Struct makiko::ClientConfig

source · 
#[non_exhaustive]
pub struct ClientConfig {
    pub kex_algos: Vec<&'static KexAlgo>,
    pub server_pubkey_algos: Vec<&'static PubkeyAlgo>,
    pub cipher_algos: Vec<&'static CipherAlgo>,
    pub mac_algos: Vec<&'static MacAlgo>,
    pub rekey_after_bytes: u64,
    pub rekey_after_duration: Duration,
}
Expand description

Configuration of a Client.

You should start from the default instance, which has reasonable default configuration, and modify it according to your needs. You may also find the method ClientConfig::with() syntactically convenient.

If you need compatibility with old SSH servers that use outdated crypto, you may use ClientConfig::default_compatible_less_secure(). However, this configuration is less secure.

This struct is #[non_exhaustive], so we may add more fields without breaking backward compatibility.

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§kex_algos: Vec<&'static KexAlgo>

Supported key exchange algorithms.

We will use the first algorithm that is also supported by the server. If there is no overlap, the connnection will abort.

§server_pubkey_algos: Vec<&'static PubkeyAlgo>

Supported server public key algorithms.

We will use the first algorithm that is also supported by the server. If there is no overlap, the connnection will abort.

§cipher_algos: Vec<&'static CipherAlgo>

Supported encryption algorithms.

We will use the first algorithm that is also supported by the server. If there is no overlap, the connnection will abort.

§mac_algos: Vec<&'static MacAlgo>

Supported message authentication algorithms.

We will use the first algorithm that is also supported by the server. If there is no overlap, the connnection will abort.

§rekey_after_bytes: u64

Start key re-exchange after this many bytes.

The amount of data that symmetric ciphers can securely encrypt is usually limited, so we should periodically repeat key exchange to generate new symmetric keys (RFC 4253, section 9). We will trigger a key re-exchange after this number of bytes is transmitted or received.

By default, this configuration is set to 2^30 bytes (as recommended by the SSH specification). To ensure that security is not compromised by a mis-configuration, we only allow you to make this value lower: if you try to use a higher value, we ignore it and use the default instead.

§rekey_after_duration: Duration

Start key re-exchange after this amount of time.

It is important to perform a key re-exchange after a certain number of bytes is encrypted (see Self::rekey_after_bytes), but the SSH specification also recommends to trigger the re-exchange after a certain amount of time, “just in case”.

By default, we perform the re-exchange after one hour (as recommended by the SSH specification).

Implementations§

source§

impl ClientConfig

source

pub fn default_compatible_less_secure() -> ClientConfig

Default configuration with higher compatibility and lower security.

Returns a configuration that includes support for subpar crypto, notably SHA-1, NIST curves and CBC-mode ciphers. Use at your own risk!

source

pub fn with<F: FnOnce(&mut Self)>(self, f: F) -> Self

Update the configuration in pseudo-builder pattern style.

This method applies your closure to self and returns the mutated configuration.

Trait Implementations§

source§

impl Clone for ClientConfig

source§

fn clone(&self) -> ClientConfig

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for ClientConfig

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for ClientConfig

source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for Twhere T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V