diff --git a/build.gradle b/build.gradle index 5374361d4..5766468c9 100644 --- a/build.gradle +++ b/build.gradle @@ -276,6 +276,15 @@ task startItestContainer(type: DockerStartContainer) { targetContainerId createItestContainer.getContainerId() } +task logItestContainer(type: DockerLogsContainer) { + dependsOn createItestContainer + targetContainerId createItestContainer.getContainerId() + showTimestamps = true + stdErr = true + stdOut = true + tailAll = true +} + task stopItestContainer(type: DockerStopContainer) { targetContainerId createItestContainer.getContainerId() } @@ -288,6 +297,9 @@ task forkedUploadRelease(type: GradleBuild) { project.tasks.integrationTest.dependsOn(startItestContainer) project.tasks.integrationTest.finalizedBy(stopItestContainer) +// Being enabled, it pollutes logs on CI. Uncomment when debugging some test to get sshd logs. +// project.tasks.stopItestContainer.dependsOn(logItestContainer) + project.tasks.release.dependsOn([project.tasks.integrationTest, project.tasks.build]) project.tasks.release.finalizedBy(project.tasks.forkedUploadRelease) project.tasks.jacocoTestReport.dependsOn(project.tasks.test) diff --git a/src/itest/docker-image/Dockerfile b/src/itest/docker-image/Dockerfile index ca6b7e69a..56a6414b7 100644 --- a/src/itest/docker-image/Dockerfile +++ b/src/itest/docker-image/Dockerfile @@ -8,17 +8,17 @@ ADD test-container/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key ADD test-container/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_ed25519_key.pub ADD test-container/sshd_config /etc/ssh/sshd_config COPY test-container/trusted_ca_keys /etc/ssh/trusted_ca_keys +COPY test-container/host_keys/* /etc/ssh/ RUN apk add --no-cache tini RUN \ echo "root:smile" | chpasswd && \ adduser -D -s /bin/ash sshj && \ passwd -u sshj && \ + echo "sshj:ultrapassword" | chpasswd && \ chmod 600 /home/sshj/.ssh/authorized_keys && \ - chmod 600 /etc/ssh/ssh_host_ecdsa_key && \ - chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub && \ - chmod 600 /etc/ssh/ssh_host_ed25519_key && \ - chmod 644 /etc/ssh/ssh_host_ed25519_key.pub && \ + chmod 600 /etc/ssh/ssh_host_*_key && \ + chmod 644 /etc/ssh/*.pub && \ chown -R sshj:sshj /home/sshj ENTRYPOINT ["/sbin/tini", "/entrypoint.sh", "-o", "LogLevel=DEBUG2"] \ No newline at end of file diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key new file mode 100644 index 000000000..89a071e9d --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key @@ -0,0 +1,9 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS +1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQR1fMdT7FYIpIo+4hhd5oOgHk6uW79B +HVscKp83yPhFylnG4NtpF7anAWTcpl5aB9eJVWTCP5KVvlVLVkxUSRDwAAAAwITPM06Ezz +NOAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7i +GF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEP +AAAAAhAP21AnkkpifUJgiBSYk7YhOfcwC4VfMB3n+BBln73VnmAAAAImlkX2VjZHNhXzI1 +Nl9yZmM0NzE2X3NpZ25lZF9ieV9yc2EBAgMEBQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key-cert.pub b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key-cert.pub new file mode 100644 index 000000000..059054eb3 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQgbM6lYD+Yx1aendIKHYuKthkIN0WhvPdMA0DbC/QmEAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgAOa69XTj4yOPjKtN5Few84Y2qj4p/4RK9yiAjWWxbMQv+dlLzEH/wtj6p1SeDJozFssVfyH2ODFGY9Dct3K4SbLA1b8LfM6vaf1bUxdQz7njsQ40KpcJu662hMOkj9AKTQgpVUVgJJOQuLrIbyfjKClaqt2W6ziH2eLn7wPsZ6HGhQMALQVmebzgFepnwCve9wgX1HNOfuAYYVQwFXddi/xQ4BIVmsH6E3DcUUzjtZZaG063CddPYOW2Ea1efWqHu20FRWqsMnwbL6Hr9JkjKv/Iub8mgLMP1bhbMEblb+tQ+y9RRvPwjT89tKljc7hXvBxpHA4c4ZlnTidsjqPHVeARCt5LV4lES7HWEZ+kFIkGndNLYXOUnxgk6iSLLHVVZUCZPbUiZbSJdoj7r7LGiz4KA7mnqQQGU2jWxSI2drD5T6SW0TFspzjX4dPnJyzFpe02Fl+NvblUUHsnPTHdsRexHRNfqkQhKIO4i8AM8U02nU/uBmXFPb9ANbLcq+Npw== id_ecdsa_256_rfc4716_signed_by_rsa diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key.pub b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key.pub new file mode 100644 index 000000000..cdad45cdc --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPA= id_ecdsa_256_rfc4716_signed_by_rsa diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key new file mode 100644 index 000000000..916131ef9 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key @@ -0,0 +1,11 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS +1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQQ00XynBzgyJLB+1SDf2elIDYt7Lz6g +Y3dzdqKmYe5L6jzUShmV1UjiE9gCl7i47aRWHSZ3VwiZ0jsT2ekL+ctScSn+NGgw/6BgFr +c3zIkJoYWYzpg2D3mKUkNDMnJWgisAAADw6GCqcuhgqnIAAAATZWNkc2Etc2hhMi1uaXN0 +cDM4NAAAAAhuaXN0cDM4NAAAAGEENNF8pwc4MiSwftUg39npSA2Ley8+oGN3c3aipmHuS+ +o81EoZldVI4hPYApe4uO2kVh0md1cImdI7E9npC/nLUnEp/jRoMP+gYBa3N8yJCaGFmM6Y +Ng95ilJDQzJyVoIrAAAAMQDwyD4C4DbK9DVDOovHqCt/f2TKaho1F4wouIIa4ZTph+9cSp +PUhlSNXKDRD7pOUdIAAAAiaWRfZWNkc2FfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQEC +AwQF +-----END OPENSSH PRIVATE KEY----- diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key-cert.pub b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key-cert.pub new file mode 100644 index 000000000..146f5f843 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2byoaIudWiOZaNJMfyOHNw5tOy8lWAADbp/rNkJ7krwAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKwAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAV3uUrbSScu722FmIUG1FEtd7X+y58XlZyBZMDkI2G8RL0bZtALg8kfAUqRs17XS8MEIsG2STDGvDoKpPlGrupTGAwjnpTrDsgr/WaXUn/21Tyv6h4npcPxX5h5OU24UdZRXUGMRqwRXn4d6c44I6lAXkFGEHV20da+2sKR02QOIEfYik7kYgUzkVE5QPr0YN2hWCNxPNahgPow2RvPDHKL0PBS2CASeIo9pZ6OECdsCX92+BXN+e8oPO+BTp2mwzaepFPiSO6pIdTOnhFHwiY7mG7Y+Xw3nCYJl9cILzeuuUeEw3elRMYtnIoUye/IZaZw6GNBObb59seFOaf8Hm7NV6F7L/RNUG7aESB2n6KKggbPci8xuCulfgi/XBxjsXd/affASOUcn3X6IIUwJDqwMBkhmagvYVoLX1gMoHBW0aLZDQEXigV0WW8v1oMsEp6Sl9Y0kRs9vPBr/8LX9vDaPKmNxOBV8uOnicDb9HZicyLkVQyPFobHOvYt/gfEUM