bumped russh

warpgate-admin/Cargo.toml

@@ -24,8 +24,8 @@ poem-openapi = { version = "2.0", features = [
     "uuid",
     "static-files",
 ] }
-russh-keys = { version = "0.43.0", features = ["openssl"] }
+russh-keys = { version = "0.44.0-beta.3" }
-# russh-keys = { version = "0.23.0-beta.1", features = ["openssl"], path = "../../russh/russh-keys" }
+# russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" }
 rust-embed = "8.3"
 sea-orm = { version = "0.12.2", features = [
     "runtime-tokio-native-tls",

warpgate-protocol-ssh/Cargo.toml

@@ -14,10 +14,10 @@ dialoguer = "0.10"
 curve25519-dalek = "4.0.0" # pin due to build fail on x86
 ed25519-dalek = "2.0.0" # pin due to build fail on x86 in 2.1
 futures = "0.3"
-russh = { version = "0.43.0", features = ["vendored-openssl"] }
+russh = { version = "0.44.0-beta.3" }
-# russh = { version = "0.35.0-beta.6", features = ["vendored-openssl"], path = "../../russh/russh"}
+# russh = { version = "0.35.0-beta.6", path = "../../russh/russh"}
-russh-keys = { version = "0.43.0", features = ["vendored-openssl"] }
+russh-keys = { version = "0.44.0-beta.3" }
-# russh-keys = { version = "0.23.0-beta.1", features = ["vendored-openssl"], path = "../../russh/russh-keys" }
+# russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" }
 sea-orm = { version = "0.12.2", features = [
     "runtime-tokio-native-tls",
 ], default-features = false }

warpgate-protocol-ssh/src/client/mod.rs

@@ -2,6 +2,7 @@ mod channel_direct_tcpip;
 mod channel_session;
 mod error;
 mod handler;
+use std::borrow::Cow;
 use std::collections::HashMap;
 use std::io;
 use std::net::ToSocketAddrs;
@@ -403,9 +404,12 @@ impl RemoteClient {
         info!(?address, username = &ssh_options.username[..], "Connecting");
         let algos = if ssh_options.allow_insecure_algos.unwrap_or(false) {
             Preferred {
-                kex: &[
+                kex: Cow::Borrowed(&[
                     kex::CURVE25519,
                     kex::CURVE25519_PRE_RFC_8731,
+                    kex::ECDH_SHA2_NISTP256,
+                    kex::ECDH_SHA2_NISTP384,
+                    kex::ECDH_SHA2_NISTP512,
                     kex::DH_G16_SHA512,
                     kex::DH_G14_SHA256, // non-default
                     kex::DH_G14_SHA256,
@@ -414,7 +418,7 @@ impl RemoteClient {
                     kex::EXTENSION_SUPPORT_AS_SERVER,
                     kex::EXTENSION_OPENSSH_STRICT_KEX_AS_CLIENT,
                     kex::EXTENSION_OPENSSH_STRICT_KEX_AS_SERVER,
-                ],
+                ]),
                 ..<_>::default()
             }
         } else {

warpgate-protocol-ssh/src/server/mod.rs

@@ -3,6 +3,7 @@ mod russh_handler;
 mod service_output;
 mod session;
 mod session_handle;
+use std::borrow::Cow;
 use std::fmt::Debug;
 use std::net::SocketAddr;
 use std::sync::Arc;
@@ -32,12 +33,12 @@ pub async fn run_server(services: Services, address: SocketAddr) -> Result<()> {
             keys: load_host_keys(&config)?,
             event_buffer_size: 100,
             preferred: Preferred {
-                key: &[
+                key: Cow::Borrowed(&[
                     russh_keys::key::ED25519,
                     russh_keys::key::RSA_SHA2_256,
                     russh_keys::key::RSA_SHA2_512,
                     russh_keys::key::SSH_RSA,
-                ],
+                ]),
                 ..<_>::default()
             },
             ..<_>::default()