Skip to content

feat: Add enableLegacyCrypto flag for SSH connections#1230

Open
eduardomozart wants to merge 27 commits intognmyt:mainfrom
eduardomozart:copilot/add-enable-legacy-crypto-flag
Open

feat: Add enableLegacyCrypto flag for SSH connections#1230
eduardomozart wants to merge 27 commits intognmyt:mainfrom
eduardomozart:copilot/add-enable-legacy-crypto-flag

Conversation

@eduardomozart
Copy link
Copy Markdown
Contributor

@eduardomozart eduardomozart commented Mar 3, 2026
edited
Loading

📋 Description

Adds an opt-in enableLegacyCrypto flag to SSH connections, enabling deprecated algorithms (ssh-dss, weak DH kex, CBC ciphers, MD5 HMACs) required by older network equipment. Disabled by default.

Backend — server/utils/jumpHostHelper.js

  • Defined ssh2Defaults (modern algorithm sets) and legacyAlgorithms (legacy sets)
  • buildSSHOptions injects legacyAlgorithms only when entryConfig.enableLegacyCrypto === true

Frontend — SettingsPage.jsx

  • Added Allow Legacy Cryptography toggle under the SSH Settings tab (guarded by config?.protocol === 'ssh')
  • Defaults to false; persisted to config.enableLegacyCrypto via the existing handleDisplaySettingChange pattern

Localization

Added servers.dialog.settings.legacyCrypto.{title,description} keys to all 11 supported locales with native translations (de, fr, es, it, pt, pt-BR, cs, ru, zh, ar)

🚀 Changes made to ...

  • 🔧 Server
  • 🖥️ Client
  • 📚 Documentation
  • 🔄 Other: ___

✅ Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have looked for similar pull requests in the repository and found none
  • This pull request does not contain translations (translations are managed through Crowdin)

🔗 Related Issues

Depends on #1229
Closes #1227

Copilot AI and others added 27 commits March 3, 2026 12:40
Initial plan
0610c63
Merge branch 'main' of https://github.com/eduardomozart/Nexterm into …
41ca090 
…copilot/add-autocomplete-off-to-input
@eduardomozart
Sync with main and add autoComplete="off" to userSearchFilter input i…
65a47e4 
…n LDAPProviderDialog

Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
Initial plan
fd76021
@eduardomozart
Merge pull request #1 from eduardomozart/copilot/add-autocomplete-off…
6f0c410 
…-to-input

Add autocomplete="off" to userSearchFilter input in LDAPProviderDialog
@eduardomozart
Update hard-coded port references to use SERVER_PORT env var
6852147 
Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
@eduardomozart
Fix hardcoded port 6989 in landing Install page using VITE_SERVER_POR…
76c2e34 
…T env var

Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
@eduardomozart
Merge pull request #2 from eduardomozart/copilot/update-port-referenc…
340c27f 
…es-to-env

Replace all hard-coded port 6989 with SERVER_PORT env var
Initial plan
8eb2097
@eduardomozart
Add enableLegacyCrypto flag for SSH connections to support legacy dev…
13c0d59 
…ices

Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
@eduardomozart
Replace outdated/obsolete with insecure in legacyCrypto translations …
719a5fb 
…across all 11 locales

Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
@eduardomozart
Add mdiLockOutline icon to enableLegacyCrypto toggle in Settings page
7877795 
Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
@eduardomozart
Update localization messages in en.json
f4792f4 
Removed several messages related to server creation and updates, and added messages for username, password, and SSH key requirements.
@eduardomozart
Remove "Keep this disabled by default." from legacyCrypto description…
c54c995 
…s in all 11 locales

Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
@eduardomozart
Update legacyCrypto: replace network device with servers, use mdiKeyA…
ce665cf 
…lertOutline, move below Wake-On-Lan, add danger style

Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
@eduardomozart
Remove accidentally committed client/package-lock.json and add to git…
8f2eabf 
…ignore

Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
@eduardomozart
Fix CSS specificity for .danger .settings-toggle-label, remove descri…
a402e7e 
…ption color change

Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
@eduardomozart
Restore client/yarn.lock to main branch state
c3a6d63 
Co-authored-by: eduardomozart <2974895+eduardomozart@users.noreply.github.com>
Revert "Merge pull request #2 from eduardomozart/copilot/update-port-…
b077f61 
…references-to-env"

This reverts commit 340c27f, reversing
changes made to 6f0c410.
@eduardomozart
Enhance legacy algorithm support for SSH connections
a2a4a62 
Added support for legacy algorithms and improved filtering for SSH options based on local OpenSSL capabilities.
@eduardomozart
Remove client/package-lock.json from .gitignore
38cf44f 
Remove client/package-lock.json from .gitignore
@eduardomozart
Remove autoComplete from userSearchFilter input
7a984f8 
Removed autoComplete attribute from userSearchFilter input.
@eduardomozart
Add newline at end of LDAPProviderDialog.jsx
fef7a84 
Added a newline at the end of the file for consistency.
Remove newline at end of LDAPProviderDialog.jsx
20db535 
Remove the trailing newline at the end of client/src/pages/Settings/pages/Authentication/components/LDAPProviderDialog/LDAPProviderDialog.jsx. No code or behavior changes; purely a file formatting/EOF adjustment.
Merge branch 'copilot/add-enable-legacy-crypto-flag' of https://githu…
9d84d49 
…b.com/eduardomozart/Nexterm into copilot/add-enable-legacy-crypto-flag
@eduardomozart
Refactor legacy SSH algorithm support
c661f5d 
Refactor legacy algorithm handling for SSH connections to improve support for older devices. Update crypto module import and adjust legacy algorithm definitions.
Capitalize legacy crypto titles in locales
2c5e31e 
Normalize the "legacyCrypto" title to use title-case across multiple locale files for consistent UI presentation. Updated client/public/assets/locales for: cs, de, es, fr, it, pt-BR, pt, and ru.
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 4, 2026

Quality Gate Passed Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature/Bug] Allow custom SSH algorithm configuration (Ciphers, Kex, MACs, HostKeys)

2 participants

@eduardomozart