Introduction
As of release 1.7.41 of Maverick Legacy Client it is now possible to configure the client from a single configuration file. Practically all previous options available via the API are now available to configure from file, with the ability to match configurations based on the hostname of the connection, or the SSH identification of the software, for example OpenSSH_8.0p1
Basic Use
To get started using Adaptive Configuration, create a file called maverick.cfg in the current working directory of your API process. If you don't want to use this file name, you can configure the name and path you want to use by using the System property -Dmaverick.configFile=conf/app.cfg
The most simple use for this is to specify the algorithms you want to use in your connections as demonstrated below. The order of the algorithms in each list is the order they will be preferred, the first algorithm being the most preferred.
# You can comment the file using lines starting with the hash character #
Ciphers aes256-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes192-ctr,aes128-ctr,arcfour256,aes256-cbc,3des-ctr
Compressions none,zlib,zlib@openssh.com
Kex diffie-hellman-group18-sha512,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,rsa2048-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256
Macs hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-512-96,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-96
Publickeys ssh-ed25519,rsa-sha2-512,rsa-sha2-256,x509v3-rsa2048-sha256,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256ssh-rsa
The directives at the top of the file will apply to all your connections. You can create separate configurations for different hosts by using the Match directive. Your file must contain all the global settings before the first Match directive.
Match localhost
Ciphers ....
Match jadaptive.com
Ciphers ...
Similary if you need to have different configurations for different server versions, just use the software identity part of the SSH identification string in your Match directive.
Match OpenSSH_8.0p1
Ciphers ....
Match OpenSSH_7.6p1
Ciphers ...
NOTE: Directives are case-insensitive and so Ciphers and ciphers will refer to the same configuration option.
All directives consist of a key work followed by a value. That value depends on the context of the directive, boolean directives can use the values "true", "false" and also "yes", "no"
The LastKnownGoodConfiguration Directive
Placing the LastKnownGoodConfiguartion directive in your global configuration will provide you with a setup where a successful connection will write back to the configuration file its successful configuration. This will preserve the order and preference of the algorithms used for Ciphers, Macs, Kex, Compressions and Publickeys for subsequent connections.
LastKnownGoodConfiguration yes
For each unique host connected to this will create a Match directive and output the algorithm configuration to the file.
Extended Configuration
Over time there have been many switches added to the API both as fields within Ssh2Context but also system property switches for situations where some non-standard behaviour might be required.
The full list of suppored directives can be found in our Spreadsheet.