[COMPASS-4069] Update ssh2 dependency Created: 08/Jan/20  Updated: 29/Oct/23  Resolved: 29/Jan/20

Status: Closed
Project: Compass
Component/s: Connectivity
Affects Version/s: None
Fix Version/s: 1.21.0

Type: Task Priority: Major - P3
Reporter: Lucas Hrabovsky (Inactive) Assignee: Lucas Hrabovsky (Inactive)
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on COMPASS-3933 Update to Electron 6 Closed
is depended on by COMPASS-3558 Add Support for Ed25519 SSH keys Closed
Related
related to COMPASS-4188 SSH Tunnel connection generates Error... Closed
is related to COMPASS-2407 When using SSH tunnel, COMPASS does n... Closed
is related to COMPASS-2769 If the SSH Identity File is present b... Closed
is related to COMPASS-3084 Connection window validation for SSH ... Closed
Epic Link: COMPASS-3417
Sprint: Iteration Urial, Iteration Vicuña

 Description   

Latest: Dec 3, 2019 v0.8.7
connection-model current: Nov 8, 2016 v0.5.4

https://github.com/mongodb-js/compass/issues/1882

While attempting to connect via SSH tunnel using an identity file and passphrase on the latest stable community version, I was only able to get it to work with an RSA key encrypted with AES-128-CBC or DES-EDE3-CBC. It failed to work with AES-192-CBC, AES-256-CBC, or with an openssh private key.

I got a variety of errors when using these other ciphers, including Uncaught Error: Expected 0x2: got 0x18, Uncaught Error: encoding too long, and Uncaught Error: Cannot parse privateKey: Unsupported key format.

Please add support at least for at least longer key lengths of AES, and potentially for other ciphers and key formats.

Confirmed that I get this same issue on current tip of master for at least AES-256-CBC

These algorithms are supported but not enabled by default. COMPASS-4069 will update ssh2 and when combined with COMPASS-3933 adding the below to client/server construction in ssh-tunnel.js will resolve this problem.

{ algorithms: { cipher: require('ssh2-streams').constants.ALGORITHMS.SUPPORTED_CIPHER } }


Generated at Wed Feb 07 22:35:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.