diff --git a/go.mod b/go.mod index 988d3faa..54c1f5ba 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/drakkan/sftpgo/v2 go 1.24.0 require ( - cloud.google.com/go/storage v1.53.0 + cloud.google.com/go/storage v1.54.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.1 github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 @@ -46,7 +46,7 @@ require ( github.com/otiai10/copy v1.14.1 github.com/pires/go-proxyproto v0.8.1 github.com/pkg/sftp v1.13.9 - github.com/pquerna/otp v1.4.0 + github.com/pquerna/otp v1.5.0 github.com/prometheus/client_golang v1.22.0 github.com/robfig/cron/v3 v3.0.1 github.com/rs/cors v1.11.1 @@ -73,14 +73,14 @@ require ( golang.org/x/sys v0.33.0 golang.org/x/term v0.32.0 golang.org/x/time v0.11.0 - google.golang.org/api v0.230.0 + google.golang.org/api v0.233.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 ) require ( cel.dev/expr v0.20.0 // indirect - cloud.google.com/go v0.120.1 // indirect - cloud.google.com/go/auth v0.16.0 // indirect + cloud.google.com/go v0.121.0 // indirect + cloud.google.com/go/auth v0.16.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect cloud.google.com/go/iam v1.5.2 // indirect @@ -185,8 +185,8 @@ require ( golang.org/x/tools v0.30.0 // indirect golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250425173222-7b384671a197 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250425173222-7b384671a197 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2 // indirect google.golang.org/grpc v1.72.0 // indirect google.golang.org/protobuf v1.36.6 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect @@ -196,5 +196,5 @@ replace ( github.com/fclairamb/ftpserverlib => github.com/drakkan/ftpserverlib v0.0.0-20250204143431-e069fad14727 github.com/jlaffaye/ftp => github.com/drakkan/ftp v0.0.0-20240430173938-7ba8270c8e7f github.com/robfig/cron/v3 => github.com/drakkan/cron/v3 v3.0.0-20230222140221-217a1e4d96c0 - golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20250510170853-366a3d73566c + golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20250519172030-81fc30e518eb ) diff --git a/go.sum b/go.sum index 2ebd6b38..60b3be4a 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,10 @@ cel.dev/expr v0.20.0 h1:OunBvVCfvpWlt4dN7zg3FM6TDkzOePe1+foGJ9AXeeI= cel.dev/expr v0.20.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.120.1 h1:Z+5V7yd383+9617XDCyszmK5E4wJRJL+tquMfDj9hLM= -cloud.google.com/go v0.120.1/go.mod h1:56Vs7sf/i2jYM6ZL9NYlC82r04PThNcPS5YgFmb0rp8= -cloud.google.com/go/auth v0.16.0 h1:Pd8P1s9WkcrBE2n/PhAwKsdrR35V3Sg2II9B+ndM3CU= -cloud.google.com/go/auth v0.16.0/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI= +cloud.google.com/go v0.121.0 h1:pgfwva8nGw7vivjZiRfrmglGWiCJBP+0OmDpenG/Fwg= +cloud.google.com/go v0.121.0/go.mod h1:rS7Kytwheu/y9buoDmu5EIpMMCI4Mb8ND4aeN4Vwj7Q= +cloud.google.com/go/auth v0.16.1 h1:XrXauHMd30LhQYVRHLGvJiYeczweKQXZxsTbV9TiguU= +cloud.google.com/go/auth v0.16.1/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= @@ -19,8 +19,8 @@ cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFs cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY= cloud.google.com/go/monitoring