From 4f138d7f82f9754beed0d7e6427d54d26f2fb879 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Thu, 22 Aug 2019 16:04:46 -0400 Subject: [PATCH] Added docker testing framework. --- docker_test.sh | 264 ++++++++++++++++++ test/docker/Dockerfile | 18 ++ test/docker/debug.sh | 9 + .../expected_results/openssh_5.6p1_test1.txt | 145 ++++++++++ .../expected_results/openssh_5.6p1_test2.txt | 143 ++++++++++ .../expected_results/openssh_5.6p1_test3.txt | 143 ++++++++++ .../expected_results/openssh_5.6p1_test4.txt | 141 ++++++++++ .../expected_results/openssh_5.6p1_test5.txt | 139 +++++++++ .../expected_results/openssh_8.0p1_test1.txt | 79 ++++++ .../expected_results/openssh_8.0p1_test2.txt | 75 +++++ .../expected_results/openssh_8.0p1_test3.txt | 39 +++ test/docker/host_ca_ed25519 | 7 + test/docker/host_ca_ed25519.pub | 1 + test/docker/host_ca_rsa_1024 | 15 + test/docker/host_ca_rsa_1024.pub | 1 + test/docker/host_ca_rsa_3072 | 39 +++ test/docker/host_ca_rsa_3072.pub | 1 + test/docker/moduli_1024 | 44 +++ test/docker/ssh_host_dsa_key | 12 + test/docker/ssh_host_dsa_key.pub | 1 + test/docker/ssh_host_ecdsa_key | 5 + test/docker/ssh_host_ecdsa_key.pub | 1 + test/docker/ssh_host_ed25519_key | 7 + test/docker/ssh_host_ed25519_key-cert.pub | 1 + test/docker/ssh_host_ed25519_key.pub | 1 + test/docker/ssh_host_rsa_key_1024 | 15 + .../ssh_host_rsa_key_1024-cert_1024.pub | 1 + .../ssh_host_rsa_key_1024-cert_3072.pub | 1 + test/docker/ssh_host_rsa_key_1024.pub | 1 + test/docker/ssh_host_rsa_key_3072 | 39 +++ .../ssh_host_rsa_key_3072-cert_1024.pub | 1 + .../ssh_host_rsa_key_3072-cert_3072.pub | 1 + test/docker/ssh_host_rsa_key_3072.pub | 1 + 33 files changed, 1391 insertions(+) create mode 100755 docker_test.sh create mode 100644 test/docker/Dockerfile create mode 100755 test/docker/debug.sh create mode 100644 test/docker/expected_results/openssh_5.6p1_test1.txt create mode 100644 test/docker/expected_results/openssh_5.6p1_test2.txt create mode 100644 test/docker/expected_results/openssh_5.6p1_test3.txt create mode 100644 test/docker/expected_results/openssh_5.6p1_test4.txt create mode 100644 test/docker/expected_results/openssh_5.6p1_test5.txt create mode 100644 test/docker/expected_results/openssh_8.0p1_test1.txt create mode 100644 test/docker/expected_results/openssh_8.0p1_test2.txt create mode 100644 test/docker/expected_results/openssh_8.0p1_test3.txt create mode 100644 test/docker/host_ca_ed25519 create mode 100644 test/docker/host_ca_ed25519.pub create mode 100644 test/docker/host_ca_rsa_1024 create mode 100644 test/docker/host_ca_rsa_1024.pub create mode 100644 test/docker/host_ca_rsa_3072 create mode 100644 test/docker/host_ca_rsa_3072.pub create mode 100644 test/docker/moduli_1024 create mode 100644 test/docker/ssh_host_dsa_key create mode 100644 test/docker/ssh_host_dsa_key.pub create mode 100644 test/docker/ssh_host_ecdsa_key create mode 100644 test/docker/ssh_host_ecdsa_key.pub create mode 100644 test/docker/ssh_host_ed25519_key create mode 100644 test/docker/ssh_host_ed25519_key-cert.pub create mode 100644 test/docker/ssh_host_ed25519_key.pub create mode 100644 test/docker/ssh_host_rsa_key_1024 create mode 100644 test/docker/ssh_host_rsa_key_1024-cert_1024.pub create mode 100644 test/docker/ssh_host_rsa_key_1024-cert_3072.pub create mode 100644 test/docker/ssh_host_rsa_key_1024.pub create mode 100644 test/docker/ssh_host_rsa_key_3072 create mode 100644 test/docker/ssh_host_rsa_key_3072-cert_1024.pub create mode 100644 test/docker/ssh_host_rsa_key_3072-cert_3072.pub create mode 100644 test/docker/ssh_host_rsa_key_3072.pub diff --git a/docker_test.sh b/docker_test.sh new file mode 100755 index 0000000..36a4e2f --- /dev/null +++ b/docker_test.sh @@ -0,0 +1,264 @@ +#!/bin/bash + +# +# This script will set up a docker image with multiple versions of OpenSSH, then +# use it to run tests. +# +# For debugging purposes, here is a cheat sheet for manually running the docker image: +# +# docker run -p 2222:22 -it ssh-audit-test:X /bin/bash +# docker run -p 2222:22 --security-opt seccomp:unconfined -it ssh-audit-test /debug.sh +# docker run -d -p 2222:22 ssh-audit-test:X /openssh/sshd-5.6p1 -D -f /etc/ssh/sshd_config-5.6p1_test1 +# docker run -d -p 2222:22 ssh-audit-test:X /openssh/sshd-8.0p1 -D -f /etc/ssh/sshd_config-8.0p1_test1 +# + + +# This is the docker tag for the image. If this tag doesn't exist, then we assume the +# image is out of date, and generate a new one with this tag. +IMAGE_VERSION=1 + +# This is the name of our docker image. +IMAGE_NAME=ssh-audit-test + + +# Terminal colors. +CLR="\033[0m" +RED="\033[0;31m" +GREEN="\033[0;32m" +REDB="\033[1;31m" # Red + bold +GREENB="\033[1;32m" # Green + bold + + +# Returns 0 if current docker image exists. +function check_if_docker_image_exists { + images=`docker image ls | egrep "$IMAGE_NAME[[:space:]]+$IMAGE_VERSION"` +} + + +# Uncompresses and compiles the specified version of OpenSSH. +function compile_openssh { + echo "Uncompressing $1..." + tar xzf openssh-$1.tar.gz + + echo "Compiling $1..." + pushd openssh-$1 > /dev/null + ./configure && make -j 10 + + if [[ ! -f "sshd" ]]; then + echo -e "${REDB}Error: sshd not built!${CLR}" + exit 1 + fi + + echo -e "\n${GREEN}Successfully built OpenSSH ${1}${CLR}\n" + popd > /dev/null +} + + +# Creates a new docker image. +function create_docker_image { + # Create a new temporary directory. + TMP_DIR=`mktemp -d /tmp/sshaudit-docker-XXXXXXXXXX` + + # Copy the Dockerfile to our new temp directory. + cp test/docker/* $TMP_DIR + + # Make the temp directory our working directory for the duration of the build + # process. + pushd $TMP_DIR > /dev/null + + # Get the release key for OpenSSH. + get_openssh_release_key + + # Aside from checking the GPG signatures, we also compare against this known-good + # SHA-256 hash just in case. + get_openssh '5.6p1' '538af53b2b8162c21a293bb004ae2bdb141abd250f61b4cea55244749f3c6c2b' + get_openssh '8.0p1' 'bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68' + + # Compile the versions of OpenSSH. + compile_openssh '5.6p1' + compile_openssh '8.0p1' + + # Rename the default config files so we know they are our originals. + mv openssh-5.6p1/sshd_config sshd_config-5.6p1_orig + mv openssh-8.0p1/sshd_config sshd_config-8.0p1_orig + + + # Create the configurations for each test. + + # + # OpenSSH v5.6p1 + # + + # Test 1: Basic test. + create_openssh_config '5.6p1' 'test1' "HostKey /etc/ssh/ssh_host_rsa_key_1024\nHostKey /etc/ssh/ssh_host_dsa_key" + + # Test 2: RSA 1024 host key with RSA 1024 certificate. + create_openssh_config '5.6p1' 'test2' "HostKey /etc/ssh/ssh_host_rsa_key_1024\nHostCertificate /etc/ssh/ssh_host_rsa_key_1024-cert_1024.pub" + + # Test 3: RSA 1024 host key with RSA 3072 certificate. + create_openssh_config '5.6p1' 'test3' "HostKey /etc/ssh/ssh_host_rsa_key_1024\nHostCertificate /etc/ssh/ssh_host_rsa_key_1024-cert_3072.pub" + + # Test 4: RSA 3072 host key with RSA 1024 certificate. + create_openssh_config '5.6p1' 'test4' "HostKey /etc/ssh/ssh_host_rsa_key_3072\nHostCertificate /etc/ssh/ssh_host_rsa_key_3072-cert_1024.pub" + + # Test 5: RSA 3072 host key with RSA 3072 certificate. + create_openssh_config '5.6p1' 'test5' "HostKey /etc/ssh/ssh_host_rsa_key_3072\nHostCertificate /etc/ssh/ssh_host_rsa_key_3072-cert_3072.pub" + + + # + # OpenSSH v8.0p1 + # + + # Test 1: Basic test. + create_openssh_config '8.0p1' 'test1' "HostKey /etc/ssh/ssh_host_rsa_key_3072\nHostKey /etc/ssh/ssh_host_ecdsa_key\nHostKey /etc/ssh/ssh_host_ed25519_key" + + # Test 2: ED25519 certificate test. + create_openssh_config '8.0p1' 'test2' "HostKey /etc/ssh/ssh_host_ed25519_key\nHostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub" + + # Test 3: Hardened installation test. + create_openssh_config '8.0p1' 'test3' "HostKey /etc/ssh/ssh_host_ed25519_key\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com" + + + # Now build the docker image! + docker build --tag $IMAGE_NAME:$IMAGE_VERSION . + + popd > /dev/null + rm -rf $TMP_DIR +} + + +# Creates an OpenSSH configuration file for a specific test. +function create_openssh_config { + openssh_version=$1 + test_number=$2 + config_text=$3 + + cp sshd_config-${openssh_version}_orig sshd_config-${openssh_version}_${test_number} + echo -e "${config_text}" >> sshd_config-${openssh_version}_${test_number} +} + + +# Downloads the OpenSSH release key and adds it to the local keyring. +function get_openssh_release_key { + local release_key_fingerprint_expected='59C2 118E D206 D927 E667 EBE3 D3E5 F56B 6D92 0D30' + + echo -e "\nGetting OpenSSH release key...