Skip to content

Commit 04d3ff1

Browse files
norrisjeremynorrisjeremy
committed
Change default algorithms to match modern OpenSSH.
1 parent 29f2afc commit 04d3ff1

File tree

1 file changed

+7
-10
lines changed

1 file changed

+7
-10
lines changed

src/main/java/com/jcraft/jsch/JSch.java

+7-10
Original file line numberDiff line numberDiff line change
@@ -36,15 +36,12 @@ public class JSch{
3636

3737
static java.util.Hashtable config=new java.util.Hashtable();
3838
static{
39-
config.put("kex", "curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1");
40-
config.put("server_host_key", "rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521");
41-
config.put("cipher.s2c",
42-
"[email protected],aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,[email protected],aes256-ctr,aes256-cbc");
43-
config.put("cipher.c2s",
44-
"[email protected],aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,[email protected],aes256-ctr,aes256-cbc");
45-
46-
config.put("mac.s2c", "[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-96");
47-
config.put("mac.c2s", "[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-96");
39+
config.put("kex", "curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256");
40+
config.put("server_host_key", "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,rsa-sha2-512,ssh-rsa");
41+
config.put("cipher.s2c", "aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]");
42+
config.put("cipher.c2s", "aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]");
43+
config.put("mac.s2c", "[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1");
44+
config.put("mac.c2s", "[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1");
4845
config.put("compression.s2c", "none");
4946
config.put("compression.c2s", "none");
5047

@@ -144,7 +141,7 @@ public class JSch{
144141
config.put("HashKnownHosts", "no");
145142

146143
config.put("PreferredAuthentications", "gssapi-with-mic,publickey,keyboard-interactive,password");
147-
config.put("PubkeyAcceptedKeyTypes", "rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521");
144+
config.put("PubkeyAcceptedKeyTypes", "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,rsa-sha2-512,ssh-rsa");
148145

149146
config.put("CheckCiphers", "[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256");
150147
config.put("CheckMacs", "[email protected],[email protected],,hmac-sha2-256,hmac-sha2-512");

0 commit comments

Comments
 (0)