Using SSH.NET with strong ciphers

2
votes

We have a project in our company in which we connect to a remote server using the library SSH.NET (2016.1.0). The connection we make is very simple, with the following code:

var sftpClient = new Renci.SshNet.SftpClient(host,port,user,password);

Then we perform operations such us look up for files, downloads and uploads.

Today we received an email from the server guys we connect to telling us that they will discontinue weak ciphers and I'm afraid it's not an area I have experience with.

According with their communication, their new SSH (SFTP) Standard will be:

Protocol Suite Standard Allowed Ciphers:

  • aes256-ctr
  • aes128-ctr

Allowed MACs:

  • hmac-sha-512
  • hmac-sha-256
  • hmac-sha1

Allowed KEX Ciphers:

  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group14-sha1

I have checked the website for the latest version of SSH.Net and they seem to support these (https://github.com/sshnet/SSH.NET/tree/2020.0.1).

Now, my question is how do I make a correct use of this library with the correct ciphers? I haven't found any example out there on how to specify these settings.

1
.netsshcryptography

1 Answers

1
votes

TL;DR you don't have to do anything to establish a connection as long as there is at least one algorithm in each category (Encryption, MAC, Key Exchange, ...) supported by both client and server.

Chapter 7 of RFC4253 describes the key exchange protocol for SSH 2.0:

Key exchange (kex) begins by each side sending name-lists of supported algorithms. Each side has a preferred algorithm in each category, and it is assumed that most implementations, at any given time, will use the same preferred algorithm. Each side MAY guess which algorithm the other side is using, and MAY send an initial key exchange packet according to the algorithm, if appropriate for the preferred method.

And chapter 6.3 has this to say:

The ciphers in each direction MUST run independently of each other. Implementations MUST allow the algorithm for each direction to be independently selected, if multiple algorithms are allowed by local policy. In practice however, it is RECOMMENDED that the same algorithm be used in both directions.

That means that the client and server separately select the algorithms for each category which the other one has to understand. The selected algorithms must be supported by both sides.

During the algorithm negotiation both lists are exchanged. Since the SSH.NET supports the algorithms of your server, those will be selected.

Some algorithms are better than others, but you cannot change the precedence in SSH.NET since the ConnectionInfo class uses Dictionarys to configure supported algorithms. A Dictionary has a non-deteministic ordering, but the SSH protocol selects those algorithms that are higher on the list.

You can change the Dictionary contents yourself before passing the ConnectionInfo to SftpClient though.