Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cdt-dev] SSH2 security configuration for terminal and remote system

Hi Jonah, thank you for your prompt reply
I've just make the test with egit :

My test case is running through 2 server

1. my embedded linux device: we use CDT to develop and terminal and RSE to download and uplod file and give shell commands via ssh.
so  no git server could run in it

2. My security test setup: a bash script:
download https://github.com/jtesta/ssh-audit on my linux workingstation and run

ssh-audit.py --client-audit
it behave as a ssh server that will listen for client capabilities

as you suggested I've configured eclipse to import new project from git, pointing to the fake get server :

this is the result:
with egit all desired security cryptography for ssh2 is in place , but there are lots of obsolete (not secure) entries. I guess for interoperability reasons.
so I can say that with the egit settings all will work great
please refer to the  bug https://bugs.eclipse.org/bugs/show_bug.cgi?id=560571
for the complete logs of ssh-audit
I hope this could help


Il giorno mer 4 mag 2022 alle ore 01:08 Jonah Graham <jonah@xxxxxxxxxxxxxxxx> ha scritto:
Hi Alessandro,

I added a comment on the bug, but I include it hear for the wider audience:

Do you happen to have git running on that hardened machine and does egit connect fine to it? If so, the fact jgit/egit updated the SSH stack a while back (Bug 520927 Comment 60) would indicate that a solution is possible. I suspect terminal component (now part of CDT) needs to do the same if we want to support SSH natively.

Is there anyone interested on taking on that work (including the investigation to confirm if what I said above is true)?


~~~
Jonah Graham
Kichwa Coders
www.kichwacoders.com


On Tue, 3 May 2022 at 18:07, Alessandro Fardin <alef75@xxxxxxxxx> wrote:
I don't know if I'm missing some settings in the terminal or in eclipse, but I can't connect via terminal or remote system via ssh to a modern ssh server.

The problem is the eclipse ssh2 client that supports:
1. only one secure key exchange algorithms:
(kex) diffie-hellman-group-exchange-sha256

2. Zero secure host-key algorithms
3.Zero secure encryption algorithms (ciphers)
4.Zero secure message authentication code algorithms

and eclipse does not support modern and faster ed25519 host keys
for detail see 


 
Thank you in advance
Alessandro


_______________________________________________
cdt-dev mailing list
cdt-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cdt-dev
_______________________________________________
cdt-dev mailing list
cdt-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cdt-dev

Back to the top