\n" + wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc + + echo -e "\nImporting OpenSSH release key...\n" + gpg --import RELEASE_KEY.asc + + local release_key_fingerprint_actual=`gpg --fingerprint 6D920D30` + if [[ $release_key_fingerprint_actual != *"$release_key_fingerprint_expected"* ]]; then + echo -e "\n${REDB}Error: OpenSSH release key fingerprint does not match expected value!\n\tExpected: $release_key_fingerprint_expected\n\tActual: $release_key_fingerprint_actual\n\nTerminating.${CLR}" + exit -1 + fi + echo -e "\n\n${GREEN}OpenSSH release key matches expected value.${CLR}\n" +} + + +# Downloads the specified version of OpenSSH. +function get_openssh { + echo -e "\nGetting OpenSSH $1 sources...\n" + wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$1.tar.gz + + echo -e "\nGetting OpenSSH $1 signature...\n" + wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$1.tar.gz.asc + + local gpg_verify=`gpg --verify openssh-$1.tar.gz.asc openssh-$1.tar.gz 2>&1` + if [[ $gpg_verify != *"Good signature from \"Damien Miller "* ]]; then + echo -e "\n\n${REDB}Error: OpenSSH signature invalid!\n$gpg_verify\n\nTerminating.${CLR}" + exit -1 + fi + + # Check GPG's return value. 0 denotes a valid signature, and 1 is returned + # on invalid signatures. + if [[ $? != 0 ]]; then + echo -e "\n\n${REDB}Error: OpenSSH signature invalid! Verification returned code: $?\n\nTerminating.${CLR}" + exit -1 + fi + + echo -e "${GREEN}Signature on OpenSSH sources verified.${CLR}\n" + + local openssh_checksum_actual=`sha256sum openssh-$1.tar.gz | cut -f1 -d" "` + if [[ $openssh_checksum_actual != "$2" ]]; then + echo -e "${REDB}Error: OpenSSH checksum is invalid!\n Expected: $2\n Actual: $openssh_checksum_actual\n\n Terminating.${CLR}" + exit -1 + fi + +} + + +# Runs an OpenSSH test. Upon failure, a diff between the expected and actual results +# is shown, then the script immediately terminates. +function run_openssh_test { + openssh_version=$1 + test_number=$2 + + cid=`docker run -d -p 2222:22 ${IMAGE_NAME}:${IMAGE_VERSION} /openssh/sshd-${openssh_version} -D -f /etc/ssh/sshd_config-${openssh_version}_${test_number}` + if [[ $? != 0 ]]; then + echo -e "${REDB}Failed to run docker image! (exit code: $?)${CLR}" + exit 1 + fi + + ./ssh-audit.py localhost:2222 > ${TEST_RESULT_DIR}/openssh_${openssh_version}_${test_number}.txt + if [[ $? != 0 ]]; then + echo -e "${REDB}Failed to ssh-audit.py! (exit code: $?)${CLR}" + docker container stop $cid > /dev/null + exit 1 + fi + + docker container stop $cid > /dev/null + if [[ $? != 0 ]]; then + echo -e "${REDB}Failed to stop docker container ${cid}! (exit code: $?)${CLR}" + exit 1 + fi + + diff=`diff -u test/docker/expected_results/openssh_${openssh_version}_${test_number}.txt ${TEST_RESULT_DIR}/openssh_${openssh_version}_${test_number}.txt` + if [[ $? == 0 ]]; then + echo -e "OpenSSH ${openssh_version} ${test_number} ${GREEN}passed${CLR}." + else + echo -e "OpenSSH ${openssh_version} ${test_number} ${REDB}FAILED${CLR}.\n\n${diff}\n" + exit 1 + fi +} + + +# First check if docker is functional. +docker version > /dev/null +if [[ $? != 0 ]]; then + echo -e "${REDB}Error: 'docker version' command failed (error code: $?). Is docker installed and functioning?${CLR}" + exit 1 +fi + +# Check if the docker image is the most up-to-date version. If not, create it. +check_if_docker_image_exists +if [[ $? == 0 ]]; then + echo -e "\n${GREEN}Docker image $IMAGE_NAME:$IMAGE_VERSION already exists.${CLR}" +else + echo -e "\nCreating docker image $IMAGE_NAME:$IMAGE_VERSION..." + create_docker_image + echo -e "\n${GREEN}Done creating docker image!${CLR}" +fi + +# Create a temporary directory to write test results to. +TEST_RESULT_DIR=`mktemp -d /tmp/ssh-audit_test-results_XXXXXXXXXX` + +# Now run all the tests. +echo -e "\nRunning tests..." +run_openssh_test '5.6p1' 'test1' +run_openssh_test '5.6p1' 'test2' +run_openssh_test '5.6p1' 'test3' +run_openssh_test '5.6p1' 'test4' +run_openssh_test '5.6p1' 'test5' +echo "" +run_openssh_test '8.0p1' 'test1' +run_openssh_test '8.0p1' 'test2' +run_openssh_test '8.0p1' 'test3' + +# The test functions above will terminate the script on failure, so if we reached here, +# all tests are successful. +echo -e "\n${GREENB}ALL TESTS PASS!${CLR}\n" + +rm -rf $TEST_RESULT_DIR +exit 0 diff --git a/test/docker/Dockerfile b/test/docker/Dockerfile new file mode 100644 index 0000000..739be49 --- /dev/null +++ b/test/docker/Dockerfile @@ -0,0 +1,18 @@ +FROM ubuntu:16.04 + +COPY openssh-5.6p1/sshd /openssh/sshd-5.6p1 +COPY openssh-8.0p1/sshd /openssh/sshd-8.0p1 + +COPY sshd_config* /etc/ssh/ +COPY ssh_host_* /etc/ssh/ +COPY moduli_1024 /usr/local/etc/moduli + +COPY debug.sh /debug.sh + +RUN apt update 2> /dev/null +RUN apt install -y libssl-dev strace rsyslog 2> /dev/null +RUN apt clean 2> /dev/null +RUN useradd -s /bin/false sshd +RUN mkdir /var/empty + +EXPOSE 22 diff --git a/test/docker/debug.sh b/test/docker/debug.sh new file mode 100755 index 0000000..c4be343 --- /dev/null +++ b/test/docker/debug.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# This script is run on in docker container. It will enable logging for sshd in +# /var/log/auth.log. + +/etc/init.d/rsyslog start +sleep 1 +/openssh/sshd-5.6p1 -o LogLevel=DEBUG3 -f /etc/ssh/sshd_config-5.6p1_test1 +/bin/bash diff --git a/test/docker/expected_results/openssh_5.6p1_test1.txt b/test/docker/expected_results/openssh_5.6p1_test1.txt new file mode 100644 index 0000000..2ddc54e --- /dev/null +++ b/test/docker/expected_results/openssh_5.6p1_test1.txt @@ -0,0 +1,145 @@ +# general +(gen) banner: SSH-2.0-OpenSSH_5.6 +(gen) software: OpenSSH 5.6 +(gen) compatibility: OpenSSH 4.7-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) +(gen) compression: enabled (zlib@openssh.com) + +# security +(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data +(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read) +(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid +(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack +(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard +(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption) +(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages +(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption) +(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion) +(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption) +(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values + +# key exchange algorithms +(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 4.4 +(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.3.0 +(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 +(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack + `- [warn] using small 1024-bit modulus + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + +# host-key algorithms +(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 +(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm + `- [warn] using small 1024-bit modulus + `- [warn] using weak random number generator could reveal the key + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 + +# encryption algorithms (ciphers) +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 4.2 +(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 4.2 +(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 +(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm + `- [warn] using weak cipher + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 +(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [fail] disabled since Dropbear SSH 0.53 + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 +(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 2.1.0 +(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0 +(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 +(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 2.1.0 +(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0 + +# message authentication code algorithms +(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 +(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 +(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode + `- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 4.7 +(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.5.0 +(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.1.0 +(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 +(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0 + +# fingerprints +(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4 + +# algorithm recommendations (for OpenSSH 5.6) +(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) -3des-cbc -- enc algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  +(rec) -arcfour -- enc algorithm to remove  +(rec) -arcfour128 -- enc algorithm to remove  +(rec) -arcfour256 -- enc algorithm to remove  +(rec) -blowfish-cbc -- enc algorithm to remove  +(rec) -cast128-cbc -- enc algorithm to remove  +(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -hmac-md5 -- mac algorithm to remove  +(rec) -hmac-md5-96 -- mac algorithm to remove  +(rec) -hmac-ripemd160 -- mac algorithm to remove  +(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1-96 -- mac algorithm to remove  +(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  +(rec) -ssh-dss -- key algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  + diff --git a/test/docker/expected_results/openssh_5.6p1_test2.txt b/test/docker/expected_results/openssh_5.6p1_test2.txt new file mode 100644 index 0000000..8d4daab --- /dev/null +++ b/test/docker/expected_results/openssh_5.6p1_test2.txt @@ -0,0 +1,143 @@ +# general +(gen) banner: SSH-2.0-OpenSSH_5.6 +(gen) software: OpenSSH 5.6 +(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) +(gen) compression: enabled (zlib@openssh.com) + +# security +(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data +(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read) +(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid +(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack +(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard +(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption) +(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages +(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption) +(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion) +(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption) +(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values + +# key exchange algorithms +(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 4.4 +(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.3.0 +(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 +(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack + `- [warn] using small 1024-bit modulus + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + +# host-key algorithms +(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 +(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 5.6 + +# encryption algorithms (ciphers) +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 4.2 +(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 4.2 +(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 +(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm + `- [warn] using weak cipher + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 +(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [fail] disabled since Dropbear SSH 0.53 + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 +(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 2.1.0 +(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0 +(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 +(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 2.1.0 +(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0 + +# message authentication code algorithms +(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 +(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 +(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode + `- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 4.7 +(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.5.0 +(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.1.0 +(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 +(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0 + +# fingerprints +(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4 + +# algorithm recommendations (for OpenSSH 5.6) +(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) !ssh-rsa-cert-v01@openssh.com -- key algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) -3des-cbc -- enc algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  +(rec) -arcfour -- enc algorithm to remove  +(rec) -arcfour128 -- enc algorithm to remove  +(rec) -arcfour256 -- enc algorithm to remove  +(rec) -blowfish-cbc -- enc algorithm to remove  +(rec) -cast128-cbc -- enc algorithm to remove  +(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -hmac-md5 -- mac algorithm to remove  +(rec) -hmac-md5-96 -- mac algorithm to remove  +(rec) -hmac-ripemd160 -- mac algorithm to remove  +(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1-96 -- mac algorithm to remove  +(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  + diff --git a/test/docker/expected_results/openssh_5.6p1_test3.txt b/test/docker/expected_results/openssh_5.6p1_test3.txt new file mode 100644 index 0000000..8d66e56 --- /dev/null +++ b/test/docker/expected_results/openssh_5.6p1_test3.txt @@ -0,0 +1,143 @@ +# general +(gen) banner: SSH-2.0-OpenSSH_5.6 +(gen) software: OpenSSH 5.6 +(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) +(gen) compression: enabled (zlib@openssh.com) + +# security +(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data +(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read) +(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid +(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack +(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard +(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption) +(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages +(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption) +(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion) +(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption) +(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values + +# key exchange algorithms +(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 4.4 +(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.3.0 +(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 +(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack + `- [warn] using small 1024-bit modulus + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + +# host-key algorithms +(key) ssh-rsa (1024-bit) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 +(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 5.6 + +# encryption algorithms (ciphers) +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 4.2 +(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 4.2 +(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 +(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm + `- [warn] using weak cipher + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 +(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [fail] disabled since Dropbear SSH 0.53 + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 +(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 2.1.0 +(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0 +(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 +(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 2.1.0 +(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0 + +# message authentication code algorithms +(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 +(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 +(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode + `- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 4.7 +(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.5.0 +(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.1.0 +(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 +(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0 + +# fingerprints +(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4 + +# algorithm recommendations (for OpenSSH 5.6) +(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) !ssh-rsa -- key algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) !ssh-rsa-cert-v01@openssh.com -- key algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) -3des-cbc -- enc algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  +(rec) -arcfour -- enc algorithm to remove  +(rec) -arcfour128 -- enc algorithm to remove  +(rec) -arcfour256 -- enc algorithm to remove  +(rec) -blowfish-cbc -- enc algorithm to remove  +(rec) -cast128-cbc -- enc algorithm to remove  +(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -hmac-md5 -- mac algorithm to remove  +(rec) -hmac-md5-96 -- mac algorithm to remove  +(rec) -hmac-ripemd160 -- mac algorithm to remove  +(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1-96 -- mac algorithm to remove  +(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  + diff --git a/test/docker/expected_results/openssh_5.6p1_test4.txt b/test/docker/expected_results/openssh_5.6p1_test4.txt new file mode 100644 index 0000000..a5fa335 --- /dev/null +++ b/test/docker/expected_results/openssh_5.6p1_test4.txt @@ -0,0 +1,141 @@ +# general +(gen) banner: SSH-2.0-OpenSSH_5.6 +(gen) software: OpenSSH 5.6 +(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) +(gen) compression: enabled (zlib@openssh.com) + +# security +(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data +(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read) +(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid +(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack +(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard +(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption) +(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages +(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption) +(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion) +(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption) +(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values + +# key exchange algorithms +(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 4.4 +(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.3.0 +(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 +(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack + `- [warn] using small 1024-bit modulus + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + +# host-key algorithms +(key) ssh-rsa (3072-bit) -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 +(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 5.6 + +# encryption algorithms (ciphers) +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 4.2 +(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 4.2 +(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 +(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm + `- [warn] using weak cipher + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 +(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [fail] disabled since Dropbear SSH 0.53 + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 +(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 2.1.0 +(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0 +(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 +(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 2.1.0 +(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0 + +# message authentication code algorithms +(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 +(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 +(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode + `- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 4.7 +(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.5.0 +(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.1.0 +(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 +(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0 + +# fingerprints +(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244 + +# algorithm recommendations (for OpenSSH 5.6) +(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) !ssh-rsa-cert-v01@openssh.com -- key algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) -3des-cbc -- enc algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  +(rec) -arcfour -- enc algorithm to remove  +(rec) -arcfour128 -- enc algorithm to remove  +(rec) -arcfour256 -- enc algorithm to remove  +(rec) -blowfish-cbc -- enc algorithm to remove  +(rec) -cast128-cbc -- enc algorithm to remove  +(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -hmac-md5 -- mac algorithm to remove  +(rec) -hmac-md5-96 -- mac algorithm to remove  +(rec) -hmac-ripemd160 -- mac algorithm to remove  +(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1-96 -- mac algorithm to remove  +(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  + diff --git a/test/docker/expected_results/openssh_5.6p1_test5.txt b/test/docker/expected_results/openssh_5.6p1_test5.txt new file mode 100644 index 0000000..7e5cf64 --- /dev/null +++ b/test/docker/expected_results/openssh_5.6p1_test5.txt @@ -0,0 +1,139 @@ +# general +(gen) banner: SSH-2.0-OpenSSH_5.6 +(gen) software: OpenSSH 5.6 +(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52) +(gen) compression: enabled (zlib@openssh.com) + +# security +(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data +(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read) +(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid +(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack +(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard +(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption) +(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages +(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption) +(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion) +(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption) +(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values + +# key exchange algorithms +(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus + `- [info] available since OpenSSH 4.4 +(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.3.0 +(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 +(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack + `- [warn] using small 1024-bit modulus + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 + +# host-key algorithms +(key) ssh-rsa (3072-bit) -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 +(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [info] available since OpenSSH 5.6 + +# encryption algorithms (ciphers) +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 4.2 +(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 