Renci.SshNet.Async icon indicating copy to clipboard operation
Renci.SshNet.Async copied to clipboard

Published 20 hours ago verified publisher icon JohnTheGr8

Change Dependency to SSH.NET 2020.0.0 if possible

Open matwei opened this issue 2 years ago • 1 comments

On the release page for SSH.NET 2020.0.0 it states:

SSH.NET now supports the following additional key exchange algorithms:

  • curve25519-sha256
  • [email protected]
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512

There are already a lot of SSH servers that don't accept the old algorithms anymore. If you can verify that Renci.SshNet.Async works with the newer version of SSH.NET, this would hopefully prevent other software from accidently importing the older version.

Thanks, Mathias

matwei avatar Jan 24 '23 16:01 matwei

I second this. Veracode is now finding a vulnerability is all versions older than 2020.0.2

https://cwe.mitre.org/data/definitions/338.html

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

stevemesser avatar Jul 31 '23 18:07 stevemesser