diff --git a/ChangeLog.md b/ChangeLog.md index 35b723b7..22fd4e33 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,5 @@ +* [0.2.22](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.22) + * Add support for sntrup761x25519-sha512 KEX algorithm. * [0.2.21](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.21) * [#692](https://github.com/mwiede/jsch/pull/692) Update Deflate.java by @mjmst74. * [0.2.20](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.20) diff --git a/src/main/java/com/jcraft/jsch/JSch.java b/src/main/java/com/jcraft/jsch/JSch.java index b5d642d3..5124763c 100644 --- a/src/main/java/com/jcraft/jsch/JSch.java +++ b/src/main/java/com/jcraft/jsch/JSch.java @@ -102,6 +102,7 @@ public class JSch { config.put("curve25519-sha256", "com.jcraft.jsch.DH25519"); config.put("curve25519-sha256@libssh.org", "com.jcraft.jsch.DH25519"); config.put("curve448-sha512", "com.jcraft.jsch.DH448"); + config.put("sntrup761x25519-sha512", "com.jcraft.jsch.DH25519SNTRUP761"); config.put("sntrup761x25519-sha512@openssh.com", "com.jcraft.jsch.DH25519SNTRUP761"); config.put("sntrup761", "com.jcraft.jsch.bc.SNTRUP761"); @@ -243,7 +244,7 @@ public class JSch { Util.getSystemProperty("jsch.check_ciphers", "chacha20-poly1305@openssh.com")); config.put("CheckMacs", Util.getSystemProperty("jsch.check_macs", "")); config.put("CheckKexes", Util.getSystemProperty("jsch.check_kexes", - "sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512")); + "sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512")); config.put("CheckSignatures", Util.getSystemProperty("jsch.check_signatures", "ssh-ed25519,ssh-ed448")); config.put("FingerprintHash", Util.getSystemProperty("jsch.fingerprint_hash", "sha256")); diff --git a/src/test/java/com/jcraft/jsch/Algorithms4IT.java b/src/test/java/com/jcraft/jsch/Algorithms4IT.java index 4d01b5b7..2c22e863 100644 --- a/src/test/java/com/jcraft/jsch/Algorithms4IT.java +++ b/src/test/java/com/jcraft/jsch/Algorithms4IT.java @@ -57,11 +57,9 @@ public class Algorithms4IT { .withFileFromClasspath("ssh_host_ecdsa521_key.pub", "docker/ssh_host_ecdsa521_key.pub") .withFileFromClasspath("ssh_host_ed25519_key", "docker/ssh_host_ed25519_key") .withFileFromClasspath("ssh_host_ed25519_key.pub", "docker/ssh_host_ed25519_key.pub") - .withFileFromClasspath("ssh_host_dsa_key", "docker/ssh_host_dsa_key") - .withFileFromClasspath("ssh_host_dsa_key.pub", "docker/ssh_host_dsa_key.pub") - .withFileFromClasspath("sshd_config", "docker/sshd_config.openssh96") + .withFileFromClasspath("sshd_config", "docker/sshd_config.openssh99") .withFileFromClasspath("authorized_keys", "docker/authorized_keys") - .withFileFromClasspath("Dockerfile", "docker/Dockerfile.openssh96")) + .withFileFromClasspath("Dockerfile", "docker/Dockerfile.openssh99")) .withExposedPorts(22); @BeforeAll @@ -100,7 +98,7 @@ public static void afterAll() { } @ParameterizedTest - @ValueSource(strings = {"sntrup761x25519-sha512@openssh.com"}) + @ValueSource(strings = {"sntrup761x25519-sha512", "sntrup761x25519-sha512@openssh.com"}) public void testBCKEXs(String kex) throws Exception { JSch ssh = createRSAIdentity(); Session session = createSession(ssh); diff --git a/src/test/java/com/jcraft/jsch/StrictKexIT.java b/src/test/java/com/jcraft/jsch/StrictKexIT.java index a16f4974..3b860f25 100644 --- a/src/test/java/com/jcraft/jsch/StrictKexIT.java +++ b/src/test/java/com/jcraft/jsch/StrictKexIT.java @@ -58,11 +58,9 @@ public class StrictKexIT { .withFileFromClasspath("ssh_host_ecdsa521_key.pub", "docker/ssh_host_ecdsa521_key.pub") .withFileFromClasspath("ssh_host_ed25519_key", "docker/ssh_host_ed25519_key") .withFileFromClasspath("ssh_host_ed25519_key.pub", "docker/ssh_host_ed25519_key.pub") - .withFileFromClasspath("ssh_host_dsa_key", "docker/ssh_host_dsa_key") - .withFileFromClasspath("ssh_host_dsa_key.pub", "docker/ssh_host_dsa_key.pub") - .withFileFromClasspath("sshd_config", "docker/sshd_config.openssh96") + .withFileFromClasspath("sshd_config", "docker/sshd_config.openssh99") .withFileFromClasspath("authorized_keys", "docker/authorized_keys") - .withFileFromClasspath("Dockerfile", "docker/Dockerfile.openssh96")) + .withFileFromClasspath("Dockerfile", "docker/Dockerfile.openssh99")) .withExposedPorts(22); @BeforeAll diff --git a/src/test/resources/docker/Dockerfile.openssh96 b/src/test/resources/docker/Dockerfile.openssh99 similarity index 88% rename from src/test/resources/docker/Dockerfile.openssh96 rename to src/test/resources/docker/Dockerfile.openssh99 index 474c9282..db824a29 100644 --- a/src/test/resources/docker/Dockerfile.openssh96 +++ b/src/test/resources/docker/Dockerfile.openssh99 @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:edge RUN apk update && \ apk upgrade && \ apk add openssh && \ @@ -15,8 +15,6 @@ COPY ssh_host_ecdsa521_key /etc/ssh/ COPY ssh_host_ecdsa521_key.pub /etc/ssh/ COPY ssh_host_ed25519_key /etc/ssh/ COPY ssh_host_ed25519_key.pub /etc/ssh/ -COPY ssh_host_dsa_key /etc/ssh/ -COPY ssh_host_dsa_key.pub /etc/ssh/ COPY sshd_config /etc/ssh/ COPY authorized_keys /root/.ssh/ RUN chmod 600 /etc/ssh/ssh_*_key /root/.ssh/authorized_keys diff --git a/src/test/resources/docker/sshd_config.openssh96 b/src/test/resources/docker/sshd_config.openssh99 similarity index 67% rename from src/test/resources/docker/sshd_config.openssh96 rename to src/test/resources/docker/sshd_config.openssh99 index 12c4064f..7ab367af 100644 --- a/src/test/resources/docker/sshd_config.openssh96 +++ b/src/test/resources/docker/sshd_config.openssh99 @@ -3,7 +3,7 @@ HostbasedAuthentication no PasswordAuthentication no PubkeyAuthentication yes AuthenticationMethods publickey -PubkeyAcceptedAlgorithms ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss +PubkeyAcceptedAlgorithms ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa UseDNS no PrintMotd no PermitRootLogin yes @@ -13,9 +13,8 @@ HostKey /etc/ssh/ssh_host_ecdsa384_key HostKey /etc/ssh/ssh_host_ecdsa521_key HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key -KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 -HostKeyAlgorithms ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss +KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 +HostKeyAlgorithms ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-96-etm@openssh.com,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5,hmac-md5-96-etm@openssh.com,hmac-md5-96 LogLevel DEBUG3