diff --git a/plugins/communicators/ssh/communicator.rb b/plugins/communicators/ssh/communicator.rb index be48252a8..831dcc779 100644 --- a/plugins/communicators/ssh/communicator.rb +++ b/plugins/communicators/ssh/communicator.rb @@ -348,6 +348,14 @@ module VagrantPlugins auth_methods << "publickey" if ssh_info[:private_key_path] auth_methods << "password" if ssh_info[:password] + # yanked directly from ruby's Net::SSH, but with `none` last + # TODO: Remove this once Vagrant has updated its dependency on Net:SSH + # to be > 4.1.0, which should include this fix. + cipher_array = Net::SSH::Transport::Algorithms::ALGORITHMS[:encryption].dup + if cipher_array.delete("none") + cipher_array.push("none") + end + # Build the options we'll use to initiate the connection via Net::SSH common_connect_opts = { auth_methods: auth_methods, @@ -361,6 +369,7 @@ module VagrantPlugins timeout: 15, user_known_hosts_file: [], verbose: :debug, + encryption: cipher_array, } # Connect to SSH, giving it a few tries diff --git a/test/unit/plugins/communicators/ssh/communicator_test.rb b/test/unit/plugins/communicators/ssh/communicator_test.rb index a0998c6dc..0a2f67195 100644 --- a/test/unit/plugins/communicators/ssh/communicator_test.rb +++ b/test/unit/plugins/communicators/ssh/communicator_test.rb @@ -396,6 +396,20 @@ describe VagrantPlugins::CommunicatorSSH::Communicator do ).and_return(true) communicator.send(:connect) end + + it "includes the default cipher array for encryption" do + cipher_array = %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc + aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se + idea-cbc arcfour128 arcfour256 arcfour + aes128-ctr aes192-ctr aes256-ctr + cast128-ctr blowfish-ctr 3des-ctr none) + expect(Net::SSH).to receive(:start).with( + nil, nil, hash_including( + encryption: cipher_array + ) + ).and_return(true) + communicator.send(:connect) + end end context "with keys_only disabled and paranoid enabled" do