id_ecdsa_384_rfc4716_signed_by_rsa diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key.pub b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key.pub new file mode 100644 index 000000000..fcd35bc58 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKw== id_ecdsa_384_rfc4716_signed_by_rsa diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key new file mode 100644 index 000000000..99853e679 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key @@ -0,0 +1,12 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS +1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBkA3IU8ml4HuqnsOYb2H89fRKo0Wx +nFnke8J5olJ0eyaoAv/0fSZDiOeF5j/K6VGeCa45edqJZCNCwda0vzQaZH8AYUnwojVGH1 +pchzLm1U9C3WlF0wP/c141GiNVmkKAQDN7J4KKxchhByMKVPLUzHv181OvItrLR3ECuhGT +a8xpJRYAAAEgetmfwXrZn8EAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ +AAAIUEAZANyFPJpeB7qp7DmG9h/PX0SqNFsZxZ5HvCeaJSdHsmqAL/9H0mQ4jnheY/yulR +ngmuOXnaiWQjQsHWtL80GmR/AGFJ8KI1Rh9aXIcy5tVPQt1pRdMD/3NeNRojVZpCgEAzey +eCisXIYQcjClTy1Mx79fNTryLay0dxAroRk2vMaSUWAAAAQWe6t//lZtwKOHz9KOFcSfpO +DPQTu+PyzryWrwG99r6IoEqXahhK6FjTJ7U0/Ep9zVeeiLpRVlKe15pcN6U3dp9uAAAAIm +lkX2VjZHNhXzUyMV9yZmM0NzE2X3NpZ25lZF9ieV9yc2EB +-----END OPENSSH PRIVATE KEY----- diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key-cert.pub b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key-cert.pub new file mode 100644 index 000000000..77af154fe --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAghRVKHO1c4TGUTQt6NcV1mXd4HCBJLlkJZtPmVp0EQjUAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFgAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAmpwzeo95ahCTQuLfdsHSlWhNlBVUsEze9ogzqhnh1unL0uDztGbEwZ3+2vAQI9wRlIBJhg+FFIOc6KW6Hi9zHZaU/ipmrtDwoMfaRrL6ZgP+COvCxPMiTuJPt8Er2OsRnarc7iM1RnhFz3jVTGhkTG8W9yvN6Pr7SeJ9DokrRMfuDBosLE7i22pLWWBeDmSHz0dh6VGUhTnEK/9RzRnPQmByRQJ+Xfv4He7QE1IWIufG6zYKi42XiCpC2DKCxI0yapKvqVWkR1snc/0ykMUESsAgyzZoYqzxUCSmTzfT/DCb1WRswFVlLb+uccpo6ioi62CCNvC88WDsXhSO4VYsUno33KL9MopvbO1Gg5IncJP+a2wbP3fFQpefx0D828DovGKNSDxGmzXE2HoEQSsW9EsrBOEBZffHRIgLx+yuR9Er67RrIzUZclUlGZaLf/PWf2JSNwuIhxCShwPu1d3I2VYx5Lcn5MXk/IpHP8xLXH/g8/Mm+NhO4blVFAOwYaox id_ecdsa_521_rfc4716_signed_by_rsa diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key.pub b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key.pub new file mode 100644 index 000000000..98fb22666 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFg== id_ecdsa_521_rfc4716_signed_by_rsa diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key b/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key new file mode 100644 index 000000000..3244590e6 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAz/M/Awfg01fL5pK7PsOmk8sdM98WFXv/7ycMEsMu8EgAAAKilREz2pURM +9gAAAAtzc2gtZWQyNTUxOQAAACAz/M/Awfg01fL5pK7PsOmk8sdM98WFXv/7ycMEsMu8Eg +AAAEB9mj+1Z9CnxalesmwJiPa7051sjjnXKR00aQ59jCX0GTP8z8DB+DTV8vmkrs+w6aTy +x0z3xYVe//vJwwSwy7wSAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3 +JzYQE= +-----END OPENSSH PRIVATE KEY----- diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key-cert.pub b/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key-cert.pub new file mode 100644 index 000000000..86cee24b0 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJPdoRzLgA3gyn+/e94rnl7IvN7PxvEeV0JTITLah2ipAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJob5TylOxmfFX5qH3iE53+zgXp3JbuxcRG9aYx/5GFiWx2yCku1/2lN/KgW2AOb31iS22LXlhCUtZBmbHiYI9aftZAyBcHGYcHvMCDHH66q+bVLlmRlNW+JjWLM46ythgRT+1dKGWAarZSwAC8hYxlV07pvt7EXFmzy4Kv0C/FL8d78P3nrRsmDTYBwrhQy1s5gwOeZlLyomPtSL7kfdxBXum8v4lG+ddtcL82iGdp2gNyonrjyaDZcdXD1FoBDlqM+lvWGO1n4ikts7JG3jcgK3QRdYOVmPnsCzEHaiTm9APuhf72+B5RXybbQcyHTA49+TptavkoxVaMqzdvIunfEYVf1S5zCHgysOkqGLOEVyMSxZk3pORajr2kdyc02Q4Plrb8B6G0rbixJRCJouS6I8J4W/Orypa2ge/un3U1JYaBeA18va7hwHoG/0zsdswETyIB+nrj59YM6Zm4zzC7Sm0SBNXFN0m2f6SDj6CDTnmj13aejQLUzED4e2Bm6Qw== id_ed25519_384_rfc4716_signed_by_rsa diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key.pub b/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key.pub new file mode 100644 index 000000000..4c60639e7 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wS id_ed25519_384_rfc4716_signed_by_rsa diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key b/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key new file mode 100644 index 000000000..52c408770 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key @@ -0,0 +1,27 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEA1iHGJi0EhM4vSCe40N3670OWx6tsA28P7Rpqgl9VdYtorneByT6U +3o7nSIK7MCGXD9XFCPDbQPnCpjIOQaq9f7wzaj7vEzN3iPEsUohfGIhBnZUZqtHdPSMhqE +JwxuIqRAlSjy8XnBNK6EjgpZGyXL5NijjR9dp/jYgOCMMmJB585BWhYQt7P5qceFjz6AqH +WKnBbajorFjiJQR9LVhi9nBCC1I02e8aWqS05JR51J8J1+lECJEiKBbzD0dhAd0CPsGlux +BtwVGZF13+xzc9/NZLUUb4wJxWM0R8flmIochK+yqPgCmr7rjA3yyEPXtQrvTQ46Jjt/u6 +uKyLbdiZ2QAAA9i320dZt9tHWQAAAAdzc2gtcnNhAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5 +bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8T +M3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA +4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnU +nwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko ++AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAwEAAQAAAQEAkd0x4GF8GYdmV+2P +DOCZhhDxjhQsoO4v2CDNev+79DVB2s7XnyG9QRnxXMiJAJFxGL1S2fNQN6OrP5ELexn2ui +OWloJGUzsU6zj2K0ZwGQMAR3sAoAcTgQkEbVzM+/2mMvByx8yZdZ0CwtaaCM8Fw/1yTnzE +MYhkqSGMBdYBjknjZ8pPMYNVucncmdYibPU5VRRhWSSXlee6oZRgWrcW8VGlFtQU/RHt1a +LUPrSk/3e1Iqk75AWaFVVwnTnz8pPBpQXboiN22gZ8fvPYO9wphPmuXPapGFUt5NHBgMOv +Yr2+uzeSYg79VKhRv6YEM3aeW8kkjdZ7r4uP8EFnimUDAQAAAIEAsIsTx8nO65tEJbCEmM +/bFXHRmMSnVyQWQgyPXTvbWyI1Uk0YyaFOnsFCuXwfM/3fupvFyKTC4rdeJYl9HiVbZAm3 +puI+GIRPOdKMWdh+e802KdeGXPsc+LU0tw5zwaRKH46QtmKEu1UICmUEsDFQxYfSlL8zhc +/OrNwPUZTRtrYAAACBAOsPC4PtdyItaHVYbSlgp++foTm4adby3lYQOh4VDanY4H95ct/P +4Qa9BklZmkN5HoaPBnOCV66+RzW42qSbincRSdsYXP6t5fnnQwp9+tqCQaPuHVIGuW9MI9 +qO1hwOl1HnvYFvOEvdvA+Os3as5DyZO5AP5Eta6cwjMwKDTB/hAAAAgQDpNXQL3vJvsUgP +yZjhxodGGoT7HvLVClrICEuVrJj/10t5AabWjh5G3FILZyTU+zNTGLn+emocuKf+sbrlAe +6sImXPfKKx/kgSR7knPlUi0TEOow4XbIif0cfGxqkamANe1Sv7xReR2rIqkWqEZsDNhtZR +oQQY9bNehpqAweCY+QAAACFpZF9yc2FfMjA0OF9yZmM0NzE2X3NpZ25lZF9ieV9yc2E= +-----END OPENSSH PRIVATE KEY----- diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key-cert.pub b/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key-cert.pub new file mode 100644 index 000000000..0e04e61e1 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key-cert.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgKsWt/s6Kl/ti8EuWBhg0TdS/kEUWRzsogWz5M1CVjtoAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAAAAAAAAAAACAAAAIWlkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJSHsEN9ccb4C/wrw0Lq22tZ/tLdjXxHKa1xBZZf81z7POZy8njEDN9bXHQalpLzgR12HDnkbBhk0tBrH8JDEmddOiMZrjD5GUzsK5Y3X6H/MTZrPYSqeO7ikmffxRI4A0BjYBmGk5ClntKzs3VhbhnlwBzTbvl+lwGVnP2EJmmP6/xjB0V3udYOQMbRd9Q2ORIZWF0VSexhjVVSdEwDlDdHWubFJwpHGDXKWeijGxSYXbZGwCGhqU04DYIx7HEIm0sulIX9GxjAm16y8QvrSjKCmfOkvg6T/TVVStYGkU2BGGhXyCfCA3gecdxI8mijuLsuBnkr0rVlDg00FLOAduLzsQq7gSC0/xit4OlJO7MoNUSnC9NjNSLjPy7DzW0bwfkmvfuTpKhDmO0lNbr+6if3+Q8pXZV+q1bRFMO9AsSO52gXA/IXGZC3u5JCL56hqb03sQPn/K9ZWmiRzwJYWTpgIgycGwR1ZIYFvtqKJqtVoGaZfCIQD/I4i01qqHxVAg== id_rsa_2048_rfc4716_signed_by_rsa diff --git a/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key.pub b/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key.pub new file mode 100644 index 000000000..ded916710 --- /dev/null +++ b/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZ id_rsa_2048_rfc4716_signed_by_rsa diff --git a/src/itest/docker-image/test-container/sshd_config b/src/itest/docker-image/test-container/sshd_config index 133e85a34..5e2b3efd4 100644 --- a/src/itest/docker-image/test-container/sshd_config +++ b/src/itest/docker-image/test-container/sshd_config @@ -133,4 +133,26 @@ macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh. TrustedUserCAKeys /etc/ssh/trusted_ca_keys -Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com \ No newline at end of file +Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key + +HostKey /etc/ssh/ssh_host_ecdsa_256_key +HostCertificate /etc/ssh/ssh_host_ecdsa_256_key-cert.pub + +HostKey /etc/ssh/ssh_host_ecdsa_384_key +HostCertificate /etc/ssh/ssh_host_ecdsa_384_key-cert.pub + +HostKey /etc/ssh/ssh_host_ecdsa_521_key +HostCertificate /etc/ssh/ssh_host_ecdsa_521_key-cert.pub + +HostKey /etc/ssh/ssh_host_ed25519_384_key +HostCertificate /etc/ssh/ssh_host_ed25519_384_key-cert.pub + +HostKey /etc/ssh/ssh_host_rsa_2048_key +HostCertificate /etc/ssh/ssh_host_rsa_2048_key-cert.pub + +LogLevel DEBUG2 \ No newline at end of file diff --git a/src/itest/generate.sh b/src/itest/generate.sh index d2452a5b0..1cc38ad03 100644 --- a/src/itest/generate.sh +++ b/src/itest/generate.sh @@ -1,5 +1,10 @@ #!/usr/bin/env bash -# Don't call it frequently. It's rather a documentation how everything is generated. +# This script is intended for generating SSH keys required for unit and integration tests. If you intend to add a new +# key to the tests, please write its generation command there. +# +# All generation commands should generate only files that does not exist. If some key is already generated, the script +# should not overwrite the key. + set -e -o pipefail cd "${BASH_SOURCES[0]}" @@ -13,6 +18,22 @@ function generate() { fi } +function generate_cert() { + local private_key + local suffix + local cert + private_key="$1" + suffix="$2" + shift 2 + cert="$private_key$suffix-cert.pub" + if [[ ! -f "$cert" ]]; then + cp "$private_key" "$private_key$suffix" + cp "$private_key.pub" "$private_key$suffix.pub" + generate "$cert" "$@" "$private_key$suffix.pub" + rm -f "$private_key$suffix" "$private_key$suffix.pub" + fi +} + generate resources/users_rsa_ca -t rsa -N '' if [[ -f resources/users_rsa_ca.pub ]]; then mv resources/users_rsa_ca.pub docker-image/test-container @@ -41,6 +62,41 @@ for ca_algo in ecdsa rsa ed25519; do user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_${ca_algo}" generate "$user_key" -N '' -t "$key_algo" -b "$bits" -m "$format" -C "$(basename "$user_key")" generate "${user_key}-cert.pub" -s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -n sshj "${user_key}.pub" + + # These certificates are to be used as host certificates of sshd. + generate_cert "$user_key" _host \ + -s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -h -n 127.0.0.1 done done done + +mkdir -p docker-image/test-container/host_keys + +for key_algo_pair in "${key_algo_pairs[@]}"; do + key_algo="${key_algo_pair/_*/}" + bits="${key_algo_pair/*_/}" + + user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_rsa" + host_key="docker-image/test-container/host_keys/ssh_host_${key_algo_pair}_key" + if [[ ! -f "$host_key" ]]; then + cp -p "$user_key" "$host_key" + cp -p "${user_key}.pub" "${host_key}.pub" + cp -p "${user_key}_host-cert.pub" "${host_key}-cert.pub" + fi +done + +( + cd resources/keyfiles/certificates + + generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_valid_before_past \ + -s "CA_rsa.pem" -I valid_before_past -h -n 127.0.0.1 -V 'always:20210101000000' + + generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_valid_after_future \ + -s "CA_rsa.pem" -I valid_after_future -h -n 127.0.0.1 -V '20990101000000:forever' + + generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_no_principal \ + -s "CA_rsa.pem" -I no_principal -h + + generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_principal_wildcard_example_com \ + -s "CA_rsa.pem" -I principal_wildcard_example_com -h -n '*.example.com' +) diff --git a/src/itest/groovy/com/hierynomus/sshj/signature/KeyWithCertificateSpec.groovy b/src/itest/groovy/com/hierynomus/sshj/signature/KeyWithCertificateSpec.groovy index 14c5489f5..78fbb8a0e 100644 --- a/src/itest/groovy/com/hierynomus/sshj/signature/KeyWithCertificateSpec.groovy +++ b/src/itest/groovy/com/hierynomus/sshj/signature/KeyWithCertificateSpec.groovy @@ -16,8 +16,19 @@ package com.hierynomus.sshj.signature import com.hierynomus.sshj.IntegrationBaseSpec +import net.schmizz.sshj.DefaultConfig +import net.schmizz.sshj.SSHClient +import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts import spock.lang.Unroll +import java.nio.file.Files +import java.util.stream.Collectors + +/** + * This is a brief test for verifying connection to a server using keys with certificates. + * + * Also, take a look at the unit test {@link net.schmizz.sshj.transport.verification.KeyWithCertificateUnitSpec}. + */ class KeyWithCertificateSpec extends IntegrationBaseSpec { @Unroll @@ -62,4 +73,43 @@ class KeyWithCertificateSpec extends IntegrationBaseSpec { "id_ed25519_384_rfc4716_signed_by_rsa", ] } + + @Unroll + def "accepting a signed host public key with type #hostKeyAlgo"() { + given: + File knownHosts = Files.createTempFile("known_hosts", "").toFile() + knownHosts.deleteOnExit() + + and: + File caPubKey = new File("src/itest/resources/keyfiles/certificates/CA_rsa.pem.pub") + String knownHostsFileContents = "" + + "@cert-authority $SERVER_IP ${caPubKey.text}" + + "\n@cert-authority [$SERVER_IP]:$DOCKER_PORT ${caPubKey.text}" + knownHosts.write(knownHostsFileContents) + + and: + def config = new DefaultConfig() + config.keyAlgorithms = config.keyAlgorithms.stream() + .filter { it.name == hostKeyAlgo } + .collect(Collectors.toList()) + SSHClient sshClient = new SSHClient(config) + sshClient.addHostKeyVerifier(new OpenSSHKnownHosts(knownHosts)) + sshClient.connect(SERVER_IP, DOCKER_PORT) + + when: + sshClient.authPassword("sshj", "ultrapassword") + + then: + sshClient.authenticated + + and: + knownHosts.getText() == knownHostsFileContents + + where: + hostKeyAlgo << [ + "ecdsa-sha2-nistp256-cert-v01@openssh.com", + "ssh-ed25519-cert-v01@openssh.com", + "ssh-rsa-cert-v01@openssh.com", + ] + } } diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa_host-cert.pub new file mode 100644 index 000000000..69a3c44ed --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgl67ZVJD8No6A02obFMo6hs8Ldt14DeO6b58RWpAiPycAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5MAAAAAAAAAAAAAAAIAAAAgaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIFO6PcSIVKhcnYZRRLes2qPZMpq7P+UDW20vYQn9aQltAAAAIQC877vpE4EbsJuyymmw/T7NsjmVcQnH/U6WjwZCODxI1g== id_ecdsa_256_pem_signed_by_ecdsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519_host-cert.pub new file mode 100644 index 000000000..fdd95185d --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgAfBLm5SO2/sG021RdO4S+q1AVpdahAz3jx3XIBMX/DcAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fgAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQD/r1H8JDNXac/XsQr5pxLKAa2EkBtitlyjQlAWX3UlBdm00r9NfcNa0qOhYEAITA2ipM0Kox43KzkSIB9N8yw4= id_ecdsa_256_pem_signed_by_ed25519 diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa_host-cert.pub new file mode 100644 index 000000000..34c18da18 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg39MCdE+TdsgibyL9pdV+Oip06sFgPj7Lldoa8Mdrr6EAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDoAAAAAAAAAAAAAAAIAAAAeaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAu9U1TrUpxb5Iq1/3i5gvgiUk+Pr8ckCJ1X2v2g0wJF1iDRgt1ynL5o842Va0dND8r/tlYuXiXDY+nVK3P5e+Qdyq7ORbbibqDfJXpXN3WRCY4IjXzAWBUh2h8ywDTBgpbvBdcv0ITOF8V9w8LwCzFMqAEAf9ZvxqNA33qJjUXpP/XFwrkK81VJo4XNPXFf5NXRrUn7nDDU2QMyzfLYJwErNVV8iw/U/cef9ens1M15IX8yrMJxCQb7JQkvKeUPrs6ALa4lgvMISl1/jDEQ4nCw0YrXC9rWOTr71HS7SZrw3KLJQYyQNGBjqc4n4BqhPUYf9ac+w1trKBMtw0tFKjVEzsjg6dpYMr5cIon6Gm1N9GWV6pRcghkDoC3qbSUDbvqFWUOt9HAuiFUpye4BxP/W52PM63xVJhkOQ0DpQbCM2W7KWj6E/KjHlFeoTPzy3GmG3KBUrl1nQK5HSriuINyLZAq6Q8AUhekG8Td52rucU9WYfz1W6J7XrdEy73jsVT id_ecdsa_256_pem_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa_host-cert.pub new file mode 100644 index 000000000..b916b5090 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg0cIXSpmbkGXAqBI2MfH9tpCITWA28bvcPogKDHk2+aUAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmoAAAAAAAAAAAAAAAIAAAAkaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAZQAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASgAAACEAm95yiB9YDmtQJR1Eqeg9Di5GAu0BmbIIVQXKqAmbNgkAAAAhAOCYC23uX7C1wSo4uHcDnIkN1fwjTkrmzryLbGQvI10R