SSH: allow to configure minimum key size for DHGEX

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>

internal/sftpd/server.go

@@ -128,6 +128,10 @@ type Configuration struct {
 	// KexAlgorithms specifies the available KEX (Key Exchange) algorithms in
 	// preference order.
 	KexAlgorithms []string `json:"kex_algorithms" mapstructure:"kex_algorithms"`
+	// MinDHGroupExchangeKeySize defines the minimum key size to allow for the
+	// key exchanges when using diffie-ellman-group-exchange-sha1 or sha256 key
+	// exchange algorithms.
+	MinDHGroupExchangeKeySize int `json:"min_dh_group_exchange_key_size" mapstructure:"min_dh_group_exchange_key_size"`
 	// Ciphers specifies the ciphers allowed
 	Ciphers []string `json:"ciphers" mapstructure:"ciphers"`
 	// MACs Specifies the available MAC (message authentication code) algorithms
@@ -321,6 +325,9 @@ func (c *Configuration) Initialize(configDir string) error {
 		return common.ErrNoBinding
 	}
 
+	ssh.SetDHKexServerMinBits(uint32(c.MinDHGroupExchangeKeySize))
+	logger.Debug(logSender, "", "minimum key size allowed for diffie-ellman-group-exchange: %d",
+		ssh.GetDHKexServerMinBits())
 	sftp.SetSFTPExtensions(sftpExtensions...) //nolint:errcheck // we configure valid SFTP Extensions so we cannot get an error
 	sftp.MaxFilelist = vfs.ListerBatchSize