4.2 +(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28 +(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm + `- [warn] using weak cipher + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 +(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [fail] disabled since Dropbear SSH 0.53 + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28 +(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [warn] using small 64-bit block size + `- [info] available since OpenSSH 2.1.0 +(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0 +(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47 +(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher + `- [info] available since OpenSSH 2.1.0 +(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using weak cipher mode + `- [info] available since OpenSSH 2.3.0 + +# message authentication code algorithms +(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 +(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 +(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode + `- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 4.7 +(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.5.0 +(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 2.1.0 +(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47 +(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm + `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm + `- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.5.0 + +# fingerprints +(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244 + +# algorithm recommendations (for OpenSSH 5.6) +(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger)  +(rec) -3des-cbc -- enc algorithm to remove  +(rec) -aes128-cbc -- enc algorithm to remove  +(rec) -aes192-cbc -- enc algorithm to remove  +(rec) -aes256-cbc -- enc algorithm to remove  +(rec) -arcfour -- enc algorithm to remove  +(rec) -arcfour128 -- enc algorithm to remove  +(rec) -arcfour256 -- enc algorithm to remove  +(rec) -blowfish-cbc -- enc algorithm to remove  +(rec) -cast128-cbc -- enc algorithm to remove  +(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove  +(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove  +(rec) -hmac-md5 -- mac algorithm to remove  +(rec) -hmac-md5-96 -- mac algorithm to remove  +(rec) -hmac-ripemd160 -- mac algorithm to remove  +(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha1-96 -- mac algorithm to remove  +(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  + diff --git a/test/docker/expected_results/openssh_8.0p1_test1.txt b/test/docker/expected_results/openssh_8.0p1_test1.txt new file mode 100644 index 0000000..25981cf --- /dev/null +++ b/test/docker/expected_results/openssh_8.0p1_test1.txt @@ -0,0 +1,79 @@ +# general +(gen) banner: SSH-2.0-OpenSSH_8.0 +(gen) software: OpenSSH 8.0 +(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2016.73+ +(gen) compression: enabled (zlib@openssh.com) + +# key exchange algorithms +(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 +(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4 +(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 +(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 +(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 +(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 + +# host-key algorithms +(key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2 +(key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2 +(key) ssh-rsa (3072-bit) -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 +(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves + `- [warn] using weak random number generator could reveal the key + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(key) ssh-ed25519 -- [info] available since OpenSSH 6.5 + +# encryption algorithms (ciphers) +(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 + `- [info] default cipher since OpenSSH 6.9. +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 +(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 + +# message authentication code algorithms +(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 6.2 +(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 6.2 +(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode + `- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 4.7 +(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 +(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 +(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 + +# fingerprints +(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU +(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244 + +# algorithm recommendations (for OpenSSH 8.0) +(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove  +(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove  +(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove  +(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  +(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha2-256 -- mac algorithm to remove  +(rec) -hmac-sha2-512 -- mac algorithm to remove  +(rec) -umac-128@openssh.com -- mac algorithm to remove  +(rec) -umac-64-etm@openssh.com -- mac algorithm to remove  +(rec) -umac-64@openssh.com -- mac algorithm to remove  + diff --git a/test/docker/expected_results/openssh_8.0p1_test2.txt b/test/docker/expected_results/openssh_8.0p1_test2.txt new file mode 100644 index 0000000..3a23378 --- /dev/null +++ b/test/docker/expected_results/openssh_8.0p1_test2.txt @@ -0,0 +1,75 @@ +# general +(gen) banner: SSH-2.0-OpenSSH_8.0 +(gen) software: OpenSSH 8.0 +(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2016.73+ +(gen) compression: enabled (zlib@openssh.com) + +# key exchange algorithms +(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 +(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves + `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62 +(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4 +(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 +(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3 +(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73 +(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53 + +# host-key algorithms +(key) ssh-ed25519 -- [info] available since OpenSSH 6.5 +(key) ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 6.5 + +# encryption algorithms (ciphers) +(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 + `- [info] default cipher since OpenSSH 6.9. +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 +(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 + +# message authentication code algorithms +(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 6.2 +(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 6.2 +(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode + `- [warn] using small 64-bit tag size + `- [info] available since OpenSSH 4.7 +(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 +(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode + `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56 +(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode + `- [warn] using weak hashing algorithm + `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28 + +# fingerprints +(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU + +# algorithm recommendations (for OpenSSH 8.0) +(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove  +(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove  +(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove  +(rec) +rsa-sha2-256 -- key algorithm to append  +(rec) +rsa-sha2-512 -- key algorithm to append  +(rec) +ssh-rsa -- key algorithm to append  +(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove  +(rec) -hmac-sha1 -- mac algorithm to remove  +(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove  +(rec) -hmac-sha2-256 -- mac algorithm to remove  +(rec) -hmac-sha2-512 -- mac algorithm to remove  +(rec) -umac-128@openssh.com -- mac algorithm to remove  +(rec) -umac-64-etm@openssh.com -- mac algorithm to remove  +(rec) -umac-64@openssh.com -- mac algorithm to remove  + diff --git a/test/docker/expected_results/openssh_8.0p1_test3.txt b/test/docker/expected_results/openssh_8.0p1_test3.txt new file mode 100644 index 0000000..81bfa9c --- /dev/null +++ b/test/docker/expected_results/openssh_8.0p1_test3.txt @@ -0,0 +1,39 @@ +# general +(gen) banner: SSH-2.0-OpenSSH_8.0 +(gen) software: OpenSSH 8.0 +(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2013.62+ +(gen) compression: enabled (zlib@openssh.com) + +# key exchange algorithms +(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4 +(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 +(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4 + +# host-key algorithms +(key) ssh-ed25519 -- [info] available since OpenSSH 6.5 + +# encryption algorithms (ciphers) +(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 + `- [info] default cipher since OpenSSH 6.9. +(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2 +(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2 +(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 +(enc) aes192-ctr -- [info] available since OpenSSH 3.7 +(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52 + +# message authentication code algorithms +(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2 +(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2 + +# fingerprints +(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU + +# algorithm recommendations (for OpenSSH 8.0) +(rec) +diffie-hellman-group14-sha256 -- kex algorithm to append  +(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append  +(rec) +diffie-hellman-group18-sha512 -- kex algorithm to append  +(rec) +rsa-sha2-256 -- key algorithm to append  +(rec) +rsa-sha2-512 -- key algorithm to append  +(rec) +ssh-rsa -- key algorithm to append  + diff --git a/test/docker/host_ca_ed25519 b/test/docker/host_ca_ed25519 new file mode 100644 index 0000000..7b8c41b --- /dev/null +++ b/test/docker/host_ca_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQAAAKAa0zr8GtM6 +/AAAAAtzc2gtZWQyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQ +AAAEC/j/BpfmgaZqNMTkJXO4cKZBr31N5z33IRFjh5m6IDDhsz1andk9wLwh+G7oaM0Mlq +gyDsrE7R6Xb6v0nflOW1AAAAHWpkb2dAbG9jYWxob3N0LndvbmRlcmxhbmQubG9s +-----END OPENSSH PRIVATE KEY----- diff --git a/test/docker/host_ca_ed25519.pub b/test/docker/host_ca_ed25519.pub new file mode 100644 index 0000000..01e745f --- /dev/null +++ b/test/docker/host_ca_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsz1andk9wLwh+G7oaM0MlqgyDsrE7R6Xb6v0nflOW1 jdog@localhost.wonderland.lol diff --git a/test/docker/host_ca_rsa_1024 b/test/docker/host_ca_rsa_1024 new file mode 100644 index 0000000..337b777 --- /dev/null +++ b/test/docker/host_ca_rsa_1024 @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS +6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8Su +dBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQIDAQAB +AoGBANALOUXRcP1tTtOP4+In/709dsONKyDBhPavGMFGsWtyIavBcbxU+bBzrq1j +3WJFCmi99xxAjjqMNInxhMgvSaoJtsiY0/FFxqRy6l/ZnRjI6hrVKR8whrPKVgBF +pvbjeQIn9txeCYA8kwl/Si762u7byq+qvupE53xMP94J02KBAkEA/Q4+Hn1Rjblw +VXynF+oXIq6iZy+8PW+Y/FIL8d31ehzfcssCMdFV6S3/wBoQkWby30oGC/xGmHGR +6ffXGilByQJBAOn3NMrBPXNkaPeQtgV3tk4s1dRDQYhbqGNz6tcgThyyPdhJCmCy +jgUEhLwAetsDI8/+3avWbo6/csOV+BvpYUkCQQDQyEp6L1z0+FV1QqY99dZmt/yn +89t0OLnZG/xc7osU1/OHq3TBE3y1KU2D+j1HKdAiZ9l7VAYOykzf46qmG/n5AkEA +2kWjfcjcIIw7lULvXZh6fuI7NwTr3V/Nb8MUA1EDLqhnJCG4SdAqyKmXf6Fe/HYo +cgKPIaIykIAxfCCsULXg6QJAOxB0CKYJlopVBdjGMlGqOEneWTmb1A2INQDE2Una +LkSd0Rr8OiEzDeemV7j3Ec4BH0HxGMnHDxMybZwoZRnRPw== +-----END RSA PRIVATE KEY----- diff --git a/test/docker/host_ca_rsa_1024.pub b/test/docker/host_ca_rsa_1024.pub new file mode 100644 index 0000000..6d861d6 --- /dev/null +++ b/test/docker/host_ca_rsa_1024.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8SudBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQ== jdog@localhost.wonderland.lol diff --git a/test/docker/host_ca_rsa_3072 b/test/docker/host_ca_rsa_3072 new file mode 100644 index 0000000..dd04653 --- /dev/null +++ b/test/docker/host_ca_rsa_3072 @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAqxQEIbj8w0TrBY1fDO81curijQrdLOUr8Vl8XECWc5QGd1Lk +AG80NgdcCBPvjWxZSmYrKeqA78GUdN+KgycE0ztpxYSXKHZMaIM5Xe94BB+BocH9 +1vd/2iBzGeed1nV/zfAdq2AEHQj1TpII+a+z25yxv2PuwVTTwwo9I/6JgNq3evH4 +Hbwgr3SRfEEYZQ+YL8cOpBuNg1YZOR0k1yk23ZqAd92JybxZ4iCtOt7rcj2sFHzN +u1U544wWBwIL5yZZKTgBhY4dqfT2Ep7IzR5HdsdrvQV9qC92GM1zDE+U3AwrVKjH +s0YZq3jzcq/yvFDCcMMRz4/0pGFFU26oWma+n3vbAxKJoL+rhG8QM9+l2qFlLGsn +M0kUXAJXsPKbygpaP8Z3U4eKgTuJ2GuS9eLIFnB7mrwD75V6GgN9q5mY89DfkVSk +HaoqpY8pPdRkz9QAmMEuLtHmv29CVOpfX5v/rsm7wASAZqtUlmFu4rFGBLwvZbUl +Wu02HmgBT47g6EIfAgMBAAECggGAKVCdKtO03yd+pomcodAHFWiaK7uq7FOwCAo3 +WUQT0Xe3FAwFmgFBF6cxV5YQ7RN0gN4poGbMmpoiUxNFLSU4KhcYFSZPJutiyn6e +VQwm7L/7G2hw+AAvdSsPAPuJh6g6pC5Py/pVI/ns2/uyhTIkem3eEz18BF6LAXgw +icfHx0GKu/tBk1TCg/zfwaUq0gUxGKC27XTl+QjK8JsUMY33fQ755Xiv9PMytcR0 +cVoyfBVewFffi1UqtMQ48ZpR65G743RxrP4/wcwsfD7n5LJLdyxQkh3gIMTJ8dd/ +R5V4FlueorRgjTbLTjGDxNrCAJ+locezhEEPXsPh2q0KiIXGyz2AMxaOqFmhU8oK +aVVt8pWJ+YsrKIgc/A3s18ezO8uO5ZdtjQ+CWguduUGY7YgWezGLO1LPxhJC4d7b +Q/xpeKveTRlcScAqOUzKgSuEhcvPgj8paUcRUoiXm4qiJBY5sXJks+YGp8BGksH0 +O94no+Ns2G58MlL+RyXk3JWrc6zRAoHBANdPplY2sIuIiiEBu95f1Qar1nCBHhB2 +i+HpnsUOdSlbxwMxoF8ffeN9N+DQqaqPu1RhFa5xbB2EUSujvOnL7b/RWqe1X9Po +UIt5UjXctNP/HYcQDyjXY+rV5SZhHDyv6TBYurNZlvlBivliDz82THPRtqVxed3B +w2MeaSkKAQ8rA7PE+0j3TG+YtIij0mHOhNPJgEZ/XZ9MIQOGMycRJhwOlclBI5NP +Ak6p30ArnU2fX4qMkU3i+wqUfXS1hhDihwKBwQDLaHWPIWPVbWdcCbYQTcUmFC3i +xkxd0UuLcfS9csk61nvdFj7m8tMExX+3fIo/fHEtzDd98Alc1i6/f6ePl0CX6NDu +QIWLryI1QQRQidHCdw0wQ3N3VD4ZXJHDeqBxogVAkA7A/1QeXwcXE/Xj2ZgyDwhL +3+myjmvWtw9zJsXL0F3tpPzn+Mrf0KRkWOaluOw7hMMjVjrgu6g24HMWbHHVLRTx +dlAI7tgxCAPe2SEi+1mzaVUZ8cfgqYqC3X66UakCgcEAopxtK7+yJi/A4pzEnnYS +FS/CjMV3R0fA7aXbW0hIBCxkaW0Zib3m/eCcSxZMjZxwBpIsJctTtBcylprbGlgB +/1TF+tNoxEo4Sp4eEL/XciTC0Da4vEewFrPklM/S26KfovvgRYPsGeP+aco9aahA +pVhFcT36pBiq0DkvgucjValO6n5iqgDboYzbDDdttKCcgLc2Qgf/VUfRxy+bgm3Z +MmdxiMXBcIfDXlW9XmGSNAWhyqnPM9uxbZQoC/Tsg+QRAoHANHMcFSsz9f2+8DGk +27FiC76aUmZ1nJ9yTmO1CwDFOMHDsK+iyqSEmy9eDm8zqsko2flVuciicWjdJw4A +o/sJceJbtYO3q9weAwNf3HCdQPq30OEjrfpwBNQk1fYR1xtDJXHADC4Kf8ZbKq0/ +81/Rad8McZwsQ5mL3xLXDgdKa5KwFa48dIhnr6y6JxHxb3wule5W7w62Ierhpjzc +EEUoWSLFyrmKS7Ni1cnOTbFJZR7Q831Or2Dz/E9bYwFAQ0T5AoHAM4/zU+8rsbdD +FvvhWsj7Ivfh6pxx1Tl1Wccaauea9AJayHht0FOzkycpJrH1E+6F5MzhkFFU1SUY +60NZxzSZgbU0HBrJRcRFyo510iMcnctdTdyh8p7nweGoD0oqXzf6cHqrUep8Y8rQ +gkSVhPE31+NGlPbwz+NOflcaaAWYiDC6wjVt1asaZq292SJD4DF1fAUkbQ2hxgyQ ++G/6y5ovrcGnh7q63RLhW1TRf8dD2D2Av9UgXDmWZAZ5n838FS+X +-----END RSA PRIVATE KEY----- diff --git a/test/docker/host_ca_rsa_3072.pub b/test/docker/host_ca_rsa_3072.pub new file mode 100644 index 0000000..b728ed7 --- /dev/null +++ b/test/docker/host_ca_rsa_3072.