Thanks! ________________________________________ From: Jon Simons [[email protected]] Sent: Monday, January 4, 2016 4:51 PM To: Michael Ulmer Cc: [email protected] Subject: Re: Dynamically set session's SSH_OPTIONS_CIPHERS_C_S
On 1/4/16, 4:31 PM, Michael Ulmer wrote: > I've limited libssh's AES (in kex.c) to "aes256-ctr,aes192-ctr,aes128-ctr". > > In my ssh server implementation I create a server bind & session and want to > dynamically add "aes256-cbc,aes192-cbc,aes128-cbc". > > I figured I could call ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, > ciphers) > where ciphers is "aes256-cbc,aes192-cbc,aes128-cbc". The function call appears > ineffectual in allowing clients to connect with the new cipher spec--the > server > gives me the following: > > "no matching cipher found: > client aes256-cbc,aes192-cbc,aes128-cbc > server aes256-ctr,aes192-ctr,aes128-ctr" > > Is it possible to dynamically set a session's SSH_OPTIONS_CIPHERS_C_S? There is a proposed new function 'ssh_server_init_kex(ssh_session)' in this patch which I think will do what you want: https://red.libssh.org/issues/159#note-11 (also here: https://github.com/simonsj/libssh/commit/00a48e2ac2961455e2a464a12864c1d09d3b7262) -Jon !SIG:568b0592194811950318924!
