remove the Extension setting

always add ext-info-s to KEX and send the SSH_MSG_EXT_INFO message if we received ext-info-c from the client Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
golang · Mar 30, 2022 · 0196e38 · 0196e38
1 parent 7fe3443
commit 0196e38
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 19 deletions.
diff --git a/ssh/common.go b/ssh/common.go
@@ -28,14 +28,9 @@ const (
 const (
 	extInfoServer    = "ext-info-s"
 	extInfoClient    = "ext-info-c"
-	ExtServerSigAlgs = "server-sig-algs"
+	extServerSigAlgs = "server-sig-algs"
 )
 
-// defaultExtensions lists extensions enabled by default.
-var defaultExtensions = []string{
-	ExtServerSigAlgs,
-}
-
 // supportedCiphers lists ciphers we support but might not recommend.
 var supportedCiphers = []string{
 	"aes128-ctr", "aes192-ctr", "aes256-ctr",
@@ -282,10 +277,6 @@ type Config struct {
 	// The allowed MAC algorithms. If unspecified then a sensible default
 	// is used.
 	MACs []string
-
-	// A list of enabled extensions. If unspecified then a sensible
-	// default is used
-	Extensions []string
 }
 
 // SetDefaults sets sensible values for unset fields in config. This is
@@ -315,10 +306,6 @@ func (c *Config) SetDefaults() {
 		c.MACs = supportedMACs
 	}
 
-	if c.Extensions == nil {
-		c.Extensions = defaultExtensions
-	}
-
 	if c.RekeyThreshold == 0 {
 		// cipher specific default
 	} else if c.RekeyThreshold < minRekeyThreshold {

diff --git a/ssh/handshake.go b/ssh/handshake.go
@@ -479,9 +479,7 @@ func (t *handshakeTransport) sendKexInit() error {
 				msg.ServerHostKeyAlgos = append(msg.ServerHostKeyAlgos, keyFormat)
 			}
 		}
-		if contains(t.config.Extensions, ExtServerSigAlgs) {
-			msg.KexAlgos = append(msg.KexAlgos, extInfoServer)
-		}
+		msg.KexAlgos = append(msg.KexAlgos, extInfoServer)
 	} else {
 		msg.ServerHostKeyAlgos = t.hostKeyAlgorithms
 
@@ -642,13 +640,13 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
 
 	if !isClient {
 		// We're on the server side, see if the client sent the extension signal
-		if !t.extInfoSent && contains(clientInit.KexAlgos, extInfoClient) && contains(t.config.Extensions, ExtServerSigAlgs) {
+		if !t.extInfoSent && contains(clientInit.KexAlgos, extInfoClient) {
 			// The other side supports ext info, an ext info message hasn't been sent this session,
 			// and we have at least one extension enabled, so send an SSH_MSG_EXT_INFO message.
 			extensions := map[string][]byte{}
 			// We're the server, the client supports SSH_MSG_EXT_INFO and server-sig-algs
 			// is enabled. Prepare the server-sig-algos extension message to send.
-			extensions[ExtServerSigAlgs] = []byte(strings.Join(supportedServerSigAlgs, ","))
+			extensions[extServerSigAlgs] = []byte(strings.Join(supportedServerSigAlgs, ","))
 			var payload []byte
 			for k, v := range extensions {
 				payload = appendInt(payload, len(k))