v1.24.0 h1:csSKiCJ+WVRgNkRzzz3BPoGjFhjPY23ZTcaenToJxMM= cloud.google.com/go/monitoring v1.24.0/go.mod h1:Bd1PRK5bmQBQNnuGwHBfUamAV1ys9049oEPHnn4pcsc= -cloud.google.com/go/storage v1.53.0 h1:gg0ERZwL17pJ+Cz3cD2qS60w1WMDnwcm5YPAIQBHUAw= -cloud.google.com/go/storage v1.53.0/go.mod h1:7/eO2a/srr9ImZW9k5uufcNahT2+fPb8w5it1i5boaA= +cloud.google.com/go/storage v1.54.0 h1:Du3XEyliAiftfyW0bwfdppm2MMLdpVAfiIg4T2nAI+0= +cloud.google.com/go/storage v1.54.0/go.mod h1:hIi9Boe8cHxTyaeqh7KMMwKg088VblFK46C2x/BWaZE= cloud.google.com/go/trace v1.11.3 h1:c+I4YFjxRQjvAhRmSsmjpASUKq88chOX854ied0K/pE= cloud.google.com/go/trace v1.11.3/go.mod h1:pt7zCYiDSQjC9Y2oqCsh9jF4GStB/hmjrYLsxRR27q8= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= @@ -131,8 +131,8 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvw github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40= github.com/drakkan/cron/v3 v3.0.0-20230222140221-217a1e4d96c0 h1:EW9gIJRmt9lzk66Fhh4S8VEtURA6QHZqGeSRE9Nb2/U= github.com/drakkan/cron/v3 v3.0.0-20230222140221-217a1e4d96c0/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= -github.com/drakkan/crypto v0.0.0-20250510170853-366a3d73566c h1:Y8MkbT83Mrc49yDQZPRfZszcN/dBrVL0322q48KY/WE= -github.com/drakkan/crypto v0.0.0-20250510170853-366a3d73566c/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= +github.com/drakkan/crypto v0.0.0-20250519172030-81fc30e518eb h1:fcg5+Uq2Zpl8x8MNxlW5Yj7hV+po+46YxnE+D475310= +github.com/drakkan/crypto v0.0.0-20250519172030-81fc30e518eb/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= github.com/drakkan/ftp v0.0.0-20240430173938-7ba8270c8e7f h1:S9JUlrOzjK58UKoLqqb40YLyVlt0bcIFtYrvnanV3zc= github.com/drakkan/ftp v0.0.0-20240430173938-7ba8270c8e7f/go.mod h1:4p8lUl4vQ80L598CygL+3IFtm+3nggvvW/palOlViwE= github.com/drakkan/ftpserverlib v0.0.0-20250204143431-e069fad14727 h1:OwxAvQejxuEYFtuXcOxuepEjt6VPLEQ3zK+5k9p4M60= @@ -334,8 +334,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU= github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= -github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg= -github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs= +github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= @@ -546,8 +546,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhSt0ABwskkZKjD3bXGnZGpNY= golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= -google.golang.org/api v0.230.0 h1:2u1hni3E+UXAXrONrrkfWpi/V6cyKVAbfGVeGtC3OxM= -google.golang.org/api v0.230.0/go.mod h1:aqvtoMk7YkiXx+6U12arQFExiRV9D/ekvMCwCd/TksQ= +google.golang.org/api v0.233.0 h1:iGZfjXAJiUFSSaekVB7LzXl6tRfEKhUN7FkZN++07tI= +google.golang.org/api v0.233.0/go.mod h1:TCIVLLlcwunlMpZIhIp7Ltk77W+vUSdUKAAIlbxY44c= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -555,10 +555,10 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb h1:ITgPrl429bc6+2ZraNSzMDk3I95nmQln2fuPstKwFDE= google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:sAo5UzpjUwgFBCzupwhcLcxHVDK7vG5IqI30YnwX2eE= -google.golang.org/genproto/googleapis/api v0.0.0-20250425173222-7b384671a197 h1:9DuBh3k1jUho2DHdxH+kbJwthIAq02vGvZNrD2ggF+Y= -google.golang.org/genproto/googleapis/api v0.0.0-20250425173222-7b384671a197/go.mod h1:Cd8IzgPo5Akum2c9R6FsXNaZbH3Jpa2gpHlW89FqlyQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250425173222-7b384671a197 h1:29cjnHVylHwTzH66WfFZqgSQgnxzvWE+jvBwpZCLRxY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250425173222-7b384671a197/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2 h1:vPV0tzlsK6EzEDHNNH5sa7Hs9bd7iXR7B1tSiPepkV0= +google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:pKLAc5OolXC3ViWGI62vvC0n10CpwAtRcTNCFwTKBEw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2 h1:IqsN8hx+lWLqlN+Sc3DoMy/watjofWiU8sRFgQ8fhKM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= diff --git a/internal/dataprovider/configs.go b/internal/dataprovider/configs.go index a68abf72..db80dac9 100644 --- a/internal/dataprovider/configs.go +++ b/internal/dataprovider/configs.go @@ -28,7 +28,7 @@ import ( // Supported values for host keys, KEXs, ciphers, MACs var ( supportedHostKeyAlgos = []string{ssh.KeyAlgoRSA} - supportedPublicKeyAlgos = []string{ssh.KeyAlgoRSA, ssh.InsecureKeyAlgoDSA} + supportedPublicKeyAlgos = []string{ssh.KeyAlgoRSA, ssh.InsecureKeyAlgoDSA} //nolint:staticcheck supportedKexAlgos = []string{ ssh.KeyExchangeDH16SHA512, ssh.InsecureKeyExchangeDH14SHA1, ssh.InsecureKeyExchangeDH1SHA1, ssh.InsecureKeyExchangeDHGEXSHA1, @@ -39,7 +39,7 @@ var ( } supportedMACs = []string{ ssh.HMACSHA512ETM, ssh.HMACSHA512, - ssh.InsecureHMACSHA1, ssh.InsecureHMACSHA196, + ssh.HMACSHA1, ssh.InsecureHMACSHA196, } ) diff --git a/internal/dataprovider/dataprovider.go b/internal/dataprovider/dataprovider.go index d51a59fb..f48b0ee1 100644 --- a/internal/dataprovider/dataprovider.go +++ b/internal/dataprovider/dataprovider.go @@ -2869,7 +2869,7 @@ func validatePublicKeys(user *User) error { util.I18nErrorPubKeyInvalid, ) } - if out.Type() == ssh.InsecureKeyAlgoDSA { + if out.Type() == ssh.InsecureKeyAlgoDSA { //nolint:staticcheck providerLog(logger.LevelError, "dsa public key not accepted, position: %d", idx) return util.NewI18nError( util.NewValidationError(fmt.Sprintf("DSA key format is insecure and it is not allowed for key at position %d", idx)), diff --git a/internal/httpd/httpd_test.go b/internal/httpd/httpd_test.go index 0cc8a3a7..5e430352 100644 --- a/internal/httpd/httpd_test.go +++ b/internal/httpd/httpd_test.go @@ -8305,7 +8305,7 @@ func TestLoaddata(t *testing.T) { configs := dataprovider.Configs{ SFTPD: &dataprovider.SFTPDConfigs{ HostKeyAlgos: []string{ssh.KeyAlgoRSA, ssh.CertAlgoRSAv01}, - PublicKeyAlgos: []string{ssh.InsecureKeyAlgoDSA}, + PublicKeyAlgos: []string{ssh.InsecureKeyAlgoDSA}, //nolint:staticcheck }, SMTP: &dataprovider.SMTPConfigs{ Host: "mail.example.com", @@ -8372,7 +8372,7 @@ func TestLoaddata(t *testing.T) { assert.NoError(t, err) assert.Equal(t, configs.SMTP, configsGet.SMTP) assert.Equal(t, []string{ssh.KeyAlgoRSA}, configsGet.SFTPD.HostKeyAlgos) - assert.Equal(t, []string{ssh.InsecureKeyAlgoDSA}, configsGet.SFTPD.PublicKeyAlgos) + assert.Equal(t, []string{ssh.InsecureKeyAlgoDSA}, configsGet.SFTPD.PublicKeyAlgos) //nolint:staticcheck assert.Len(t, configsGet.SFTPD.KexAlgorithms, 0) assert.Len(t, configsGet.SFTPD.Ciphers, 0) assert.Len(t, configsGet.SFTPD.MACs, 0) @@ -8719,7 +8719,7 @@ func TestLoaddataMode(t *testing.T) { entry, _, err = httpdtest.UpdateIPListEntry(entry, http.StatusOK) assert.NoError(t, err) - configs.SFTPD.PublicKeyAlgos = append(configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) + configs.SFTPD.PublicKeyAlgos = append(configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) //nolint:staticcheck err = dataprovider.UpdateConfigs(&configs, "", "", "") assert.NoError(t, err) backupData.Configs = &configs @@ -13300,8 +13300,8 @@ func TestWebConfigsMock(t *testing.T) { checkResponseCode(t, http.StatusBadRequest, rr) // save SFTP configs form.Set("sftp_host_key_algos", ssh.KeyAlgoRSA) - form.Add("sftp_host_key_algos", ssh.InsecureCertAlgoDSAv01) - form.Set("sftp_pub_key_algos", ssh.InsecureKeyAlgoDSA) + form.Add("sftp_host_key_algos", ssh.InsecureCertAlgoDSAv01) //nolint:staticcheck + form.Set("sftp_pub_key_algos", ssh.InsecureKeyAlgoDSA) //nolint:staticcheck form.Set("form_action", "sftp_submit") req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode()))) assert.NoError(t, err) @@ -13312,7 +13312,7 @@ func TestWebConfigsMock(t *testing.T) { assert.Contains(t, rr.Body.String(), util.I18nError500Message) // invalid algo form.Set("sftp_host_key_algos", ssh.KeyAlgoRSA) form.Add("sftp_host_key_algos", ssh.CertAlgoRSAv01) - form.Set("sftp_pub_key_algos", ssh.InsecureKeyAlgoDSA) + form.Set("sftp_pub_key_algos", ssh.InsecureKeyAlgoDSA) //nolint:staticcheck form.Set("sftp_kex_algos", "diffie-hellman-group18-sha512") form.Add("sftp_kex_algos", ssh.KeyExchangeDH16SHA512) req, err = http.NewRequest(http.MethodPost, webConfigsPath, bytes.NewBuffer([]byte(form.Encode()))) @@ -13328,7 +13328,7 @@ func TestWebConfigsMock(t *testing.T) { assert.Len(t, configs.SFTPD.HostKeyAlgos, 1) assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA) assert.Len(t, configs.SFTPD.PublicKeyAlgos, 1) - assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) + assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) //nolint:staticcheck assert.Len(t, configs.SFTPD.KexAlgorithms, 1) assert.Contains(t, configs.SFTPD.KexAlgorithms, ssh.KeyExchangeDH16SHA512) // invalid form action @@ -13375,7 +13375,7 @@ func TestWebConfigsMock(t *testing.T) { assert.Len(t, configs.SFTPD.HostKeyAlgos, 1) assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA) assert.Len(t, configs.SFTPD.PublicKeyAlgos, 1) - assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) + assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) //nolint:staticcheck assert.Equal(t, "mail.example.net", configs.SMTP.Host) assert.Equal(t, 587, configs.SMTP.Port) assert.Equal(t, "Example ", configs.SMTP.From) @@ -13446,7 +13446,7 @@ func TestWebConfigsMock(t *testing.T) { assert.Len(t, configs.SFTPD.HostKeyAlgos, 1) assert.Contains(t, configs.SFTPD.HostKeyAlgos, ssh.KeyAlgoRSA) assert.Len(t, configs.SFTPD.PublicKeyAlgos, 1) - assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) + assert.Contains(t, configs.SFTPD.PublicKeyAlgos, ssh.InsecureKeyAlgoDSA) //nolint:staticcheck assert.Equal(t, 80, configs.ACME.HTTP01Challenge.Port) assert.Equal(t, 7, configs.ACME.Protocols) assert.Empty(t, configs.ACME.Domain) diff --git a/internal/sftpd/internal_test.go b/internal/sftpd/internal_test.go index 9934fcdd..bb3b016e 100644 --- a/internal/sftpd/internal_test.go +++ b/internal/sftpd/internal_test.go @@ -1853,7 +1853,7 @@ func TestConfigsFromProvider(t *testing.T) { KexAlgorithms: []string{ssh.InsecureKeyExchangeDHGEXSHA1}, Ciphers: []string{ssh.InsecureCipherAES128CBC, ssh.InsecureCipherAES192CBC, ssh.InsecureCipherAES256CBC}, MACs: []string{ssh.HMACSHA512ETM}, - PublicKeyAlgos: []string{ssh.InsecureKeyAlgoDSA}, + PublicKeyAlgos: []string{ssh.InsecureKeyAlgoDSA}, //nolint:staticcheck }, } err = dataprovider.UpdateConfigs(&configs, "", "", "") @@ -1884,7 +1884,7 @@ func TestSupportedSecurityOptions(t *testing.T) { var defaultKexs []string for _, k := range supportedKexAlgos { defaultKexs = append(defaultKexs, k) - if k == ssh.KeyExchangeCurve25519SHA256 { + if k == ssh.KeyExchangeCurve25519 { defaultKexs = append(defaultKexs, keyExchangeCurve25519SHA256LibSSH) } } @@ -1901,7 +1901,7 @@ func TestSupportedSecurityOptions(t *testing.T) { c.MACs = []string{ " hmac-sha2-256-etm@openssh.com ", " hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512 ", - " hmac-sha1-96", "hmac-sha1 ", + "hmac-sha1 ", " hmac-sha1-96", } err = c.configureSecurityOptions(serverConfig) assert.NoError(t, err) diff --git a/internal/sftpd/server.go b/internal/sftpd/server.go index fa5be70d..13bfa349 100644 --- a/internal/sftpd/server.go +++ b/internal/sftpd/server.go @@ -452,9 +452,9 @@ func (c *Configuration) checkKeyExchangeAlgorithms() { } kexs = append(kexs, k) if strings.TrimSpace(k) == keyExchangeCurve25519SHA256LibSSH { - kexs = append(kexs, ssh.KeyExchangeCurve25519SHA256) + kexs = append(kexs, ssh.KeyExchangeCurve25519) } - if strings.TrimSpace(k) == ssh.KeyExchangeCurve25519SHA256 { + if strings.TrimSpace(k) == ssh.KeyExchangeCurve25519 { kexs = append(kexs, keyExchangeCurve25519SHA256LibSSH) } } diff --git a/internal/sftpd/sftpd.go b/internal/sftpd/sftpd.go index 92f30460..2a6968f9 100644 --- a/internal/sftpd/sftpd.go +++ b/internal/sftpd/sftpd.go @@ -40,7 +40,7 @@ var ( ssh.CertAlgoRSAv01: ssh.KeyAlgoRSA, ssh.CertAlgoRSASHA256v01: ssh.KeyAlgoRSASHA256, ssh.CertAlgoRSASHA512v01: ssh.KeyAlgoRSASHA512, - ssh.InsecureCertAlgoDSAv01: ssh.InsecureKeyAlgoDSA, + ssh.InsecureCertAlgoDSAv01: ssh.InsecureKeyAlgoDSA, //nolint:staticcheck ssh.CertAlgoECDSA256v01: ssh.KeyAlgoECDSA256, ssh.CertAlgoECDSA384v01: ssh.KeyAlgoECDSA384, ssh.CertAlgoECDSA521v01: ssh.KeyAlgoECDSA521, diff --git a/internal/sftpd/sftpd_test.go b/internal/sftpd/sftpd_test.go index 0d74974b..2614cd12 100644 --- a/internal/sftpd/sftpd_test.go +++ b/internal/sftpd/sftpd_test.go @@ -257,7 +257,7 @@ func TestMain(m *testing.M) { } sftpdConf.KexAlgorithms = []string{"curve25519-sha256@libssh.org", ssh.KeyExchangeECDHP256, ssh.KeyExchangeECDHP384} - sftpdConf.Ciphers = []string{ssh.CipherChacha20Poly1305, ssh.CipherAES128GCM, + sftpdConf.Ciphers = []string{ssh.CipherChaCha20Poly1305, ssh.CipherAES128GCM, ssh.CipherAES256CTR} sftpdConf.LoginBannerFile = loginBannerFileName // we need to test all supported ssh commands