diff options
author | Kenneth Skovhede <kenneth@hexad.dk> | 2021-05-29 13:22:52 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-29 13:22:52 +0300 |
commit | 8ee90fdf641072b1ebb6a079de351755efd953bc (patch) | |
tree | 16d7985165d4b7e7b8b8cfb39fe05c36ad62ceae /Duplicati | |
parent | 2bcb0f511c31e340da731809603deac0ff10e5e7 (diff) | |
parent | a5fbee033536d54a937d7dbc7ff935efcbe10b7c (diff) |
Merge pull request #4506 from warwickmm/mono_ssh_avoid_ecdsa_algorithms
Avoid ECDSA algorithms when using SFTP with Mono
Diffstat (limited to 'Duplicati')
-rw-r--r-- | Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs b/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs index 61241914d..14bb5264a 100644 --- a/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs +++ b/Duplicati/Library/Backend/SSHv2/SSHv2Backend.cs @@ -28,6 +28,7 @@ using System; using System.Collections.Generic;
using System.Globalization;
using System.Linq;
+using System.Security.Cryptography;
using System.Threading;
using System.Threading.Tasks;
@@ -58,6 +59,28 @@ namespace Duplicati.Library.Backend private SftpClient m_con;
+ private static readonly bool supportsECDSA;
+
+ static SSHv2()
+ {
+ // SSH.NET relies on the System.Security.Cryptography.ECDsaCng class for
+ // ECDSA algorithms, which is not implemented in Mono (as of 6.12.0.144).
+ // This prevents clients from connecting if one of the ECDSA algorithms is
+ // chosen as the host key algorithm. In this case, we will prevent the
+ // client from advertising support for ECDSA algorithms.
+ //
+ // See https://github.com/mono/mono/blob/mono-6.12.0.144/mcs/class/referencesource/System.Core/System/Security/Cryptography/ECDsaCng.cs.
+ try
+ {
+ ECDsaCng unused = new ECDsaCng();
+ SSHv2.supportsECDSA = true;
+ }
+ catch
+ {
+ SSHv2.supportsECDSA = false;
+ }
+ }
+
public SSHv2()
{
}
@@ -273,7 +296,7 @@ namespace Duplicati.Library.Backend if (m_con != null && !m_con.IsConnected)
{
- m_con.Connect();
+ this.TryConnect(m_con);
return;
}
@@ -328,11 +351,25 @@ namespace Duplicati.Library.Backend if (m_keepaliveinterval.Ticks != 0)
con.KeepAliveInterval = m_keepaliveinterval;
- con.Connect();
+ this.TryConnect(con);
m_con = con;
}
+ private void TryConnect(SftpClient client)
+ {
+ if (!SSHv2.supportsECDSA)
+ {
+ List<string> ecdsaKeys = client.ConnectionInfo.HostKeyAlgorithms.Keys.Where(x => x.StartsWith("ecdsa")).ToList();
+ foreach (string key in ecdsaKeys)
+ {
+ client.ConnectionInfo.HostKeyAlgorithms.Remove(key);
+ }
+ }
+
+ client.Connect();
+ }
+
private void ChangeDirectory(string path)
{
if (string.IsNullOrEmpty(path))
|