This is an automated email from the ASF dual-hosted git repository. arm pushed a commit to branch ssh_security_config in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit a94451de13c388ede79b02449f0a5d2ea57267c6 Author: Alastair McFarlane <[email protected]> AuthorDate: Tue Feb 17 11:00:09 2026 +0000 #677 - Add explicit ciphers, kex and mac algorithms. --- atr/ssh.py | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/atr/ssh.py b/atr/ssh.py index b04031a7..46ab5b59 100644 --- a/atr/ssh.py +++ b/atr/ssh.py @@ -43,6 +43,36 @@ import atr.util as util _CONFIG: Final = config.get() +_APPROVED_CIPHERS: Final[list[str]] = [ + "[email protected]", + "[email protected]", + "[email protected]", + "aes256-ctr", + "aes192-ctr", + "aes128-ctr", +] + +_APPROVED_KEX: Final[list[str]] = [ + "rsa2048-sha256", + "curve25519-sha256", + "ecdh-sha2-nistp256", + "diffie-hellman-group16-sha512", +] + +_APPROVED_MACS: Final[list[str]] = [ + "[email protected]", + "[email protected]", + "[email protected]", + "hmac-sha2-256", + "hmac-sha2-512", + "hmac-sha1", + "[email protected]", + "[email protected]", + "[email protected]", + "[email protected]", + "[email protected]", +] + class RsyncArgsError(Exception): """Exception raised when the rsync arguments are invalid.""" @@ -178,6 +208,9 @@ async def server_start() -> asyncssh.SSHAcceptor: host=_CONFIG.SSH_HOST, port=_CONFIG.SSH_PORT, encoding=None, + encryption_algs=_APPROVED_CIPHERS, + kex_algs=_APPROVED_KEX, + mac_algs=_APPROVED_MACS, ) log.info(f"SSH server started on {_CONFIG.SSH_HOST}:{_CONFIG.SSH_PORT}") --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
