Open pega-vanhd1 opened 3 months ago
mwiede
commented
3 months ago have you considered using src/main/java/com/jcraft/jsch/OpenSSHConfig.java ?
Examples see https://github.com/mwiede/jsch/wiki/Jsch-Configuration#1-use-openssh-sshconfig-and-sshknown_hosts-files
norrisjeremy
commented
3 months ago Hi @pega-vanhd1,
You can specify JVM arguments for system properties (in the form of -Djsch.XYZ=..., see our FAQ item here for a list of system property names.
Thanks, Jeremy
pega-talba
commented
3 months ago Hi folks!
@mwiede Unfortunately in our situation, we are limited to adjusting environments via JVM properties. We can't alter the running code in the environments that need these changes. Essentially, jsch is included as a library within an application being run in many cloud environments, and we don't always have the ability to alter the application. In some cases we do, and for those situations we can provide additive algorithms as shown here. But we don't have the ability to add algorithms in that same additive way via JVM properties.
@norrisjeremy This is what we are currently doing. The problem is that using those system properties requires us to pass in a full list of all supported algorithms. This works, but now we won't automatically have newer algorithms supported if we updated the version of jsch - we would need to adjust the system properties to include the newer algorithms as well. It's also a much longer JVM argument when including all supported algorithms plus the extra 1-2 we need.
Our hope is that we can add an alternative JVM argument that includes a list of algorithms to accept in addition to the default from jsch, rather than a full list of algorithms.
norrisjeremy
commented
3 months ago Hi folks!
@norrisjeremy This is what we are currently doing. The problem is that using those system properties requires us to pass in a full list of all supported algorithms. This works, but now we won't automatically have newer algorithms supported if we updated the version of jsch - we would need to adjust the system properties to include the newer algorithms as well. It's also a much longer JVM argument when including all supported algorithms plus the extra 1-2 we need.
Our hope is that we can add an alternative JVM argument that includes a list of algorithms to accept in addition to the default from jsch, rather than a full list of algorithms.
It sounds like you could simply solve this problem yourself by adding your own JVM arguments to your own application(s) to adjust the JSch config. I'm not sure I see much value in further complicating the JSch library to support this.
Thanks, Jeremy
We are looking to override the algorithms that are available to use with the JVM arguments (host key, public key, kex, cipher, mac), but the downside of this is that we need to hardcode a full list of algorithms that we want to support. It would be nice if there were separate JVM arguments that we could use to provide a supplementary list of algorithms to be used in addition to the default algorithms. This would allow our code to be much more maintainable and future-proof.