Adds three new sets of algorithm definitions for sftp (#1225)

Partially addresses #1201
2025-07-31 18:04:52 +03:00 · 2024-05-24 17:12:46 -04:00
parent c2736b10a3
commit 344e6560c1
1 changed files with 83 additions and 6 deletions
--- a/source/reference/minio-server/minio-server.rst
+++ b/source/reference/minio-server/minio-server.rst
@ -170,20 +170,97 @@ The command accepts the following arguments:
   :optional:

   Enable and configure a SSH File Transfer Protocol (``SFTP``) server.
-   Use multiple times to specify an address port and the path to the ssh private key to use as key-value pairs.
+   Use multiple times to specify each desired key-value pair.

-   Valid keys:
+   The following table lists valid keys.
+
+   .. list-table::
+      :header-rows: 1
+      :widths: 30 30 40
+      :width: 100%
+   
+      * - Key
+        - Description
+        - Valid values
+   
+      * - ``address``
+        - Port to use for connecting to SFTP.
+        - Any valid port number, typically ``8022``.
+   
+      * - ``ssh-private-key``
+        - Path to the user's private key file.
+        - Absolute path or relative path from current location to the key file to use.
+ 
+      * - ``pub-key-algos``
+        - Comma-separated list of the public key algorithms to support.
+        - 
+          .. code-block:: text
+
+             ssh-ed25519
+             sk-ssh-ed25519@openssh.com
+             sk-ecdsa-sha2-nistp256@openssh.com
+             ecdsa-sha2-nistp256
+             ecdsa-sha2-nistp384
+             ecdsa-sha2-nistp521
+             rsa-sha2-256
+             rsa-sha2-512
+             ssh-rsa
+             ssh-dss
+
+      * - ``kex-algos``
+        - Comma-separated list in priority order of the key-exchange algorithms to support.
+        - 
+          .. code-block:: text
+          
+             curve25519-sha256
+             curve25519-sha256@libssh.org
+             ecdh-sha2-nistp256
+             ecdh-sha2-nistp384
+             ecdh-sha2-nistp521
+             diffie-hellman-group14-sha256
+             diffie-hellman-group16-sha512
+             diffie-hellman-group14-sha1
+             diffie-hellman-group1-sha1
+
+      * - ``cipher-algos``
+        - Comma-separated list of cipher algorithms to support
+        - 
+          .. code-block:: text
+
+            aes128-ctr
+            aes192-ctr
+            aes256-ctr
+            aes128-gcm@openssh.com
+            aes256-gcm@openssh.com
+            chacha20-poly1305@openssh.com
+            arcfour256
+            arcfour128
+            arcfour
+            aes128-cbc
+            3des-cbc
+
+      * - ``mac-algos``
+        - Comma-separated list in preference order of MAC algorithms to support. 
+          Based on `RFC 4253 section 6.4 <https://www.rfc-editor.org/rfc/rfc4253>`__ with the exception of ``hmac-md5`` variants, which are end of life.
+        - 
+          .. code-block:: text
+
+             hmac-sha2-256-etm@openssh.com
+             hmac-sha2-512-etm@openssh.com
+             hmac-sha2-256
+             hmac-sha2-512
+             hmac-sha1
+             hmac-sha1-96

-   - ``address``, which takes a single port to use for the server, typically ``8022``
-   - ``ssh-private-key``, which takes the path to the user's private key file

   For example:

   .. code-block:: shell
      :class: copyable

-      minio server http://server{1...4}/disk{1...4}                               \
-      --sftp="address=:8022" --sftp="ssh-private-key=/home/miniouser/.ssh/id_rsa" \
+      minio server http://server{1...4}/disk{1...4}                                 \
+      --sftp="address=:8022" --sftp="ssh-private-key=/home/miniouser/.ssh/id_rsa"   \
+      --sftp="kex-algos=diffie-hellman-group14-sha256,curve25519-sha256@libssh.org" \
      ...

 .. mc-cmd:: --certs-dir, -S