From 48f05d4cffd5ca0bbb218749736478b9d1f464a4 Mon Sep 17 00:00:00 2001
From: hstyi <spatter.flushes1o@icloud.com>
Date: Fri, 24 Jan 2025 14:36:06 +0800
Subject: [PATCH] feat: ssh insecure key exchange algorithms

---
 src/main/kotlin/app/termora/SshClients.kt | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/main/kotlin/app/termora/SshClients.kt b/src/main/kotlin/app/termora/SshClients.kt
index 7185efd..1ba5177 100644
--- a/src/main/kotlin/app/termora/SshClients.kt
+++ b/src/main/kotlin/app/termora/SshClients.kt
@@ -6,10 +6,12 @@ import org.apache.sshd.client.ClientBuilder
 import org.apache.sshd.client.SshClient
 import org.apache.sshd.client.channel.ChannelShell
 import org.apache.sshd.client.config.hosts.HostConfigEntryResolver
+import org.apache.sshd.client.kex.DHGClient
 import org.apache.sshd.client.session.ClientSession
 import org.apache.sshd.common.SshException
 import org.apache.sshd.common.channel.PtyChannelConfiguration
 import org.apache.sshd.common.global.KeepAliveHandler
+import org.apache.sshd.common.kex.BuiltinDHFactories
 import org.apache.sshd.common.util.net.SshdSocketAddress
 import org.apache.sshd.core.CoreModuleProperties
 import org.apache.sshd.server.forward.AcceptAllForwardingFilter
@@ -133,6 +135,14 @@ object SshClients {
         builder.globalRequestHandlers(listOf(KeepAliveHandler.INSTANCE))
             .factory { JGitSshClient() }
 
+        builder.keyExchangeFactories(
+            listOf(
+                DHGClient.newFactory(BuiltinDHFactories.dhg1),
+                DHGClient.newFactory(BuiltinDHFactories.dhg14),
+                DHGClient.newFactory(BuiltinDHFactories.dhgex),
+            )
+        )
+
         if (host.tunnelings.isEmpty() && host.options.jumpHosts.isEmpty()) {
             builder.forwardingFilter(RejectAllForwardingFilter.INSTANCE)
         } else {
@@ -144,6 +154,8 @@ object SshClients {
         val sshClient = builder.build() as JGitSshClient
         val heartbeatInterval = max(host.options.heartbeatInterval, 3)
         CoreModuleProperties.HEARTBEAT_INTERVAL.set(sshClient, Duration.ofSeconds(heartbeatInterval.toLong()))
+        CoreModuleProperties.ALLOW_DHG1_KEX_FALLBACK.set(sshClient, true)
+
         sshClient.setKeyPasswordProviderFactory { IdentityPasswordProvider(CredentialsProvider.getDefault()) }
 
         if (host.proxy.type != ProxyType.No) {