Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build in ssh server ignore restricting macs settings #14518

Closed
1 of 4 tasks
morph027 opened this issue Jan 29, 2021 · 3 comments · Fixed by #14523
Closed
1 of 4 tasks

build in ssh server ignore restricting macs settings #14518

morph027 opened this issue Jan 29, 2021 · 3 comments · Fixed by #14523
Labels
type/bug

Comments

@morph027
Copy link

  • Gitea version (or commit ref): 1.13.1
  • Git version: 1:2.17.1-1ubuntu0.7
  • Operating system:
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.4 LTS
Release:	18.04
Codename:	bionic

Package download from https://dl.gitea.io/gitea/ and running via systemd

  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite

Description

Setting SSH_SERVER_MACS seems to be ignored.

app.ini contains SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256 but ssh -Q mac gitea@<gitea-host> still lists all:

ssh -Q mac gitea@...
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com
@lunny
Copy link
Member

lunny commented Jan 29, 2021

It only affects builtin SSH server.

@lunny lunny added the issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail label Jan 29, 2021
@morph027
Copy link
Author

Yes, sorry, forgot that.

@lunny lunny closed this as completed Jan 29, 2021
@6543 6543 changed the title SSH_SERVER_MACS not restricting macs build in ssh server ignore restricting macs settings Jan 29, 2021
@6543 6543 reopened this Jan 29, 2021
@6543 6543 added type/bug and removed issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail labels Jan 29, 2021
@6543 6543 mentioned this issue Jan 29, 2021
Merged
root360-StefanHeitmueller added a commit to root360/gitea that referenced this issue Jan 29, 2021
@root360-StefanHeitmueller
configure internal ssh server w/ macs and ciphers, refs go-gitea#14518
cfa7d4c
@morph027
Copy link
Author

Gnarf, some browser crossaccount foo....created this issue w/ my personal account, added the PR w/ my company account ...

@go-gitea go-gitea locked and limited conversation to collaborators Mar 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Internal ssh server respect Ciphers, MACs and KeyExchanges settings root360/gitea
3 participants
@lunny @morph027 @6543