id_ecdsa_256_rfc4716_signed_by_ecdsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519_host-cert.pub new file mode 100644 index 000000000..6e80d6a46 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgrJTOkSNe36/l/T13/eKF59eow8nik6PMBXKDJc52ODwAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3PQAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4yaIAAAAAAAAAAAAAAAIAAAAmaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuHAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECrlWp1E6MWq80NGW5i4gpWH/hKwEJlsoKMokLUi1GilQuMaS0FPrFl4XJR44fCZKKuugaoouL8zxUgficeVOYM id_ecdsa_256_rfc4716_signed_by_ed25519 diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa_host-cert.pub new file mode 100644 index 000000000..059054eb3 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQgbM6lYD+Yx1aendIKHYuKthkIN0WhvPdMA0DbC/QmEAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgAOa69XTj4yOPjKtN5Few84Y2qj4p/4RK9yiAjWWxbMQv+dlLzEH/wtj6p1SeDJozFssVfyH2ODFGY9Dct3K4SbLA1b8LfM6vaf1bUxdQz7njsQ40KpcJu662hMOkj9AKTQgpVUVgJJOQuLrIbyfjKClaqt2W6ziH2eLn7wPsZ6HGhQMALQVmebzgFepnwCve9wgX1HNOfuAYYVQwFXddi/xQ4BIVmsH6E3DcUUzjtZZaG063CddPYOW2Ea1efWqHu20FRWqsMnwbL6Hr9JkjKv/Iub8mgLMP1bhbMEblb+tQ+y9RRvPwjT89tKljc7hXvBxpHA4c4ZlnTidsjqPHVeARCt5LV4lES7HWEZ+kFIkGndNLYXOUnxgk6iSLLHVVZUCZPbUiZbSJdoj7r7LGiz4KA7mnqQQGU2jWxSI2drD5T6SW0TFspzjX4dPnJyzFpe02Fl+NvblUUHsnPTHdsRexHRNfqkQhKIO4i8AM8U02nU/uBmXFPb9ANbLcq+Npw== id_ecdsa_256_rfc4716_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa_host-cert.pub new file mode 100644 index 000000000..3597123fa --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgY2OzNmZOc/vZIZBQFWEORqvMf/oHPrX+yxHKqhAZ28cAAAAIbmlzdHAzODQAAABhBKvEgMXaTNdJ6LBFZUD2wQl/z9IHTkkUr6B7ooE6v+2+/oQhJvzBUyaQAZRvmgsvoSBpn13WrrDelOFbZ0LhtDI/sHVbhNopkJHAXwQf7O84/pBE7PEVtfMICIKNy9twHQAAAAAAAAAAAAAAAgAAACBpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lY2RzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAgMqxtjTDkl14nj/EpXUdqoheSYN6nNsH6J4ZedLti6AcAAAAhAIkJoGGFMb0sTPfmWEa7Dd0GIZYz6jhV+P34XT5krXcB id_ecdsa_384_pem_signed_by_ecdsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519_host-cert.pub new file mode 100644 index 000000000..34a4e2f03 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgGZiVJml5jUGLWIzSqiJPuIHQlllgL0ACSFDfHcI/KyQAAAAIbmlzdHAzODQAAABhBOJBx4Ut3ZRLNQngcHU2aV4zaElAEneWe6vD4usYodHbHCXzBl4+G29WkJWd1/QYuZt5NNyINIDagBogvrcDPCCcZa5IKZB1PJUjNht/Dp4I+LiEZzxwpLxkdBLY4rxq8QAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lZDI1NTE5AAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAFMAAAALc3NoLWVkMjU1MTkAAABAHyGchTk5zw6vfu+SdHdSz7p2Nb0gTnp2/DJ8I9oN1l4PQT2xnPOvPo0EiopxTFhu9gLmaBFBtb0Ld1KjseKADA== id_ecdsa_384_pem_signed_by_ed25519 diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa_host-cert.pub new file mode 100644 index 000000000..8cbb8e83f --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgjKDNUKzzdplM18CnnurEHP8+6IXdamkGh9Ph41DBJTgAAAAIbmlzdHAzODQAAABhBD1WQbH/pDaRjPc4QKpgtOEcW/LsSteXU9zIjEIVkCpd/WaPfrnql1zu/G0Ncx5YL2YfKEDtzXxhskac8OAR5Cr7wMg6CYh1NuOBqsPSbELCtf1F2SLbGEWG4d7HombN1AAAAAAAAAAAAAAAAgAAAB5pZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9yc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYBXT6blHmMNsbfVmpgXmtpqadS7GZAaGoI5QGuKBS6RheUfvDsMUGnyR87wsfZ2NP6AsFYMDMksqYR4VTiPiUUdA/owXUnOMlyUIYJ2viQaa7b4PPFtfLV5w8UicYzmASITd0OF4vXRjk6CMKjtABfU9pVuStHseTV6vYU2QVsQDWqTlkjYSNitkMY/bIBGihaUNi/6vh8sdfZYpRURx93lHJYPNwJ4NJCG7UZ+bzIoPw2RuF1RgZ+ttD7h7W5nb2sGkDTUqny3oLHBW9ojMhYl8Y3GKRdBpmnaWRsOF5a6ieH3WlICyHh2q8JPc0cJXKbUmkkiqt034nHbdM5Vb+qQekhTLK4FW0tgkrv2THGQF5WXxOHCXQwBQrYgYR/tBPkR7R6rqJOGnlBKGW7Sl1CZ4Steb88apE6P7Y4n1BDmNzNCfJcPHn/aAgCRoofoXS97i2H9o0Umo/CKPbaj4yRl4rJMhmlY+FKNOwPufG0B+fz8v6iPQc7CzbSVsM4JOF4= id_ecdsa_384_pem_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa_host-cert.pub new file mode 100644 index 000000000..72e2a8448 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgIH2g9NXosXkqoj6f7eNLPk98Uh6MUmUhZ19LCxlzWa8AAAAIbmlzdHAzODQAAABhBLsm8bRWv9Txuseoc5B7iX2AF1rOV0zxmmlPIfQQaO1SApq25ve9yv+um6SKd+H1+cvs+Hdhkp8VF3Dw4kKcmj4QlMgm76HwXEBYJ6pQYyKfwte3fIvRmmJ/k8dyKyxf7QAAAAAAAAAAAAAAAgAAACRpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIAZvilKjdWVhv2A5epyRnl+SCniqMwsMCuOLLyMs1a6ZAAAAIQCZOSTiBbGXkOpfKAGMbwI/CuhzAJ7mEck2tUGy4Q1H/w== id_ecdsa_384_rfc4716_signed_by_ecdsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ed25519_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ed25519_host-cert.pub new file mode 100644 index 000000000..12a13cdf8 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ed25519_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgpBK50228sbCN3k6O6Lq+6YXfw8pxjgUp9n4GOLgxiM4AAAAIbmlzdHAzODQAAABhBH41T4lRzsu5RQxdGxNMnLnll/AWqL2/fUpknCSU4WTYjY7zfz+N3YCw76P9ZZ5wdRqoMFSw1Qy3h8lYeo3HVbwaUKB0E5+nhuMiNC6o6UZXtoyjXewNf8okUe3Rf7SFZgAAAAAAAAAAAAAAAgAAACZpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQPmNVrSkiNwV5QTpJGgPALtBrJsBqdV/+62I9xbcyTK54EhepQpFCgCeA+IjgVHq/H0gTvEceBIeF2+dqnAziQo= id_ecdsa_384_rfc4716_signed_by_ed25519 diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_rsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_rsa_host-cert.pub new file mode 100644 index 000000000..146f5f843 