diff options
author | Kenneth Hsu <kennethhsu@gmail.com> | 2021-05-11 19:53:18 +0300 |
---|---|---|
committer | Kenneth Hsu <kennethhsu@gmail.com> | 2021-05-11 22:42:34 +0300 |
commit | 3e2103335bb825dfa212c0a05361631eb56996e3 (patch) | |
tree | 34c856a4d01039b6fbf223479e498f6450bb03ec /Duplicati/Library | |
parent | beaf03562fdcf4425e962085bdf7175d6a465f49 (diff) |
SSH: Avoid advertising support for ECDSA algorithms with Mono.
SSH.NET relies on the System.Security.Cryptography.ECDsaCng class for
ECDSA algorithms, which is not implemented in Mono (as of 6.12.0.144).
This prevents clients from connecting if one of the ECDSA algorithms is
chosen as the host key algorithm. In the event that this causes a
connection failure, we will prevent the client from advertising support
for ECDSA algorithms and make another connection attempt.
Related forum discussion:
https://forum.duplicati.com/t/release-2-0-6-1-beta-2021-sftp-failure-synology/12358
Diffstat (limited to 'Duplicati/Library')
-rw-r--r-- | Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs b/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs index 61241914d..1efb782d6 100644 --- a/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs +++ b/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs @@ -273,7 +273,7 @@ namespace Duplicati.Library.Backend if (m_con != null && !m_con.IsConnected)
{
- m_con.Connect();
+ this.TryConnect(m_con);
return;
}
@@ -328,11 +328,44 @@ namespace Duplicati.Library.Backend if (m_keepaliveinterval.Ticks != 0)
con.KeepAliveInterval = m_keepaliveinterval;
- con.Connect();
+ this.TryConnect(con);
m_con = con;
}
+ private void TryConnect(SftpClient client)
+ {
+ try
+ {
+ client.Connect();
+ }
+ catch (NotImplementedException)
+ {
+ // SSH.NET relies on the System.Security.Cryptography.ECDsaCng class for
+ // ECDSA algorithms, which is not implemented in Mono (as of 6.12.0.144).
+ // This prevents clients from connecting if one of the ECDSA algorithms is
+ // chosen as the host key algorithm. In the event that this causes a
+ // connection failure, we will prevent the client from advertising support
+ // for ECDSA algorithms and make another connection attempt.
+ //
+ // See https://github.com/mono/mono/blob/mono-6.12.0.144/mcs/class/referencesource/System.Core/System/Security/Cryptography/ECDsaCng.cs
+ if (Utility.Utility.IsMono)
+ {
+ IEnumerable<string> ecdsaKeys = client.ConnectionInfo.HostKeyAlgorithms.Keys.Where(x => x.StartsWith("ecdsa"));
+ foreach (string key in ecdsaKeys)
+ {
+ client.ConnectionInfo.HostKeyAlgorithms.Remove(key);
+ }
+
+ client.Connect();
+ }
+ else
+ {
+ throw;
+ }
+ }
+ }
+
private void ChangeDirectory(string path)
{
if (string.IsNullOrEmpty(path))
|