From 1adcf5689048887cc05c0a600235249e606423d1 Mon Sep 17 00:00:00 2001 From: Gilbert Chen Date: Mon, 8 Jun 2020 11:24:20 -0400 Subject: [PATCH] Add an SFTP backend that supports more ciphers and kex algorithms. "sftpc://" supports all algorithms implemented in golang.org/x/crypto/ssh, especially including those weak ones that are excluded from the defaults. --- src/duplicacy_sftpstorage.go | 21 +++++++++++++++++---- src/duplicacy_storage.go | 4 ++-- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/src/duplicacy_sftpstorage.go b/src/duplicacy_sftpstorage.go index 06bcd50..5f741ee 100644 --- a/src/duplicacy_sftpstorage.go +++ b/src/duplicacy_sftpstorage.go @@ -43,10 +43,10 @@ func CreateSFTPStorageWithPassword(server string, port int, username string, sto return nil } - return CreateSFTPStorage(server, port, username, storageDir, minimumNesting, authMethods, hostKeyCallback, threads) + return CreateSFTPStorage(false, server, port, username, storageDir, minimumNesting, authMethods, hostKeyCallback, threads) } -func CreateSFTPStorage(server string, port int, username string, storageDir string, minimumNesting int, +func CreateSFTPStorage(compatibilityMode bool, server string, port int, username string, storageDir string, minimumNesting int, authMethods []ssh.AuthMethod, hostKeyCallback func(hostname string, remote net.Addr, key ssh.PublicKey) error, threads int) (storage *SFTPStorage, err error) { @@ -57,8 +57,21 @@ func CreateSFTPStorage(server string, port int, username string, storageDir stri HostKeyCallback: hostKeyCallback, } - if server == "sftp.hidrive.strato.com" { - sftpConfig.Ciphers = []string{"aes128-ctr", "aes256-ctr"} + if compatibilityMode { + sftpConfig.Ciphers = []string{ + "aes128-ctr", "aes192-ctr", "aes256-ctr", + "aes128-gcm@openssh.com", + "chacha20-poly1305@openssh.com", + "arcfour256", "arcfour128", "arcfour", + "aes128-cbc", + "3des-cbc", + } + sftpConfig.KeyExchanges = [] string { + "curve25519-sha256@libssh.org", + "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", + "diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1", + "diffie-hellman-group-exchange-sha1", "diffie-hellman-group-exchange-sha256", + } } serverAddress := fmt.Sprintf("%s:%d", server, port) diff --git a/src/duplicacy_storage.go b/src/duplicacy_storage.go index 33ed6c4..c060062 100644 --- a/src/duplicacy_storage.go +++ b/src/duplicacy_storage.go @@ -268,7 +268,7 @@ func CreateStorage(preference Preference, resetPassword bool, threads int) (stor if matched == nil { LOG_ERROR("STORAGE_CREATE", "Unrecognizable storage URL: %s", storageURL) return nil - } else if matched[1] == "sftp" { + } else if matched[1] == "sftp" || matched[1] == "sftpc" { server := matched[3] username := matched[2] storageDir := matched[5] @@ -440,7 +440,7 @@ func CreateStorage(preference Preference, resetPassword bool, threads int) (stor return checkHostKey(hostname, remote, key) } - sftpStorage, err := CreateSFTPStorage(server, port, username, storageDir, 2, authMethods, hostKeyChecker, threads) + sftpStorage, err := CreateSFTPStorage(matched[1] == "sftpc", server, port, username, storageDir, 2, authMethods, hostKeyChecker, threads) if err != nil { LOG_ERROR("STORAGE_CREATE", "Failed to load the SFTP storage at %s: %v", storageURL, err) return nil