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrFAQhuPzDROsFjV8M7zVy6uKNCt0s5SvxWXxcQJZzlAZ3UuQAbzQ2B1wIE++NbFlKZisp6oDvwZR034qDJwTTO2nFhJcodkxogzld73gEH4Ghwf3W93/aIHMZ553WdX/N8B2rYAQdCPVOkgj5r7PbnLG/Y+7BVNPDCj0j/omA2rd68fgdvCCvdJF8QRhlD5gvxw6kG42DVhk5HSTXKTbdmoB33YnJvFniIK063utyPawUfM27VTnjjBYHAgvnJlkpOAGFjh2p9PYSnsjNHkd2x2u9BX2oL3YYzXMMT5TcDCtUqMezRhmrePNyr/K8UMJwwxHPj/SkYUVTbqhaZr6fe9sDEomgv6uEbxAz36XaoWUsayczSRRcAlew8pvKClo/xndTh4qBO4nYa5L14sgWcHuavAPvlXoaA32rmZjz0N+RVKQdqiqljyk91GTP1ACYwS4u0ea/b0JU6l9fm/+uybvABIBmq1SWYW7isUYEvC9ltSVa7TYeaAFPjuDoQh8= jdog@localhost.wonderland.lol diff --git a/test/docker/moduli_1024 b/test/docker/moduli_1024 new file mode 100644 index 0000000..bd81dae --- /dev/null +++ b/test/docker/moduli_1024 @@ -0,0 +1,44 @@ +20190821035337 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08BE313B +20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08C0B443 +20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08D1AF8B +20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08E76DDB +20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08E8F5D3 +20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08EE3F1B +20190821035338 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08F28387 +20190821035339 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08F69A57 +20190821035339 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0903B157 +20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0905C973 +20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0909BCD3 +20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC090F4A2B +20190821035340 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0933BC13 +20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09395757 +20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC093F40D7 +20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09478D4F +20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0953A4D7 +20190821035340 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC095B5C7B +20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09696573 +20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC096BA243 +20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC096F3903 +20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09850E4B +20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC098A1C23 +20190821035341 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC098E08E7 +20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09A4FF7F +20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09AE4707 +20190821035342 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09B4CE73 +20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09C60C6F +20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09D2588F +20190821035343 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A025067 +20190821035343 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A0E38EB +20190821035343 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A213923 +20190821035344 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A390CA7 +20190821035344 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A3C7ADB +20190821035344 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A44D497 +20190821035344 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A479B13 +20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A5EF01F +20190821035345 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A615D43 +20190821035345 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A6BEADB +20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A86309F +20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A991E8F +20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AA32C53 +20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AA9FAAB +20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AAC42BB diff --git a/test/docker/ssh_host_dsa_key b/test/docker/ssh_host_dsa_key new file mode 100644 index 0000000..ecd47f9 --- /dev/null +++ b/test/docker/ssh_host_dsa_key @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBugIBAAKBgQDth1eV+A8j191R0ey0dVXL2LGNGYM+a+PomSa7suK8xNCeVLKC +YpQ6VSWpAf6FbRWev1UVo8IpbglwFZPcyFPK2G1H7p45ows2SN4CleszDD56e6W0 +3Plc+qMqSJ6LTjr4M5+HqTDOM3CS72d7MXUkfHQiagyrWQhXyc0kFsNJLwIVAKg7 +b5+NiIZzpg5IEH0tlYFQpuhBAoGAGcbq79QqNNZRuPCE/F05sCoTRGCmFnDjCuCg +WN7wNRotjMz/S3pHtCCeuTT1jT6Hy0ZFHftv0t/GF8GBRgeokUbS4ytHpOkFWcTz +8oFguDL44nq8eNfSY6bzEl84qsgEe4HP93mB4FR1ZUUgI4b7gCBOYEFl3yPiH7H1 +p7Z9E1oCgYAl1UPQkeRhElz+AgEbNsnMKu1+6O3/z95D1Wvv4OEwAImbytlBaC7p +kwJElJNsMMfGqCC8OHdJ0e4VQQUwk/GOhD0MFhVQHBtVZYbiWmVkpfHf1ouUQg3f +1IZmz2SSt6cPPEu+BEQ/Sn3mFRJ5XSTHLtnI0HJeDND5u1+6p1nXawIURv3Maige +oxmfqC24VoROJEq+sew= +-----END DSA PRIVATE KEY----- diff --git a/test/docker/ssh_host_dsa_key.pub b/test/docker/ssh_host_dsa_key.pub new file mode 100644 index 0000000..a32a5a0 --- /dev/null +++ b/test/docker/ssh_host_dsa_key.pub @@ -0,0 +1 @@ +ssh-dss AAAAB3NzaC1kc3MAAACBAO2HV5X4DyPX3VHR7LR1VcvYsY0Zgz5r4+iZJruy4rzE0J5UsoJilDpVJakB/oVtFZ6/VRWjwiluCXAVk9zIU8rYbUfunjmjCzZI3gKV6zMMPnp7pbTc+Vz6oypInotOOvgzn4epMM4zcJLvZ3sxdSR8dCJqDKtZCFfJzSQWw0kvAAAAFQCoO2+fjYiGc6YOSBB9LZWBUKboQQAAAIAZxurv1Co01lG48IT8XTmwKhNEYKYWcOMK4KBY3vA1Gi2MzP9Leke0IJ65NPWNPofLRkUd+2/S38YXwYFGB6iRRtLjK0ek6QVZxPPygWC4Mvjierx419JjpvMSXziqyAR7gc/3eYHgVHVlRSAjhvuAIE5gQWXfI+IfsfWntn0TWgAAAIAl1UPQkeRhElz+AgEbNsnMKu1+6O3/z95D1Wvv4OEwAImbytlBaC7pkwJElJNsMMfGqCC8OHdJ0e4VQQUwk/GOhD0MFhVQHBtVZYbiWmVkpfHf1ouUQg3f1IZmz2SSt6cPPEu+BEQ/Sn3mFRJ5XSTHLtnI0HJeDND5u1+6p1nXaw== diff --git a/test/docker/ssh_host_ecdsa_key b/test/docker/ssh_host_ecdsa_key new file mode 100644 index 0000000..69eea7b --- /dev/null +++ b/test/docker/ssh_host_ecdsa_key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEICq/YV5QenL0uW5g5tCjY3EWs+UBFmskY+Jjt2vd2aEmoAoGCCqGSM49 +AwEHoUQDQgAEdYSxDVUjOpW479L/nRDiAdxRB5Kuy2bgkP/LA2pnWPcGIWmFa4QU +YN2U3JsFKcLIcx5cvTehQfgrHDnaSKVdKA== +-----END EC PRIVATE KEY----- diff --git a/test/docker/ssh_host_ecdsa_key.pub b/test/docker/ssh_host_ecdsa_key.pub new file mode 100644 index 0000000..4e17058 --- /dev/null +++ b/test/docker/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHWEsQ1VIzqVuO/S/50Q4gHcUQeSrstm4JD/ywNqZ1j3BiFphWuEFGDdlNybBSnCyHMeXL03oUH4Kxw52kilXSg= diff --git a/test/docker/ssh_host_ed25519_key b/test/docker/ssh_host_ed25519_key new file mode 100644 index 0000000..3388574 --- /dev/null +++ b/test/docker/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACC/9RD2Ao95ODDIH8i11ekTALut8AUNqWoQx0jHlP4xygAAAKDiqVOs4qlT +rAAAAAtzc2gtZWQyNTUxOQAAACC/9RD2Ao95ODDIH8i11ekTALut8AUNqWoQx0jHlP4xyg +AAAECTmHGkq0Qea0QqTJYMXL0bpxVU7mhgwYninfVWxrA017/1EPYCj3k4MMgfyLXV6RMA +u63wBQ2pahDHSMeU/jHKAAAAHWpkb2dAbG9jYWxob3N0LndvbmRlcmxhbmQubG9s +-----END OPENSSH PRIVATE KEY----- diff --git a/test/docker/ssh_host_ed25519_key-cert.pub b/test/docker/ssh_host_ed25519_key-cert.pub new file mode 100644 index 0000000..8eef563 --- /dev/null +++ b/test/docker/ssh_host_ed25519_key-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIO1W0I8tD0c4LypvHY1XNch3BQCw9Yy28/4KmAYql80DAAAAIL/1EPYCj3k4MMgfyLXV6RMAu63wBQ2pahDHSMeU/jHKAAAAAAAAAAAAAAACAAAABHRlc3QAAAAIAAAABHRlc3QAAAAAXV7hvAAAAACBa2YhAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQAAAFMAAAALc3NoLWVkMjU1MTkAAABAW60bCSeIG4Ta+57zgkSbW4LIGCxtOuJJ+pP3i3S0xJJfHGnOtXbg0NQm7pulNl/wd01kgJO9A7RjbhTh7TV1AA== ssh_host_ed25519_key.pub diff --git a/test/docker/ssh_host_ed25519_key.pub b/test/docker/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..e56a56a --- /dev/null +++ b/test/docker/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/1EPYCj3k4MMgfyLXV6RMAu63wBQ2pahDHSMeU/jHK diff --git a/test/docker/ssh_host_rsa_key_1024 b/test/docker/ssh_host_rsa_key_1024 new file mode 100644 index 0000000..e9023b6 --- /dev/null +++ b/test/docker/ssh_host_rsa_key_1024 @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ4 +0toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6J +WHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQIDAQAB +AoGATGZ16s5NqDsWJ4B9k3xx/2wZZ+BGzl6a7D0habq97XLn8HGoK6UqTBFk6lnO +WSy0hZBPrNq0AzqCDJY7RrfuZqgVAu/+HEFuXencgt8Z//ueYBaGK8yAC+OrMnDG +LbSoIGRq8saaFtCzt47c+uSVsrhJ4TvK5gbceZuD/2uw10ECQQD79T0j+YWsLISK +PKvYHqEXSMPN6b+lK9hRPLoF9NMksNLSjuxxhkYHz+hJPVNT+wPtRMAYmMdPXfKa +FjuErXVFAkEA4ZgJIOeJ7OHfqGEgd29m36yFy0UaUJ+cmYuJzHAYWgW3TOanqpZm +A8EENuXvH0DtYRVytv4m/cIRVVPxWtXzsQJBALXlQUOEc0VuSi1GScVXr3KQ3JL+ +ipWixqM3VRDRw9D8Ouc5uWbnygz/wrGFLXA2ioozlP7s5Q7eQzOMk2FgnIUCQQCz +j5QUgLcjuVWQbF6vMhisCGImPUaIzcKT5KE1/DMl1E7mAuGJwlRIwKVeHP6L3d4T +3EKGrRzT9lhdlocRSiLBAkEAi3xI0MOZp4xGviPc1C1TKuqdJSr8fHwbtLozwNQO +nnF6m5S72JzZEThDBZS9zcdBp9EFpTvUGzx/O0GI454eoA== +-----END RSA PRIVATE KEY----- diff --git a/test/docker/ssh_host_rsa_key_1024-cert_1024.pub b/test/docker/ssh_host_rsa_key_1024-cert_1024.pub new file mode 100644 index 0000000..17c7738 --- /dev/null +++ b/test/docker/ssh_host_rsa_key_1024-cert_1024.