From 248f8fdd67e27af2e02fe4b6adb6388a85673771 Mon Sep 17 00:00:00 2001
From: Thomas Hendrickson <thomas.hendrickson@praetorian.com>
Date: Tue, 24 Jan 2023 16:47:47 -0500
Subject: [PATCH] fix bug to detect ssh password auth on older servers

---
 pkg/plugins/services/ssh/ssh.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/pkg/plugins/services/ssh/ssh.go b/pkg/plugins/services/ssh/ssh.go
index 18c86d4..5edb018 100644
--- a/pkg/plugins/services/ssh/ssh.go
+++ b/pkg/plugins/services/ssh/ssh.go
@@ -231,6 +231,26 @@ func (p *SSHPlugin) Run(conn net.Conn, timeout time.Duration, target plugins.Tar
 	conf.Auth = append(conf.Auth, ssh.Password("admin"))
 	conf.User = "admin"
 	conf.HostKeyCallback = ssh.InsecureIgnoreHostKey()
+	// use all the ciphers supported by the go crypto ssh library
+	conf.KeyExchanges = append(conf.KeyExchanges,
+		"diffie-hellman-group-exchange-sha256",
+		"diffie-hellman-group-exchange-sha1",
+		"diffie-hellman-group1-sha1",
+		"diffie-hellman-group14-sha1",
+		"diffie-hellman-group14-sha256",
+		"ecdh-sha2-nistp256",
+		"ecdh-sha2-nistp384",
+		"ecdh-sha2-nistp521",
+		"curve25519-sha256@libssh.org",
+		"curve25519-sha256",
+	)
+	conf.Ciphers = append(conf.Ciphers,
+		"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com",
+		"chacha20-poly1305@openssh.com",
+		"arcfour256", "arcfour128", "arcfour",
+		"aes128-cbc",
+		"3des-cbc",
+	)
 
 	authClient, err := ssh.Dial("tcp", target.Address.String(), &conf)