haskal
/
vagrant
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #8661 from briancain/6640/master/use-cipher-list-for-ssh-communicator 

Use default cipher list for ssh communicator
This commit is contained in:
Brian Cain 2017-06-12 09:39:20 -07:00 committed by GitHub
parent 2159957247 7a97f0a53e
commit 6f21a19649
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/communicators/ssh/communicator.rb
View File

@ -348,6 +348,14 @@ module VagrantPlugins
auth_methods << "publickey" if ssh_info[:private_key_path]
auth_methods << "password" if ssh_info[:password]
# yanked directly from ruby's Net::SSH, but with `none` last
# TODO: Remove this once Vagrant has updated its dependency on Net:SSH
# to be > 4.1.0, which should include this fix.
cipher_array = Net::SSH::Transport::Algorithms::ALGORITHMS[:encryption].dup
if cipher_array.delete("none")
cipher_array.push("none")
end
# Build the options we'll use to initiate the connection via Net::SSH
common_connect_opts = {
auth_methods: auth_methods,
@ -361,6 +369,7 @@ module VagrantPlugins
timeout: 15,
user_known_hosts_file: [],
verbose: :debug,
encryption: cipher_array,
}
# Connect to SSH, giving it a few tries

14
test/unit/plugins/communicators/ssh/communicator_test.rb
View File

@ -396,6 +396,20 @@ describe VagrantPlugins::CommunicatorSSH::Communicator do
).and_return(true)
communicator.send(:connect)
end
it "includes the default cipher array for encryption" do
cipher_array = %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
idea-cbc arcfour128 arcfour256 arcfour
aes128-ctr aes192-ctr aes256-ctr
cast128-ctr blowfish-ctr 3des-ctr none)
expect(Net::SSH).to receive(:start).with(
nil, nil, hash_including(
encryption: cipher_array
)
).and_return(true)
communicator.send(:connect)
end
end
context "with keys_only disabled and paranoid enabled" do