From 457861ab2af0a35eeb3baae376dd99dfb2fc80cb Mon Sep 17 00:00:00 2001
From: Bo-Yi Wu <appleboy.tw@gmail.com>
Date: Mon, 4 May 2020 10:26:54 +0800
Subject: [PATCH] chore(ssh): support Ciphers

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
---
 go.mod    |  2 +-
 go.sum    |  4 ++--
 main.go   | 16 ++++++++++++++++
 plugin.go |  3 +++
 4 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 402f5a6..1a42550 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.14
 
 require (
 	github.com/appleboy/com v0.0.6
-	github.com/appleboy/easyssh-proxy v1.3.1
+	github.com/appleboy/easyssh-proxy v1.3.4
 	github.com/fatih/color v1.9.0
 	github.com/joho/godotenv v1.3.0
 	github.com/stretchr/testify v1.5.1
diff --git a/go.sum b/go.sum
index 8241733..d350f2a 100644
--- a/go.sum
+++ b/go.sum
@@ -3,8 +3,8 @@ github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681 h1:JS2rl38kZmHgWa0
 github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681/go.mod h1:WfDateMPQ/55dPbZRp5Zxrux5WiEaHsjk9puUhz0KgY=
 github.com/appleboy/com v0.0.6 h1:l8cZ0aQJU/SWyL79ciYAJeqV835PRdlZ6efiPhus5Ic=
 github.com/appleboy/com v0.0.6/go.mod h1:jnufjIC3opMlReyPPPye+8JqNvUzLm25o7h6SOy8nv0=
-github.com/appleboy/easyssh-proxy v1.3.1 h1:zj5u800KIRPziMlJouhd2R6jufz6ihGlFSmojzXYSOw=
-github.com/appleboy/easyssh-proxy v1.3.1/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
+github.com/appleboy/easyssh-proxy v1.3.4 h1:yNgzsJ9qaDNGzQILDXEK4boioJMmUUaTUsxYtCTSGqo=
+github.com/appleboy/easyssh-proxy v1.3.4/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
diff --git a/main.go b/main.go
index d4fce59..3699cb1 100644
--- a/main.go
+++ b/main.go
@@ -17,6 +17,8 @@ var (
 )
 
 func main() {
+	defaultCiphers := []string{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc"}
+
 	app := cli.NewApp()
 	app.Name = "Drone SCP"
 	app.Usage = "Copy files and artifacts via SSH."
@@ -53,6 +55,12 @@ func main() {
 			Usage:   "Password for password-based authentication",
 			EnvVars: []string{"PLUGIN_PASSWORD", "SCP_PASSWORD", "SSH_PASSWORD", "PASSWORD", "INPUT_PASSWORD"},
 		},
+		&cli.StringSliceFlag{
+			Name:    "ciphers",
+			Usage:   "The allowed cipher algorithms. If unspecified then a sensible",
+			EnvVars: []string{"PLUGIN_CIPHERS", "SSH_CIPHERS", "CIPHERS", "INPUT_CIPHERS"},
+			Value:   cli.NewStringSlice(defaultCiphers...),
+		},
 		&cli.DurationFlag{
 			Name:    "timeout",
 			Usage:   "connection timeout",
@@ -183,6 +191,12 @@ func main() {
 			Usage:   "connect to host of proxy",
 			EnvVars: []string{"PLUGIN_PROXY_HOST", "PROXY_SSH_HOST", "PROXY_HOST", "INPUT_PROXY_HOST"},
 		},
+		&cli.StringSliceFlag{
+			Name:    "proxy.ciphers",
+			Usage:   "The allowed cipher algorithms. If unspecified then a sensible",
+			EnvVars: []string{"PLUGIN_PROXY_CIPHERS", "PROXY_SSH_CIPHERS", "PROXY_CIPHERS", "INPUT_PROXY_CIPHERS"},
+			Value:   cli.NewStringSlice(defaultCiphers...),
+		},
 		&cli.StringFlag{
 			Name:    "proxy.port",
 			Usage:   "connect to port of proxy",
@@ -298,6 +312,7 @@ func run(c *cli.Context) error {
 			TarExec:         c.String("tar.exec"),
 			TarTmpPath:      c.String("tar.tmp-path"),
 			Overwrite:       c.Bool("overwrite"),
+			Ciphers:         c.StringSlice("ciphers"),
 			Proxy: easyssh.DefaultConfig{
 				Key:        c.String("proxy.ssh-key"),
 				Passphrase: c.String("proxy.ssh-passphrase"),
@@ -307,6 +322,7 @@ func run(c *cli.Context) error {
 				Server:     c.String("proxy.host"),
 				Port:       c.String("proxy.port"),
 				Timeout:    c.Duration("proxy.timeout"),
+				Ciphers:    c.StringSlice("proxy.ciphers"),
 			},
 		},
 	}
diff --git a/plugin.go b/plugin.go
index 8237350..c0aa581 100644
--- a/plugin.go
+++ b/plugin.go
@@ -63,6 +63,7 @@ type (
 		Proxy           easyssh.DefaultConfig
 		Debug           bool
 		Overwrite       bool
+		Ciphers         []string
 	}
 
 	// Plugin values.
@@ -283,6 +284,7 @@ func (p *Plugin) Exec() error {
 				KeyPath:    p.Config.KeyPath,
 				Passphrase: p.Config.Passphrase,
 				Timeout:    p.Config.Timeout,
+				Ciphers:    p.Config.Ciphers,
 				Proxy: easyssh.DefaultConfig{
 					Server:     p.Config.Proxy.Server,
 					User:       p.Config.Proxy.User,
@@ -292,6 +294,7 @@ func (p *Plugin) Exec() error {
 					KeyPath:    p.Config.Proxy.KeyPath,
 					Passphrase: p.Config.Proxy.Passphrase,
 					Timeout:    p.Config.Proxy.Timeout,
+					Ciphers:    p.Config.Proxy.Ciphers,
 				},
 			}