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_rsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2byoaIudWiOZaNJMfyOHNw5tOy8lWAADbp/rNkJ7krwAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKwAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAV3uUrbSScu722FmIUG1FEtd7X+y58XlZyBZMDkI2G8RL0bZtALg8kfAUqRs17XS8MEIsG2STDGvDoKpPlGrupTGAwjnpTrDsgr/WaXUn/21Tyv6h4npcPxX5h5OU24UdZRXUGMRqwRXn4d6c44I6lAXkFGEHV20da+2sKR02QOIEfYik7kYgUzkVE5QPr0YN2hWCNxPNahgPow2RvPDHKL0PBS2CASeIo9pZ6OECdsCX92+BXN+e8oPO+BTp2mwzaepFPiSO6pIdTOnhFHwiY7mG7Y+Xw3nCYJl9cILzeuuUeEw3elRMYtnIoUye/IZaZw6GNBObb59seFOaf8Hm7NV6F7L/RNUG7aESB2n6KKggbPci8xuCulfgi/XBxjsXd/affASOUcn3X6IIUwJDqwMBkhmagvYVoLX1gMoHBW0aLZDQEXigV0WW8v1oMsEp6Sl9Y0kRs9vPBr/8LX9vDaPKmNxOBV8uOnicDb9HZicyLkVQyPFobHOvYt/gfEUM id_ecdsa_384_rfc4716_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_521_pem_signed_by_ecdsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_pem_signed_by_ecdsa_host-cert.pub new file mode 100644 index 000000000..365e7b031 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_pem_signed_by_ecdsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgljz9cq4YOgdjizjJxYPhIblsiGaNr4rbW+UxI052PRgAAAAIbmlzdHA1MjEAAACFBADXgtn8yZsPVYf0BaJ4sfDcUoF2haBwNdn/2VkY/IGZrLsugZoEmH0NjrGtuKBEx81o58oWDzQ9n/MnWvY+y5qRmwCcxvW6GNvc/5JqxZCyikxVRg6b/d5PymXGzSLJZ8nNIsrXXGgJA1UrxlJ49BsimSXofYKeyaE7i9prp12LAc1g9QAAAAAAAAAAAAAAAgAAACBpZF9lY2RzYV81MjFfcGVtX3NpZ25lZF9ieV9lY2RzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAhANmQ0VNPszFETV7Lfn6VA+I/t2QSIjib/GNDxcAsjFm8AAAAIDi7J/plqM439EnUEdE+hWIjWr36/niunriITGK6LQtE id_ecdsa_521_pem_signed_by_ecdsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_521_pem_signed_by_ed25519_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_pem_signed_by_ed25519_host-cert.pub new file mode 100644 index 000000000..0872497f6 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_pem_signed_by_ed25519_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgYoxIX3Mo7+jAnHiCyZk0AWRXzoJQPamNhaRp21UFhjYAAAAIbmlzdHA1MjEAAACFBAG5csVGz7eZTbSPGi5xqSKFXSg0y0ejfLbdf7J1FXUPUUoWYQ6/I7MH/Syf0RbpOerqiJNv4eEQPAhd0jyQ+FqzaQHX1IFH5YOyKMzy8B7xCzk/GZnnUCVwiwiIvnTU3EAXCvLsu8J8/W0xLotP9d32eaeIf3bhuas3ynaVBshs4qUoBwAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV81MjFfcGVtX3NpZ25lZF9ieV9lZDI1NTE5AAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAFMAAAALc3NoLWVkMjU1MTkAAABA2q0DkWCWaGbuV+B6tn6fjoI5Fy8d5ql4vG9gyyi41h3BycYwkDbWDY/rjgBt6afX9cO67nMBf7VGjAbb8qVlDQ== id_ecdsa_521_pem_signed_by_ed25519 diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_521_pem_signed_by_rsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_pem_signed_by_rsa_host-cert.pub new file mode 100644 index 000000000..4ee783c93 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_pem_signed_by_rsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgXzPBlfFOTmt4ROYqyBk7wLseG5ypOhseHeR9I9IM5uwAAAAIbmlzdHA1MjEAAACFBADFh68QqWBcD66XbyBApCA6m6/HHp0b004M7VeTeGsQjd6chsmnCJSAsBqIQT9+F+AFSISKpipVVDG4kXIasBGiHwAq14UBlZyfGK176ojym6IQ6tsIjfxz8DtQuyGHo6JIh4bEoP3x2L/q3Wdp43tYrAsmqFsxNHQbYEluq/TtcJjoxAAAAAAAAAAAAAAAAgAAAB5pZF9lY2RzYV81MjFfcGVtX3NpZ25lZF9ieV9yc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYCwfvVii3Oow0X2sEHUsSGu/edh/Q9ufhAcnhFfdTd6r0PdEFFTgwnaUDqObIADRC3kno8iE4EBzm/Xw0hiuOajMogPcuzEvsyolyufsF7MuNly+YdkGC62q1QrAiUhYhukC47sBB+F7VbU40iq0ZRgaLfy5MVmh3wtqNa3l/u436Y3Ktic0oEmgVoxJ0dE3qvblX+1KuzTp1yqZ/Y8YADDtOtPOsfrF9Vi7c/0sBv5UDGWChf75xyDENKgvPeRMJJIjSW1wQIQfl/RNu6dhgj52y6p55Y7ZztBzN2ur122pecR4DKDNFPvWJGhlJ2PEVLQa3JQLeWF5DSgS1qy97lKXgs2OtH8a+9W/FZSeArK3oDaOWD7enrsZGj4WOt4CAb4TsLV66SSJuaj0tyecJ1ac1Pf0ge52v5tvplXBYGq+imGeA36lla4CiLnOFZUIJspySSvmUUmpvCXWFHuXZfgeZoBg1Mo2c5xlQ6iyWsVskUvx0jJrYLGJTuBbSJBRc0= id_ecdsa_521_pem_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_521_rfc4716_signed_by_ecdsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_rfc4716_signed_by_ecdsa_host-cert.pub new file mode 100644 index 000000000..7ebbd3f53 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_rfc4716_signed_by_ecdsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgEuAycKwsEpmV6yVJP9HCBVbguDTNoYm5MOmvz9SKFrcAAAAIbmlzdHA1MjEAAACFBAFRVmAGsmCeXn6RuYGxMIY8WcYaAsuJ9kJ5LzMYvbpm52YcAaL4IwzDwPQjt2XKvC8Hrp5TfSqdTJ2FIPizEeznAwGJiPa7APBg7NvOY3+fZJsMBrCaYotaNHOVzUcETmIubo2Ur1+U6EVMp3LkdCaA+0Xq5FHRIjPmYAV41bBn7CXsDwAAAAAAAAAAAAAAAgAAACRpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIQCrSAZ6bAf0trLQEEwdJpNP4CWvBKVwd5j+JfVybGWniAAAACBKGVOvYlH5D62gYZSnEDYRUiJ9GfmBmHhC4+JGT75jcQ== id_ecdsa_521_rfc4716_signed_by_ecdsa diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_521_rfc4716_signed_by_ed25519_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_rfc4716_signed_by_ed25519_host-cert.pub new file mode 100644 index 000000000..9f9bac984 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_rfc4716_signed_by_ed25519_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg4hle/btcQQy6KvwysH5Ca/DrEtiMFIFytG+e1dYdYUcAAAAIbmlzdHA1MjEAAACFBAFUxd19OpkxQlbq5n2cW98D7XKDz7b1/+fWMB4j7Rv+IrOAtJp4xW8U8+cfogfjVydxxlownzbsd8Px6t9zxMECaQBIC6hl0BT2+Ze0/AvsIjKL4wqSFbwBMRyZYbDTl5TlDD5j2HbSRVJcEXZdl/lZYI7N3qA2cn6R7sWrpNgA5EpAJAAAAAAAAAAAAAAAAgAAACZpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQG5klgohVK0FfiXiWBswiR4d5LBBgJRhkwV6ulqbZ5wHGH8GUg7Q/r9cgBGYWeafj5xLPleUtONhrp0cdSFsDwE= id_ecdsa_521_rfc4716_signed_by_ed25519 diff --git a/src/itest/resources/keyfiles/certificates/id_ecdsa_521_rfc4716_signed_by_rsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_rfc4716_signed_by_rsa_host-cert.pub new file mode 100644 index 000000000..77af154fe --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_521_rfc4716_signed_by_rsa_host-cert.