Skip to content

Commit

Permalink
feat: support ssh/rsa
Browse files Browse the repository at this point in the history
  • Loading branch information
loicmathieu committed Sep 13, 2024
1 parent 2558910 commit c0966c7
Showing 1 changed file with 17 additions and 2 deletions.
19 changes: 17 additions & 2 deletions src/main/java/io/kestra/plugin/fs/ssh/Command.java
Original file line number Diff line number Diff line change
Expand Up @@ -104,15 +104,23 @@ public class Command extends Task implements SshInterface, RunnableTask<Command.
additionalProperties = String.class,
dynamic = true
)
protected Map<String, String> env;
private Map<String, String> env;

@Builder.Default
@Schema(
title = "Use `WARNING` state if any stdErr is sent"
)
@PluginProperty
@NotNull
protected Boolean warningOnStdErr = true;
private Boolean warningOnStdErr = true;

@Builder.Default
@Schema(
title = "Enable the disabled by default RSA/SHA1 algorithm"
)
@PluginProperty
@NotNull
private Boolean enableSshRsa1 = false;

@Override
public Command.ScriptOutput run(RunContext runContext) throws Exception {
Expand Down Expand Up @@ -149,6 +157,13 @@ else if (authMethod == AuthMethod.PUBLIC_KEY) {
jsch = new JSch();
session = jsch.getSession(runContext.render(username), renderedHost, Integer.parseInt(renderedPort));

// enable disabled by default weak RSA/SHA1 algorithm
if (Boolean.TRUE.equals(enableSshRsa1)) {
runContext.logger().info("RSA/SHA1 is enabled, be advise that SHA1 is no longer considered secure by the general cryptographic community.");
session.setConfig("server_host_key", session.getConfig("server_host_key") + ",ssh-rsa");
session.setConfig("PubkeyAcceptedAlgorithms", session.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa");
}

if (authMethod == AuthMethod.PASSWORD) {
session.setConfig("PreferredAuthentications", "password");
session.setPassword(runContext.render(password));
Expand Down

0 comments on commit c0966c7

Please sign in to comment.