allow selecting ssh ciphers (fixes #645)

terminus-core/src/components/checkbox.component.scss

@@ -20,6 +20,10 @@
     flex-direction: row;
     align-items: center;
 
+    .off {
+        color: rgba(0, 0, 0, .5);
+    }
+
     .icon {
         position: relative;
         flex: none;

terminus-ssh/package.json

@@ -40,6 +40,7 @@
     "xkeychain": "^0.0.6"
   },
   "dependencies": {
-    "ssh2": "^0.8.2"
+    "ssh2": "^0.8.2",
+    "ssh2-streams": "^0.4.2"
   }
 }

terminus-ssh/src/api.ts

@@ -7,6 +7,13 @@ export interface LoginScript {
     optional?: boolean
 }
 
+export enum SSHAlgorithmType {
+    HMAC = 'hmac',
+    KEX = 'kex',
+    CIPHER = 'cipher',
+    HOSTKEY = 'serverHostKey'
+}
+
 export interface SSHConnection {
     name?: string
     host: string
@@ -19,6 +26,8 @@ export interface SSHConnection {
     keepaliveInterval?: number
     keepaliveCountMax?: number
     readyTimeout?: number
+
+    algorithms?: {[t: string]: string[]}
 }
 
 export class SSHSession extends BaseSession {

terminus-ssh/src/components/editConnectionModal.component.pug

@@ -86,6 +86,27 @@
                         [(ngModel)]='connection.readyTimeout', 
                     )
                     
+                .form-group
+                    label Ciphers
+                    div(*ngFor='let alg of supportedAlgorithms.cipher')
+                        checkbox([text]='alg', [(ngModel)]='algorithms.cipher[alg]')
+
+                .form-group
+                    label Key exchange
+                    div(*ngFor='let alg of supportedAlgorithms.kex')
+                        checkbox([text]='alg', [(ngModel)]='algorithms.kex[alg]')
+
+                .form-group
+                    label HMAC
+                    div(*ngFor='let alg of supportedAlgorithms.hmac')
+                        checkbox([text]='alg', [(ngModel)]='algorithms.hmac[alg]')
+
+                .form-group
+                    label Host key
+                    div(*ngFor='let alg of supportedAlgorithms.serverHostKey')
+                        checkbox([text]='alg', [(ngModel)]='algorithms.serverHostKey[alg]')
+
+
         ngb-tab(id='scripts')
             ng-template(ngbTabTitle)
                 | Login Scripts

terminus-ssh/src/components/editConnectionModal.component.ts

@@ -2,7 +2,8 @@ import { Component } from '@angular/core'
 import { NgbActiveModal } from '@ng-bootstrap/ng-bootstrap'
 import { ElectronService, HostAppService } from 'terminus-core'
 import { PasswordStorageService } from '../services/passwordStorage.service'
-import { SSHConnection, LoginScript } from '../api'
+import { SSHConnection, LoginScript, SSHAlgorithmType } from '../api'
+import { ALGORITHMS } from 'ssh2-streams/lib/constants'
 
 @Component({
     template: require('./editConnectionModal.component.pug'),
@@ -12,6 +13,10 @@ export class EditConnectionModalComponent {
     newScript: LoginScript
     hasSavedPassword: boolean
 
+    supportedAlgorithms: {[id: string]: string[]} = {}
+    defaultAlgorithms: {[id: string]: string[]} = {}
+    algorithms: {[id: string]: {[a: string]: boolean}} = {}
+
     constructor (
         private modalInstance: NgbActiveModal,
         private electron: ElectronService,
@@ -19,10 +24,41 @@ export class EditConnectionModalComponent {
         private passwordStorage: PasswordStorageService,
     ) {
         this.newScript = { expect: '', send: '' }
+
+        for (let k of Object.values(SSHAlgorithmType)) {
+            this.supportedAlgorithms[k] = ALGORITHMS[
+                {
+                    [SSHAlgorithmType.KEX]: 'SUPPORTED_KEX',
+                    [SSHAlgorithmType.HOSTKEY]: 'SUPPORTED_SERVER_HOST_KEY',
+                    [SSHAlgorithmType.CIPHER]: 'SUPPORTED_CIPHER',
+                    [SSHAlgorithmType.HMAC]: 'SUPPORTED_HMAC',
+                }[k]
+            ]
+            this.defaultAlgorithms[k] = ALGORITHMS[
+                {
+                    [SSHAlgorithmType.KEX]: 'KEX',
+                    [SSHAlgorithmType.HOSTKEY]: 'SERVER_HOST_KEY',
+                    [SSHAlgorithmType.CIPHER]: 'CIPHER',
+                    [SSHAlgorithmType.HMAC]: 'HMAC',
+                }[k]
+            ]
+        }
+        console.log(this)
     }
 
     async ngOnInit () {
         this.hasSavedPassword = !!(await this.passwordStorage.loadPassword(this.connection))
+        this.connection.algorithms = this.connection.algorithms || {}
+        for (let k of Object.values(SSHAlgorithmType)) {
+            if (!this.connection.algorithms[k]) {
+                this.connection.algorithms[k] = this.defaultAlgorithms[k]
+            }
+
+            this.algorithms[k] = {}
+            for (let alg of this.connection.algorithms[k]) {
+                this.algorithms[k][alg] = true
+            }
+        }
     }
 
     clearSavedPassword () {
@@ -43,6 +79,11 @@ export class EditConnectionModalComponent {
     }
 
     save () {
+        for (let k of Object.values(SSHAlgorithmType)) {
+            this.connection.algorithms[k] = Object.entries(this.algorithms[k])
+                .filter(([k, v]) => !!v)
+                .map(([k, v]) => k)
+        }
         this.modalInstance.close(this.connection)
     }
 

terminus-ssh/src/services/ssh.service.ts

@@ -164,6 +164,7 @@ export class SSHService {
                         return true
                     },
                     hostHash: 'sha256' as any,
+                    algorithms: session.connection.algorithms,
                 })
             } catch (e) {
                 this.toastr.error(e.message)

terminus-ssh/webpack.config.js

@@ -44,6 +44,7 @@ module.exports = {
   externals: [
     'fs',
     'node-ssh',
+    'ssh2-streams',
     'xkeychain',
     'wincredmgr',
     'path',