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAghRVKHO1c4TGUTQt6NcV1mXd4HCBJLlkJZtPmVp0EQjUAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFgAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAmpwzeo95ahCTQuLfdsHSlWhNlBVUsEze9ogzqhnh1unL0uDztGbEwZ3+2vAQI9wRlIBJhg+FFIOc6KW6Hi9zHZaU/ipmrtDwoMfaRrL6ZgP+COvCxPMiTuJPt8Er2OsRnarc7iM1RnhFz3jVTGhkTG8W9yvN6Pr7SeJ9DokrRMfuDBosLE7i22pLWWBeDmSHz0dh6VGUhTnEK/9RzRnPQmByRQJ+Xfv4He7QE1IWIufG6zYKi42XiCpC2DKCxI0yapKvqVWkR1snc/0ykMUESsAgyzZoYqzxUCSmTzfT/DCb1WRswFVlLb+uccpo6ioi62CCNvC88WDsXhSO4VYsUno33KL9MopvbO1Gg5IncJP+a2wbP3fFQpefx0D828DovGKNSDxGmzXE2HoEQSsW9EsrBOEBZffHRIgLx+yuR9Er67RrIzUZclUlGZaLf/PWf2JSNwuIhxCShwPu1d3I2VYx5Lcn5MXk/IpHP8xLXH/g8/Mm+NhO4blVFAOwYaox id_ecdsa_521_rfc4716_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ed25519_384_pem_signed_by_ecdsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ed25519_384_pem_signed_by_ecdsa_host-cert.pub new file mode 100644 index 000000000..a1d403eb5 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ed25519_384_pem_signed_by_ecdsa_host-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIPuUNVb7fQWM90pUFvjt1DB7vZclmLuoNvRH2epqyKTvAAAAIByIPRHOEWFytcQuAbqhFept3pgPqpzt5ALqIczx4MeRAAAAAAAAAAAAAAACAAAAImlkX2VkMjU1MTlfMzg0X3BlbV9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABlAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABKAAAAIQD+2Ve9JcDSsrDNMhk5MAkwCtT19i/M3YMhZ0v2kIjDYQAAACEAwur83VZG11I+8UVV7shjbDrospxQ5AlHiIncDoPcttg= id_ed25519_384_pem_signed_by_ecdsa diff --git a/src/itest/resources/keyfiles/certificates/id_ed25519_384_pem_signed_by_ed25519_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ed25519_384_pem_signed_by_ed25519_host-cert.pub new file mode 100644 index 000000000..d21c126ce --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ed25519_384_pem_signed_by_ed25519_host-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIBtktEOTbKpW3yct/WDfKxtOrM9qGOLQGEJyTlnPleLbAAAAILqslSEN2YOIAYi+3isnKwHWeno360GF7f8xMXrFJvYkAAAAAAAAAAAAAAACAAAAJGlkX2VkMjU1MTlfMzg0X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQMi2Yn2Gg+jffFffHxwnqX2PFBk+iQF60bbH3OvEJ1qb3hvu10TXCZRp9IK4alTCCvH8NTWYvsrqQXzp4AL0aQ4= id_ed25519_384_pem_signed_by_ed25519 diff --git a/src/itest/resources/keyfiles/certificates/id_ed25519_384_pem_signed_by_rsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ed25519_384_pem_signed_by_rsa_host-cert.pub new file mode 100644 index 000000000..ac8a7b3db --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ed25519_384_pem_signed_by_rsa_host-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIH8rdkRE/S+wkb6oBlsxESUqFisqhneL1ftu9tjNuv0wAAAAIOnD3CuECiynBFqCR0sxZ7DhSoCbBUvkV4KTey8U5snsAAAAAAAAAAAAAAACAAAAIGlkX2VkMjU1MTlfMzg0X3BlbV9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAbx6XJ8mVvv4755eo9eRBYPqvt99+2o1AbSAP9AvN0Vhjci8bpaejppqvI2b2spcY89JiX7FeeXUPZha0tnYLBApvOZqKNV/+lC+Q2L2QJk4owdYFJBVCz10L26RaGbddGjUkkSBDwmZVO+He6h4kwHCeYOIU0xwL9ACM3G8imaIlAthgShmul7cPBOxtKgqOA1qcI10iCTHlaDNZd3ZdbdbK3xiTkH0SkU2ZUWK/ic3HD3RvkOBeekNQAlmTTnTYR9xJK/ByEn7p061Ltqt8PJnuRLDKFJytMMWgCoqXo8c5CNuIH5vCbS6L1TVikqveuieQInqO5ieG/0doiVelQ9+6+yEZzlkfXHF9o5pEf5WY8IEx2RoaDhe07Cqs2zbBA0gtQ/c5QUwEkp7gPqd8rH6lJourDNHn0jvmTfVSapNcAcF9pOFmzaZ2pf41ebxAwbTrCAhVER4BvbO7F/t8UM7tM78hxGR36XiJzr8V77qTme4zyjzqL2LVA1NS78uB id_ed25519_384_pem_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_ecdsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_ecdsa_host-cert.pub new file mode 100644 index 000000000..269412547 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_ecdsa_host-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAINFbDKbeYwzCUInVJEv0plRCrCbC0MR5ggiAgjj/k+ulAAAAIPOpOX0eSgAKq8ScLsK5KUGwOmOyVEpe7GyQ63lEE3YUAAAAAAAAAAAAAAACAAAAJmlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAYwAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASAAAACB1UdoDvQCPFVu4oFlGBt8QHny3T04Ff0X02DiYOVIfhgAAACBSV4/AbZofELomySZHqgQd/Ml35hweRzA09GxS4pZyGA== id_ed25519_384_rfc4716_signed_by_ecdsa diff --git a/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_ed25519_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_ed25519_host-cert.pub new file mode 100644 index 000000000..bc604a353 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_ed25519_host-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIKvwYrGku8uMgRVK6n2+rYSc53mWlaH8sktlM4HlAsvnAAAAICU8fq8BUhwAE5UvFjIY2WUWbkxtM7Ay7h5H33Y1wuFeAAAAAAAAAAAAAAACAAAAKGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuHAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEACFDvq2T22ICMUR5laAIQYB7fF42REAzQwUvO6xmAwcHuVXe/IDSA6OZISvbnbfus4wwgi9H3lOn2sHZKZ3KAE id_ed25519_384_rfc4716_signed_by_ed25519 diff --git a/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host-cert.pub new file mode 100644 index 000000000..86cee24b0 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJPdoRzLgA3gyn+/e94rnl7IvN7PxvEeV0JTITLah2ipAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJob5TylOxmfFX5qH3iE53+zgXp3JbuxcRG9aYx/5GFiWx2yCku1/2lN/KgW2AOb31iS22LXlhCUtZBmbHiYI9aftZAyBcHGYcHvMCDHH66q+bVLlmRlNW+JjWLM46ythgRT+1dKGWAarZSwAC8hYxlV07pvt7EXFmzy4Kv0C/FL8d78P3nrRsmDTYBwrhQy1s5gwOeZlLyomPtSL7kfdxBXum8v4lG+ddtcL82iGdp2gNyonrjyaDZcdXD1FoBDlqM+lvWGO1n4ikts7JG3jcgK3QRdYOVmPnsCzEHaiTm9APuhf72+B5RXybbQcyHTA49+TptavkoxVaMqzdvIunfEYVf1S5zCHgysOkqGLOEVyMSxZk3pORajr2kdyc02Q4Plrb8B6G0rbixJRCJouS6I8J4W/Orypa2ge/un3U1JYaBeA18va7hwHoG/0zsdswETyIB+nrj59YM6Zm4zzC7Sm0SBNXFN0m2f6SDj6CDTnmj13aejQLUzED4e2Bm6Qw== id_ed25519_384_rfc4716_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_no_principal-cert.pub