diff --git a/app/config.js b/app/config.js index 635ebe8..43a3978 100644 --- a/app/config.js +++ b/app/config.js @@ -31,7 +31,39 @@ const defaultConfig = { readyTimeout: 20000, keepaliveInterval: 120000, keepaliveCountMax: 10, - alwaysSendKeyboardInteractivePrompts: false + alwaysSendKeyboardInteractivePrompts: false, + algorithms: { + kex: [ + "ecdh-sha2-nistp256", + "ecdh-sha2-nistp384", + "ecdh-sha2-nistp521", + "diffie-hellman-group-exchange-sha256", + "diffie-hellman-group14-sha1" + ], + cipher: [ + "aes128-ctr", + "aes192-ctr", + "aes256-ctr", + "aes128-gcm", + "aes128-gcm@openssh.com", + "aes256-gcm", + "aes256-gcm@openssh.com", + "aes256-cbc" + ], + hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], + serverHostKey: [ + "ssh-ed25519", + "rsa-sha2-512", + "rsa-sha2-256", + "ecdsa-sha2-nistp256", + "ecdsa-sha2-nistp384", + "ecdsa-sha2-nistp521", + "rsa-sha2-512", + "rsa-sha2-256", + "ssh-rsa" + ], + compress: ["none", "zlib@openssh.com", "zlib"] + } }, header: { text: null, @@ -44,27 +76,6 @@ const defaultConfig = { allowReconnect: true, allowReplay: true }, - algorithms: { - kex: [ - "ecdh-sha2-nistp256", - "ecdh-sha2-nistp384", - "ecdh-sha2-nistp521", - "diffie-hellman-group-exchange-sha256", - "diffie-hellman-group14-sha1" - ], - cipher: [ - "aes128-ctr", - "aes192-ctr", - "aes256-ctr", - "aes128-gcm", - "aes128-gcm@openssh.com", - "aes256-gcm", - "aes256-gcm@openssh.com", - "aes256-cbc" - ], - hmac: ["hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], - compress: ["none", "zlib@openssh.com", "zlib"] - }, session: { secret: process.env.WEBSSH_SESSION_SECRET || generateSecureSecret(), name: "webssh2.sid" diff --git a/app/configSchema.js b/app/configSchema.js index 78e9b89..156ac4b 100644 --- a/app/configSchema.js +++ b/app/configSchema.js @@ -38,7 +38,33 @@ const configSchema = { term: { type: "string" }, readyTimeout: { type: "integer" }, keepaliveInterval: { type: "integer" }, - keepaliveCountMax: { type: "integer" } + keepaliveCountMax: { type: "integer" }, + algorithms: { + type: "object", + properties: { + kex: { + type: "array", + items: { type: "string" } + }, + cipher: { + type: "array", + items: { type: "string" } + }, + hmac: { + type: "array", + items: { type: "string" } + }, + serverHostKey: { + type: "array", + items: { type: "string" } + }, + compress: { + type: "array", + items: { type: "string" } + } + }, + required: ["kex", "cipher", "hmac", "serverHostKey", "compress"] + } }, required: [ "host", @@ -68,28 +94,6 @@ const configSchema = { }, required: ["challengeButton", "allowReauth", "allowReplay"] }, - algorithms: { - type: "object", - properties: { - kex: { - type: "array", - items: { type: "string" } - }, - cipher: { - type: "array", - items: { type: "string" } - }, - hmac: { - type: "array", - items: { type: "string" } - }, - compress: { - type: "array", - items: { type: "string" } - } - }, - required: ["kex", "cipher", "hmac", "compress"] - }, session: { type: "object", properties: { @@ -99,6 +103,6 @@ const configSchema = { required: ["secret", "name"] } }, - required: ["listen", "http", "user", "ssh", "header", "options", "algorithms"] + required: ["listen", "http", "user", "ssh", "header", "options"] } module.exports = configSchema diff --git a/config.json.sample b/config.json.sample index 25fd174..e0b17b2 100644 --- a/config.json.sample +++ b/config.json.sample @@ -11,6 +11,10 @@ "password": null, "privatekey": null }, + "session": { + "secret": "secret", + "name": "webssh2" + }, "ssh": { "host": null, "port": 22, @@ -20,7 +24,49 @@ "readyTimeout": 20000, "keepaliveInterval": 120000, "keepaliveCountMax": 10, - "allowedSubnets": [] + "allowedSubnets": [], + "alwaysSendKeyboardInteractivePrompts": false, + "algorithms": { + "kex": [ + "curve25519-sha256", + "ecdh-sha2-nistp256", + "ecdh-sha2-nistp384", + "ecdh-sha2-nistp521", + "diffie-hellman-group-exchange-sha256", + "diffie-hellman-group14-sha1" + ], + "cipher": [ + "aes128-ctr", + "aes192-ctr", + "aes256-ctr", + "aes128-gcm", + "aes128-gcm@openssh.com", + "aes256-gcm", + "aes256-gcm@openssh.com", + "aes256-cbc" + ], + "hmac": [ + "hmac-sha2-256", + "hmac-sha2-512", + "hmac-sha1" + ], + "compress": [ + "none", + "zlib@openssh.com", + "zlib" + ], + "serverHostKey": [ + "ssh-ed25519", + "rsa-sha2-512", + "rsa-sha2-256", + "ecdsa-sha2-nistp256", + "ecdsa-sha2-nistp384", + "ecdsa-sha2-nistp521", + "rsa-sha2-512", + "rsa-sha2-256", + "ssh-rsa" + ] + } }, "header": { "text": null, @@ -32,34 +78,5 @@ "allowReauth": true, "allowReconnect": true, "allowReplay": true - }, - "algorithms": { - "kex": [ - "ecdh-sha2-nistp256", - "ecdh-sha2-nistp384", - "ecdh-sha2-nistp521", - "diffie-hellman-group-exchange-sha256", - "diffie-hellman-group14-sha1" - ], - "cipher": [ - "aes128-ctr", - "aes192-ctr", - "aes256-ctr", - "aes128-gcm", - "aes128-gcm@openssh.com", - "aes256-gcm", - "aes256-gcm@openssh.com", - "aes256-cbc" - ], - "hmac": [ - "hmac-sha2-256", - "hmac-sha2-512", - "hmac-sha1" - ], - "compress": [ - "none", - "zlib@openssh.com", - "zlib" - ] } }