首页 文章

如何在ganymed-ssh2-build210.jar中禁用diffie-hellman-group1-sha1

提问于
浏览
0

在Java中,我们使用ganymed-ssh2-build210.jar通过ssh连接到服务器 . 我需要特别限制较弱的算法“diffie-hellman-group1-sha1” .

ganymed-ssh2-build210.jar中是否有可自定义的设置允许限制此设置?

是否有任何java.security设置可用于限制相同的设置?

java ssh diffie-hellman java-security ganymede

2 回答

  • 2

    如果您无法控制服务器而是客户端上的库 .

    以下可能是一种选择

    • 获取库的来源ganymed-ssh2-build210-sources.jar

    • 修改 ch/ethz/ssh2/transport/KexManager.java 不再支持 diffie-hellman-group1-sha1

    • 编译修改后的代码

    • 将修补的库创建为 ganymed-ssh2-build210_1.jar ,并将其与客户端应用程序一起使用

    edit 查找逐步说明以验证上述内容 .

    假设以下结构

    bin/
apache-sshd-1.6.0.tar.gz
ganymed-ssh2-build210.jar
ganymed-ssh2-build210-sources.jar
SshClientDemo.java
SshServerDemo.java

    SshServerDemo.java

    package sub.optimal;

import java.nio.file.Paths;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.kex.KeyExchange;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
import org.apache.sshd.server.scp.ScpCommandFactory;
import org.apache.sshd.server.shell.InteractiveProcessShellFactory;
import org.apache.sshd.server.shell.ProcessShellFactory;

public class SshServerDemo extends Thread {

    public static void main(String[] args) throws Exception {
        Logger.getGlobal().setLevel(Level.FINEST);
        SshServer sshd = SshServer.setUpDefaultServer();
        sshd.setPort(2222);
        sshd.setKeyPairProvider(
                new SimpleGeneratorHostKeyProvider(Paths.get("hostkey.ser"))
        );
        sshd.setShellFactory(InteractiveProcessShellFactory.INSTANCE);
        sshd.setCommandFactory(
                new ScpCommandFactory.Builder().withDelegate(
                        cmd -> new ProcessShellFactory(
                                GenericUtils.split(cmd, ' ')
                        ).create()
                ).build()
        );

        List<NamedFactory<KeyExchange>> keyExchangeFactories;
        keyExchangeFactories = sshd.getKeyExchangeFactories();
        keyExchangeFactories.removeIf(
                e -> !e.getName().equals("diffie-hellman-group1-sha1")
        );

        sshd.setKeyExchangeFactories(keyExchangeFactories);
        sshd.setPasswordAuthenticator(
                (username, password, session) -> username.equals(password)
        );

        sshd.start();
        Thread.sleep(Long.MAX_VALUE);
    }
}

    SshClientDemo.java

    package sub.optimal;

import ch.ethz.ssh2.Connection;
import ch.ethz.ssh2.Session;
import ch.ethz.ssh2.StreamGobbler;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;

public class SshClientDemo {

    public static void main(String[] args) throws Exception {
        Connection conn = new Connection("localhost", 2222);
        conn.connect();
        boolean isAuthenticated = conn.authenticateWithPassword("foo", "foo");
        Session sess = conn.openSession();
        System.out.println("session is authenticated: " + isAuthenticated);

        sess.execCommand("echo I'm there...");

        InputStream stdout = new StreamGobbler(sess.getStdout());
        BufferedReader br = new BufferedReader(new InputStreamReader(stdout));

        while (true) {
            String line = br.readLine();
            if (line == null) {
                break;
            }
            System.out.println(line);
        }

        sess.close();
        conn.close();
    }
}
    • 解压缩Apache服务器
    tar xzf apache-sshd-1.6.0.tar.gz
    • 编译演示类
    javac -cp "apache-sshd-1.6.0/lib/*" -d bin/ SshServerDemo.java
javac -cp ganymed-ssh2-build210.jar -d bin/ SshClientDemo.java
    • 摘录 KexManager.java
    jar vxf ganymed-ssh2-build210-sources.jar \
    ch/ethz/ssh2/transport/KexManager.java
    • 修改文件 KexManager.java
    public static final String[] getDefaultKexAlgorithmList() {
    return new String[] { 
        "diffie-hellman-group-exchange-sha1", 
        "diffie-hellman-group14-sha1"// ,
        // "diffie-hellman-group1-sha1"
    };
}
...
public static final void checkKexAlgorithmList(String[] algos)
    ...
    if ("diffie-hellman-group14-sha1".equals(algos[i]))
        continue;

    // if ("diffie-hellman-group1-sha1".equals(algos[i]))
    //    continue;
    ...
    • 编译打补丁 KexManager.java
    javac -cp ganymed-ssh2-build210.jar ch/ethz/ssh2/transport/KexManager.java
    • 创建一个修补过的库
    cp ganymed-ssh2-build210.jar ganymed-ssh2-build210-patched.jar
jar vuf ganymed-ssh2-build210-patched.jar \
    ch/ethz/ssh2/transport/KexManager.class

    in command line session ONE

    • 启动服务器
    java -cp "bin/:apache-sshd-1.6.0/lib/*" sub.optimal.SshServerDemo

    in command line session TWO

    • 首先检查服务器支持的密钥交换算法
    ssh -vv foo@localhost -p 2222

    在输出中仅报告 diffie-hellman-group1-sha1

    debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group1-sha1
    • 使用 un-patched 库运行客户端
    java -cp bin/:ganymed-ssh2-build210.jar sub.optimal.SshClientDemo

    产量

    session is authenticated: true
I'm there...
    • 使用 patched 库运行客户端
    java -cp bin/:ganymed-ssh2-build210-patched.jar sub.optimal.SshClientDemo

    产量

    Caused by: java.io.IOException: Cannot negotiate, proposals do not match.

    在服务器日志上

    Unable to negotiate key exchange for kex algorithms \
   (client: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 \
   / server: diffie-hellman-group1-sha1)

    这证明了带有 patched 库的SshClientDemo无法使用密钥交换算法 diffie-hellman-group1-sha1 连接到服务器(PoC仅支持此服务器) .

    回复于
  • 1

    您希望在服务器上而不是在客户端中更改允许的密码,否则任何人都可以轻松绕过此密码 .

    检查答案:https://unix.stackexchange.com/questions/333728/ssh-how-to-disable-weak-ciphers

    回复于

相关问题