Struct makiko::ClientConfig
source · #[non_exhaustive]pub struct ClientConfig {
pub kex_algos: Vec<&'static KexAlgo>,
pub server_pubkey_algos: Vec<&'static PubkeyAlgo>,
pub cipher_algos: Vec<&'static CipherAlgo>,
pub mac_algos: Vec<&'static MacAlgo>,
pub rekey_after_bytes: u64,
pub rekey_after_duration: Duration,
}
Expand description
Configuration of a Client
.
You should start from the default instance, which has reasonable default
configuration, and modify it according to your needs. You may also find the method
ClientConfig::with()
syntactically convenient.
If you need compatibility with old SSH servers that use outdated crypto, you may use
ClientConfig::default_compatible_less_secure()
. However, this configuration is less secure.
This struct is #[non_exhaustive]
, so we may add more fields without breaking backward
compatibility.
Fields (Non-exhaustive)§
This struct is marked as non-exhaustive
Struct { .. }
syntax; cannot be matched against without a wildcard ..
; and struct update syntax will not work.kex_algos: Vec<&'static KexAlgo>
Supported key exchange algorithms.
We will use the first algorithm that is also supported by the server. If there is no overlap, the connnection will abort.
server_pubkey_algos: Vec<&'static PubkeyAlgo>
Supported server public key algorithms.
We will use the first algorithm that is also supported by the server. If there is no overlap, the connnection will abort.
cipher_algos: Vec<&'static CipherAlgo>
Supported encryption algorithms.
We will use the first algorithm that is also supported by the server. If there is no overlap, the connnection will abort.
mac_algos: Vec<&'static MacAlgo>
Supported message authentication algorithms.
We will use the first algorithm that is also supported by the server. If there is no overlap, the connnection will abort.
rekey_after_bytes: u64
Start key re-exchange after this many bytes.
The amount of data that symmetric ciphers can securely encrypt is usually limited, so we should periodically repeat key exchange to generate new symmetric keys (RFC 4253, section 9). We will trigger a key re-exchange after this number of bytes is transmitted or received.
By default, this configuration is set to 2^30 bytes (as recommended by the SSH specification). To ensure that security is not compromised by a mis-configuration, we only allow you to make this value lower: if you try to use a higher value, we ignore it and use the default instead.
rekey_after_duration: Duration
Start key re-exchange after this amount of time.
It is important to perform a key re-exchange after a certain number of bytes is encrypted
(see Self::rekey_after_bytes
), but the SSH specification also recommends to trigger the
re-exchange after a certain amount of time, “just in case”.
By default, we perform the re-exchange after one hour (as recommended by the SSH specification).
Implementations§
source§impl ClientConfig
impl ClientConfig
sourcepub fn default_compatible_less_secure() -> ClientConfig
pub fn default_compatible_less_secure() -> ClientConfig
Default configuration with higher compatibility and lower security.
Returns a configuration that includes support for subpar crypto, notably SHA-1, NIST curves and CBC-mode ciphers. Use at your own risk!
Trait Implementations§
source§impl Clone for ClientConfig
impl Clone for ClientConfig
source§fn clone(&self) -> ClientConfig
fn clone(&self) -> ClientConfig
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more