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgFqxXSa9HTqCw5YW3DdIwVREPGxI+i56w32RnHWRg0NoAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQAAAAAAAAAAAAAAAgAAAAR0ZXN0AAAACAAAAAR0ZXN0AAAAAF1evHgAAAAAgWtAtQAAAAAAAAAAAAAAAAAAAJcAAAAHc3NoLXJzYQAAAAMBAAEAAACBAOdGU3cAWdR7aUV/lcb1SFcuv/086u41MVsy3TOuM5RKOYBLuFLqkO/lUROhPoNpHURBRhqpIykdjNmG4Irna+vJ06blcVsnvvXav0zJlBSGhVnHxK50EfNUMhU7eNwwxYiWt9YEydRpQcSqmbLzxjuAoNrZNbEmDX6GDnUqoetRAAAAjwAAAAdzc2gtcnNhAAAAgFRc2g0eWXGmqSa6Z8rcMPHf4rNMornEHSnTzZ8Rdh4YBhDa9xMRRy6puaWPDzXxOfZh7eSjCwrzUMEXTgCIO4oX62xm/6kUnAmKhXle0+inR/hdPg03daE0SBJ4spBT49lJ4WIW38RKFNzjmYg70rTPAnP8oM/F3CC1GV117/Vv ssh_host_rsa_key_1024.pub diff --git a/test/docker/ssh_host_rsa_key_1024-cert_3072.pub b/test/docker/ssh_host_rsa_key_1024-cert_3072.pub new file mode 100644 index 0000000..ea0160a --- /dev/null +++ b/test/docker/ssh_host_rsa_key_1024-cert_3072.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgrJGcfyW8V6VWGT7lD1ardj2RtTP8TOjmLRNbuoGkyZQAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQAAAAAAAAAAAAAAAgAAAAR0ZXN0AAAACAAAAAR0ZXN0AAAAAF1evHgAAAAAgWtA7gAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAKsUBCG4/MNE6wWNXwzvNXLq4o0K3SzlK/FZfFxAlnOUBndS5ABvNDYHXAgT741sWUpmKynqgO/BlHTfioMnBNM7acWElyh2TGiDOV3veAQfgaHB/db3f9ogcxnnndZ1f83wHatgBB0I9U6SCPmvs9ucsb9j7sFU08MKPSP+iYDat3rx+B28IK90kXxBGGUPmC/HDqQbjYNWGTkdJNcpNt2agHfdicm8WeIgrTre63I9rBR8zbtVOeOMFgcCC+cmWSk4AYWOHan09hKeyM0eR3bHa70FfagvdhjNcwxPlNwMK1Sox7NGGat483Kv8rxQwnDDEc+P9KRhRVNuqFpmvp972wMSiaC/q4RvEDPfpdqhZSxrJzNJFFwCV7Dym8oKWj/Gd1OHioE7idhrkvXiyBZwe5q8A++VehoDfauZmPPQ35FUpB2qKqWPKT3UZM/UAJjBLi7R5r9vQlTqX1+b/67Ju8AEgGarVJZhbuKxRgS8L2W1JVrtNh5oAU+O4OhCHwAAAY8AAAAHc3NoLXJzYQAAAYCO78ONpHp+EGWDqDLb/GPFDH32o6oaRRrIH/Bhvg1FOi5XngnHTdU7xWdnJqNE2Sl6VOrg0sTCMYcX9fZ8tVREnCo3aF7Iwow5Br67QYKayRzHANQqHaVK46lpI1gz81V00u54tX1F8oEUqm6sRmFKFuklt6CjfbR+tnpj7DrfeOTKEBOGJP2uU0jMsJr2DrBeXrzONjIJtIJ1AxWjXd2LeIWO2C6yTkcN5ggThMMaeu6QuuBPpC2PN2COfu+Mgto9g103+/SS4Wa8CzinZZn2Xe1isUxI8QRNrShy4Hl/bIZQL7mi/0rxkfw+fA7IzMk462V99gPVSp+/jK0sbUJoC3QeeglS5hWodjW+VGZfgweGQ+AE/OxkNSv+kDPMYEkjfOf4qhxS5QFvButLt6zp2UNbE5+OWvYpdjO9/DOa0ro+wCw07+dVKIcDpU2csiCcJvQ/HmKAmhch7jOHa0WaxSX0tt0xTPJWTvr6E4WZOgEnk9AvWmrKjF5tEzGYwTU= ssh_host_rsa_key_1024.pub diff --git a/test/docker/ssh_host_rsa_key_1024.pub b/test/docker/ssh_host_rsa_key_1024.pub new file mode 100644 index 0000000..1da6065 --- /dev/null +++ b/test/docker/ssh_host_rsa_key_1024.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQ== diff --git a/test/docker/ssh_host_rsa_key_3072 b/test/docker/ssh_host_rsa_key_3072 new file mode 100644 index 0000000..3a2c719 --- /dev/null +++ b/test/docker/ssh_host_rsa_key_3072 @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAzhHp7eFnrQAJqOd7aihyQyIDKgxCF7H51Q3Ft3+8af+lX3Ol +Ie77Gi5GNNM+eRB4OzG+CBslxN5I3pM//sZ+gyylA1VuWZZkOlgtbOHutIkO2ldk +XtoGidla0VAxLcUcUK6cCmqwBTT31Hp4Qimp2zyeg/l5q0DhWKguY13lrm5b3YZY +rj7CW3Ktzxf8SbYz6du8KF0dHCWilzq+FLeGzXr7Yul5njVF5njkGvZ9duQ0qiVR +zqZkrkLEWgQlCM0T+PyUbvedL1MfDZPHGh7ZhU0snOvJRsxAr31tlknq+WwauZYd +DzJf1g1URcM65UwEsPlfgOW3ZoZogR1v57Im+KdsKhq2B3snEtJgdQh06JyO0ur4 +uUXo1mMtvBFhiptUtwP4g9v/IN4neeK+wBRom46m2Q1bMUBPneBOa8r2SY/3ynrz +XuVIWFOQtF60aJ+BNqvgUVCKOmz1KzoJwTqGm+EFaKM5z+UQWjIbSE3Ge4X5hXtk +Ou52v+tyDUk6boZLAgMBAAECggGAdrhxWmA7N7tG1W2Pd6iXs7+brRTk2vvpYGqP +11kbNsJXBzf8EiG5vuqb/gEaA+uOKSRORCNHzjT2LG0POHwpFO+aneIRMkHnuolk +mk9ME+zGhtpEdDUOAUsc/GxD+QePeZgvQ/0VLdrHUT3BnPSd7DXvaT9IbnZxnX8/ +QnYtRiJEgMrOuoxjswXNxvsdmWYEYJ38uBB1Hes80f3A1vSpECbjP6gdLh2pCM/r +MvGBdQaipMfdar4IUTEcKHQs1fY3mlAxnWRjYCqJPmq10d3NrdUrHb2zBE1HCC4h +aj2ycTxFhDJqGV6Y2AboHqh2c7lPJ+R2UjI9mIpALZSviHB1POcpWCAGA3NKjri9 +8jgxl3bj03ikJNfCuvlqRTa8at63W2zZTMRsxamoiO023uUOEMNBPwWXP/rVhQ8g +ufih0SY44j0EMPIuu2PoQV4ZSOtDw8xdPrchVCa078/pP5cRa4uV0bl2K4as+cYC +BhjEq2Org3ulDW2n6Mz5ZS7NbAkxAoHBAP/bgPGKX7rfrHa5MRHIgbLSmZtUoF51 +YGelc8ytRx6UT6wriJ1jQRXiI5mZlIXyVxMpIz9s4+h59kF+LpZuNLc3vTYpPOQn +RUDBVY6+SPC5MancL7bfBoHahpWEJuJB/WUE7eWvQM03/LsBtU6Nq+R632t5KdqF +A4y86qgD1vIjcBWvySLFJZGOCoNbj7ZinoBUO3ueYK6SUj8xH6TAqOJsTPvquRT3 +AFBpFBmrVc24wW7wTiLkQOhkIQs1J/ZhYwKBwQDOL07qF8wsoQBBTTXkZ59BCauz +R8kfqe5oUBwsmGJdiIHX6gutBA07sSwzVekIvCCkJFXk3TxLoBSMHEZEIdnS+HVt +gMIacYuhbh+XztdY0kadH/SMbVQD/2LZcL99vcZPq1QF3cHb0Buip5+fyAYjoEc7 +oVgvewD/TwdNcMjos/kMNh6l04kLi6vQG3WhoSBPWaoB669ppBNXSrWKe43nXVi6 +EvjGEiL+HCCnmD6LiD6p797Owu9AChP6fXInD/kCgcEAiLP3SRbt3yLzOtvn4+CF +q83qVJv6s31zbO1x2cIbZbNIfm0kKTOG6vJQoxjzyj2ZWJt6QcEkZGoFsSiCK83m +TJ5zciTGbACvd9HUrNfukO/iISeMNuEi0O65Sdm6DNnFUdw4X6grr3pihmh7PuVj +GkisZvft7Nt08hVeKzch+W4FzRCHHxTG5eZGp7icKI64sUhQH9SXQ67aUvkkNxrZ +IWFMIK1hBlqSyGPcYXqx9aDpeSTcGrhqFcCqBxr3pySRAoHAfJNO3delEC3yxoHN +FwSYzyX1rOuplE0K89G7RCKKBDNPKFKL3Wx+Rluk9htpIlLwcdxWXWJiZNsCrykC +N3YwcuyVnqTWIj4KfG3Z/tIFgPADpDnDevkvcv7iDbi2qlV4NXix2p2C3LnfiKY4 +psSnGO1lPJ0eeAmcr6VjJyIG8bqTthIY8F5gBi7Mj3+X0iFVMTxeoKxzHqP435wP +Fe3S7kCTNFH0J1Cb/eamwDwXRhz6p5h7iXd0MMAmFAmpZ/qZAoHBAPDSIvk2ocf1 +FVW8pKtKOJFIs8iQVIaOLKwPJVP8/JsB1+7mQx5KMoROb5pNpX2edN4vvG0CgqpJ +KekleqpH6nQCqYGFZ1BDhORElNILxeJHcNl0eAG++IJ2PfIpTZV30edDqMm0x7EI +8POZWAx809VzcYbE2jsgpN/EuiaG30EAI5yNvyzmZRCyQykH+eltHlCx17MWBxRQ +bb2UUfpdInTMS2vyrvkeUACkC1DGYdBVVBqqPTkHZg+Kcbs8ntQqEQ== +-----END RSA PRIVATE KEY----- diff --git a/test/docker/ssh_host_rsa_key_3072-cert_1024.pub b/test/docker/ssh_host_rsa_key_3072-cert_1024.pub new file mode 100644 index 0000000..da6b9ec --- /dev/null +++ b/test/docker/ssh_host_rsa_key_3072-cert_1024.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgGHz1JwF/1IcxW3pdQtpqbUjIHaFuk0cR/+l50vG+9hIAAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhksAAAAAAAAAAAAAAAIAAAAEdGVzdAAAAAgAAAAEdGVzdAAAAABdXry0AAAAAIFrQR8AAAAAAAAAAAAAAAAAAACXAAAAB3NzaC1yc2EAAAADAQABAAAAgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8SudBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQAAAI8AAAAHc3NoLXJzYQAAAIB4HaEexgQ9T6rScEbiHZx+suCaYXI7ywLYyoSEO48K8o+MmO83UTLtpPa3DXlT8hSYL8Aq6Bb5AMkDawsgsC484owPqObT/5ndLG/fctNBFcCTSL0ftte+A8xH0pZaGRoKbdxxgMqX4ubrCXpbMLGF9aAeh7MRa756XzqGlsCiSA== ssh_host_rsa_key_3072.pub diff --git a/test/docker/ssh_host_rsa_key_3072-cert_3072.pub b/test/docker/ssh_host_rsa_key_3072-cert_3072.pub new file mode 100644 index 0000000..78f49ea --- /dev/null +++ b/test/docker/ssh_host_rsa_key_3072-cert_3072.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg9MVX4OlkEy3p9eC+JJp8h7j76EmI46EY/RXxCGSWTC0AAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhksAAAAAAAAAAAAAAAIAAAAEdGVzdAAAAAgAAAAEdGVzdAAAAABdXr0sAAAAAIFrQWwAAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCrFAQhuPzDROsFjV8M7zVy6uKNCt0s5SvxWXxcQJZzlAZ3UuQAbzQ2B1wIE++NbFlKZisp6oDvwZR034qDJwTTO2nFhJcodkxogzld73gEH4Ghwf3W93/aIHMZ553WdX/N8B2rYAQdCPVOkgj5r7PbnLG/Y+7BVNPDCj0j/omA2rd68fgdvCCvdJF8QRhlD5gvxw6kG42DVhk5HSTXKTbdmoB33YnJvFniIK063utyPawUfM27VTnjjBYHAgvnJlkpOAGFjh2p9PYSnsjNHkd2x2u9BX2oL3YYzXMMT5TcDCtUqMezRhmrePNyr/K8UMJwwxHPj/SkYUVTbqhaZr6fe9sDEomgv6uEbxAz36XaoWUsayczSRRcAlew8pvKClo/xndTh4qBO4nYa5L14sgWcHuavAPvlXoaA32rmZjz0N+RVKQdqiqljyk91GTP1ACYwS4u0ea/b0JU6l9fm/+uybvABIBmq1SWYW7isUYEvC9ltSVa7TYeaAFPjuDoQh8AAAGPAAAAB3NzaC1yc2EAAAGAG8tCiBMSq3Of3Gmcrid2IfPmaaemYivgEEuK8ubq1rznF0vtR07/NUQ7WVzfJhUSeG0gtJ3A1ey60NjcBn0DHao4Q3ATIXnkSOIKjNolZ2urqYv9fT1LAC4I5XWGzK2aKK0NEqAYr06YPtcGOBQk5+3GPAWSJ4eQycKRz5BSuMYbKaVxU0kGSvbavG07ZntMQhia/lILyq84PjXh/JlRVpIqY+LAS0qwqkUR3gWMTmvYvYI7fXU84ReVB1ut75bY7Xx0DXHPl1Zc2MNDLGcKsByZtoO9ueZRyOlZMUJcVP5fK+OUuZKjMbCaaJnV55BQ78/rftIPYsTEEO2Sf9WT86ADa3k4S0pyWqlTxBzZcDWNt+fZFNm9wcqcYS32nDKtfixcDN8E/IJIWY7aoabPqoYnKUVQBOcIEnZf1HqsKUVmF44Dp9mKhefUs3BtcdK63j/lNXzzMrPwZQAreJqH/uV3TgYBLjMPl++ctX6tCe6Hv5zFKNhnOCSBSzcsCgIU ssh_host_rsa_key_3072.pub diff --git a/test/docker/ssh_host_rsa_key_3072.pub b/test/docker/ssh_host_rsa_key_3072.pub new file mode 100644 index 0000000..ad83cd1 --- /dev/null +++ b/test/docker/ssh_host_rsa_key_3072.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhks=