Open mfernau opened 3 months ago
Hi @mfernau,
If you simply search around on Google I'm sure you can find guidance as to how secure various crypto algorithms are these days. But to summarize: we strive to keep JSch's default algorithms mostly inline with algorithms that the OpenSSH project does. So if the algorithm isn't enabled by default in JSch, then there is likely a reason for that.
Thanks, Jeremy
At first please note that I'm not a crypto expert. I'm having trouble to understand the internals of ssh and its algorithms is use. However - I would like to understand it a bit deeper which is the reason why I'm asking the following question.
Until Version 0.1.57 of Jsch I was able to successfully connect to the remote host in question. With newer version I'm getting:
If I modify my code to the following:
I'm able to connect to the server again. As far as I understand I (re)enable aes256-cbc as an allowed protocol. Is this the "best" I can do to connect to this server? Can I consider that CBC in general is an insecure encryption mode and thus was disabled by default? I would like to inform the operator of this SSH Server which seems to host a "GoAnywhere" system which itself seems not to be an outdated product so maybe he/she should be able to enable a more "modern" encryption protocol.
Please find full log of failed connection Jsch-0.2.17.log