build210.jar ganymed-ssh2-build210-patched.jar
  jar vuf ganymed-ssh2-build210-patched.jar \
      ch/ethz/ssh2/transport/KexManager.class 
  

在命令行会话ONE

• 启动服务器

  java -cp "bin/:apache-sshd-1.6.0/lib/*" sub.optimal.SshServerDemo
  

在命令行会话TWO

• 首先检查服务器支持的密钥交换算法

  ssh -vv foo@localhost -p 2222
  

  在输出中仅报告diffie-hellman-group1-sha1

  debug2: peer server KEXINIT proposal
  debug2: KEX algorithms: diffie-hellman-group1-sha1
  

• 使用未修补的库

  运行客户端

  java -cp bin/:ganymed-ssh2-build210.jar sub.optimal.SshClientDemo
  

  输出

  session is authenticated: true
  I'm there...
  

• 使用修补库

  运行客户端

  java -cp bin/:ganymed-ssh2-build210-patched.jar sub.optimal.SshClientDemo
  

  输出

  Caused by: java.io.IOException: Cannot negotiate, proposals do not match.
  

  在服务器日志

  上

  Unable to negotiate key exchange for kex algorithms \
     (client: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 \
     / server: diffie-hellman-group1-sha1)
  

这证明带有 patched 库的SshClientDemo无法使用密钥交换算法diffie-hellman-group1-sha1连接到服务器（PoC仅支持此服务器）。

Answer 2

您希望在服务器上而不是在客户端中更改允许的密码，否则任何人都可以轻松地绕过此密码。

检查答案：https://unix.stackexchange.com/questions/333728/ssh-how-to-disable-weak-ciphers