Amazefilemanager: SFTP - security options improvment

Created on 18 Aug 2020  路  3Comments  路  Source: TeamAmaze/AmazeFileManager

Hi! The app is amazing! I was using and it seems GREAT!
i'd like to ask if it'd be possible to increase/upgrade security options for the sftp protocol.
Actually Im using a ed25519 key type, but I noticed Amaze offers: ssh-rsa,ssh-dss [preauth]

Moreover ( I didn't edited my server to test them ), if Amaze could support most recents:

Thanks!

Area-SsScSftp Issue-Feature

Most helpful comment

Amaze's SSH implementation depends on hierynomus/sshj, with some little tweak that disabled ECDSA (although on-device test did passed for ED25519 keys) to for stock and our own BouncyCastle co-existence.

After #1881 and #1890 merged to enable full BouncyCastle usage in our app maybe we can lift the tweaks to see if everything still work.

But for the new ciphers you mentioned, I could find chacha20-poly1305 in BouncyCastle, but not sure if it can be used with sshj itself.

Adding these ciphers may take time. Can't tell if it'll be at 3.6, but shall not happen at 3.5 cycle as we push hard towards public beta and release.

Anyway, let's lift the tweak first.

All 3 comments

Amaze's SSH implementation depends on hierynomus/sshj, with some little tweak that disabled ECDSA (although on-device test did passed for ED25519 keys) to for stock and our own BouncyCastle co-existence.

After #1881 and #1890 merged to enable full BouncyCastle usage in our app maybe we can lift the tweaks to see if everything still work.

But for the new ciphers you mentioned, I could find chacha20-poly1305 in BouncyCastle, but not sure if it can be used with sshj itself.

Adding these ciphers may take time. Can't tell if it'll be at 3.6, but shall not happen at 3.5 cycle as we push hard towards public beta and release.

Anyway, let's lift the tweak first.

Implement [email protected]/[email protected] support, may take work done on Apache Mina SSHD as reference.
https://github.com/apache/mina-sshd/pull/132

[email protected] cipher support is still work in progress.
https://issues.apache.org/jira/browse/SSHD-1017

Support for AES-GCM cipher is being implemented at sshj upstream: https://github.com/hierynomus/sshj/pull/630

Was this page helpful?
0 / 5 - 0 ratings

Related issues

germanfr picture germanfr  路  5Comments

bluefiberbread picture bluefiberbread  路  3Comments

mirh picture mirh  路  4Comments

EmmanuelMess picture EmmanuelMess  路  3Comments

ghost picture ghost  路  5Comments