Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssh: Update PreferredKexAlgos based on golang.org/x/crypto/ssh #268

Merged
merged 3 commits into from
May 6, 2022
Merged

ssh: Update PreferredKexAlgos based on golang.org/x/crypto/ssh #268

merged 3 commits into from
May 6, 2022

Conversation

pjbgf
Copy link
Member

@pjbgf pjbgf commented May 6, 2022
edited
Loading

Aligns preferred algorithms with upstream golang.org/x/crypto/ssh, resulting in adding support to two new kex algorithms on PreferredKexAlgos:

  • curve25519-sha256
  • diffie-hellman-group14-sha256

Removes references to unused algorithms that are no longer recommended for use:

  • diffie-hellman-group1-sha1
  • diffie-hellman-group-exchange-sha1

This code does not seem to be called anywhere. An alternative change may be to simply removing it from the module so we don't need to update it going forwards.

Paulo Gomes added 2 commits May 6, 2022 10:30
ssh: remove sha1 kex algorithms not in use
6567897 
The previous implementation did not include these algorithms as
part of the preferred. Given that recommendations is for
both items not to be used due to security concerns, they
may as well be removed from here.

xref: https://tools.ietf.org/id/draft-ietf-curdle-ssh-kex-sha2-09.html
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
ssh: update PreferredKexAlgos based on golang.org/x/crypto/ssh
9dafb00 
Aligns preferred algorithms with upstream golang.org/x/crypto/ssh,
resulting in adding support to two new kex algorithms on PreferredKexAlgos:
- curve25519-sha256
- diffie-hellman-group14-sha256

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
@pjbgf pjbgf added this to the GA milestone May 6, 2022
@pjbgf pjbgf requested a review from hiddeco as a code owner May 6, 2022 09:42
@pjbgf
Copy link
Member Author

pjbgf commented May 6, 2022

@somtochiama are you aware of any place where this code is being used?

ssh: update dependencies
e67355f 
- golang.org/x/crypto to v0.0.0-20220427172511-eb4f295cb31f

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
@pjbgf pjbgf mentioned this pull request May 6, 2022
Closed
2 tasks
@somtochiama
Copy link
Member

@pjbgf I remember using for this pull request
source-controller#355 which was closed.
I am unsure if a similar pull request by @aryan9600 uses it.

@pjbgf
Copy link
Member Author

pjbgf commented May 6, 2022

@somtochiama thank you for the confirmation. It seems like this is not being used within the fluxcd org.

I will merge this PR, as if this is being used, the changes will be beneficial. However, we probably should start looking into decommissioning this code in the future if we don't find whether it is needed/used.

@pjbgf pjbgf merged commit d891f47 into fluxcd:main May 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hiddeco hiddeco hiddeco approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Maintainers' Focus
Status: Done
Milestone
GA
Development

Successfully merging this pull request may close these issues.
3 participants
@pjbgf @somtochiama @hiddeco