b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_no_principal-cert.pub new file mode 100644 index 000000000..56382df89 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_no_principal-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIF0yzVBaIjX3wUoburRPayIO+/1bNinAoryocYgIDiIuAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAADG5vX3ByaW5jaXBhbAAAAAAAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAtbKBpiEXJLTe9MZqpoYjF0b0hdEsUZkhVHfR1oQZpTwkZiR9XZw90BlSAd17T9NcCn7E3PDUnCf3OI6gQHWZcr+XfWV3foK1i4k98MVaitoKm/v5pf07arDXCQ86CjjSBYxH19YZFsyWXGifYkqpdJ69Iyu6UWpH+r6zOrCnirMQJR/UqraObxCSdFApqMpCRhrxqeFovdbPsNL9zES+tZpFdim4faxDCdEcK8wlSQpiiv5BMuJL8gk5vHGDcWKFw1nvfU4sXr9QZ/ZMH/AoLljfIcATTchGy93WKg0KN1I2hhaFPcjomx+bDUD8M4feFOqGoNxHFEQVlxP2in7ZCtLWLtxTF2jDeDjRrMxcA5V3/S6/fZtDXQoCieKluHF/PcN8LTx23pUYAptqPSNL3OQQqRNflznPpBc9zUwii+lBuuwhlfAGSyIJS9DVv75UaLdbB0X0PJaiaJ2/TJbzIy8icw6lCglF2c2cvaBFmoD5YwKXVW3dTGdhiL1Ocrgn id_ed25519_384_rfc4716_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_principal_wildcard_example_com-cert.pub b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_principal_wildcard_example_com-cert.pub new file mode 100644 index 000000000..ef6bc9c21 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_principal_wildcard_example_com-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIAB3LG/o5WHvX+ZAzFUiWxhhvsb42vvEFvvVI2EFeFS+AAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAHnByaW5jaXBhbF93aWxkY2FyZF9leGFtcGxlX2NvbQAAABEAAAANKi5leGFtcGxlLmNvbQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYBxBc/C0PaNBx27GpSw/fWAuunyhW5eVwKs2ZEu42M9ynzrrWbnayv4yc+SolZFs2tS5MH6v6CpIzM9dBZwsbnYPcFwTsrGZa1Uvta00RzheabzTUX7X24nG/zbm/aJeA/Ds3x8Suz8zmX3f4tczj+Lh1E3tGi2RLtxZlHpZoJ5B8z/YZPR30TsC1cQiKgrkXQyWLdyfQlpoO2TK3GofutQGEYwDwItNDUs83y2CiiJMwz3+mmVBYYSOP9ukNt0C8XIG8x0AOwHCASzJrPWyg8bmsUjzaO++MPU01Piq09Gzo+WZv7Lcg+62NjLlIymM9MKiYYWxDMpbwzxJgLeF3c1lxYd5FaA9jKtR0hxiRz8e4WVPDRT4M2ymsf7UiJpqUIOoWo2DnuoGNAT0Rj195KXyT3h5k7/aEaV65rAjyuMNfNedBkh5oXU8+DH28tOk61ElHeXFhGDrogyiJj2EBqUvbc9KA+QpgCp0g51P79AK8LG0ZfXRZkTK0ukO/Ke5Cg= id_ed25519_384_rfc4716_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_valid_after_future-cert.pub b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_valid_after_future-cert.pub new file mode 100644 index 000000000..42eaab084 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_valid_after_future-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIBVgz01W2NGee5mbYcK51YX29G9jW+9OBixplapZkFkdAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAEnZhbGlkX2FmdGVyX2Z1dHVyZQAAAA0AAAAJMTI3LjAuMC4xAAAAAPKkwRD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgIsjtxJK2y/mfVlY391EFLVkcsOVvMQ5q5GrNfoOHtzOtL4VQjoyxcUVYs9UQfyWJlApMbXsFJuUAyqOW9nXhBM6gzTGsNBu1CCaqOGWJDQXmQOz9rNcctqaCYJQ0od2hn5q1Dq5mZk1NUhJvf7UCuYnWP6yIEIdwWkHD0gGKzjktrm5HMcpfMGN7yfIFd/u9hmAss3n6FN78cAz7I7d8QIYUF02++qS01Kyu0KhGGdzMaxgeMF1FTZEnVWLaQtK2jyG4TwKEs6IesrmQ7FT9KvlVRfVMpsTumeoJnr9+BpoT5Gt0eW/wCFfjFtLr5kchS6/mnfOVX4fpocp4RqR01PJtD8p+7Vt8fzwus6QSZr2Ek7RL+WtZFzRBcLZPodYPPml8qrg3QEwOYvaeVDFsFe8YX+zlC+3Q5mjKsQmgr/zju8FcSzlGaVxJfF3PSIgjB8GwQEKXNZgjKLXs7QoW4HySiUdXX1kO5JkmetIRMhBHuefObYbu9ZIYv4palWkPw== id_ed25519_384_rfc4716_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_valid_before_past-cert.pub b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_valid_before_past-cert.pub new file mode 100644 index 000000000..7d835f227 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_ed25519_384_rfc4716_signed_by_rsa_host_valid_before_past-cert.pub @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIOl+YlsnRjEH2sOva2Ur1aYxhuQieVMhZsMwWJ2YaKxtAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAEXZhbGlkX2JlZm9yZV9wYXN0AAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAAAAAABf7gOQAAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGATlsN6BT8HOJKHNRni+VbRa1x6SloqcLTe1zksiyZXdWCZw+vX1Auhr4TW+FyVq4pPslpl9Q3DxFS3p5I2zETnhDj5mro1VcffAQh/AIz/YbsKbfc5oJidMiVJpotO4fLm7ugx0WSjmRqpVznCM5ctnrOQCvVMCElD/8Nzir/5tNsSvr7r/CbNCEPiEFNICLrL4Ab3Ukt8aa/w8YYczMwwUECJISQH6mu+Pw55w5DkaUdYk5khyzSDM42NQfMlzyJkEqq579S7NaeMLLI3zuKcZKCrHoXw2LlQ1qioQwe03tnWc+C4nVPYchDZM3iOhmgIugJuoYznvje5GDzNqbr+H9QRMj7fID1+dhkqRRm4Yj4uhlre3qHIQTfV12T8IE22qjgvm+aycZVTOlJOlyEzGBs8CtWm7n8ztkNVQjGNdLVTp/ZdqSij1ZClW25bM60CbcT2eGPV7j1igAefbeQinfhOw2c5qWkJZpBbWjU9Th/Ezeb0ZYMtjjwsGXbEbZ6 id_ed25519_384_rfc4716_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_rsa_2048_pem_signed_by_ecdsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_rsa_2048_pem_signed_by_ecdsa_host-cert.pub new file mode 100644 index 000000000..57e20f57e --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_rsa_2048_pem_signed_by_ecdsa_host-cert.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQePTFA5eBLg7Uoa5ZcWM0sw3d+XOvOWsakWV6SjFQ58AAAADAQABAAABAQC30ozNilw6pw8Msyuh10WCLC3TAMjSlj4At2RI1Dv5zIRlRVRkeIom0Z/OGvJItvFVy4lgAr5DBENs222zyVDJ7YfheoFfQNZCkyoxNjl9Q7QalHsGUUu9tp2h9Z0fFHhzYv9TY3vTOvNv7tdQP9bAv4TikRJ3yrXjNp7sh1FssgjsqB1PgSq5fcsgVl1wdTPply+Mll+ox7Xzy5SRyqHuQrYLjeqlEsv1QWVnVVZwZW/WlcsljecCmUFefEWVcAA9YDOSwE0Bof6/uEG5AzuiWlQnag1esb753WRO6Slc6V/xcRtdwGwEWkXQ+EECe+Rtm9URgQNsKQHoNr5n7PHJAAAAAAAAAAAAAAACAAAAH2lkX3JzYV8yMDQ4X3BlbV9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABjAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABIAAAAIEFdneHQn/1QjiEzjvGE/cqQpejAsaajlY5XaHv1bsarAAAAIDmGZKQJ4MiZYbYCeHGzrlO1rv6jreX7zf6qHgXbHT/G id_rsa_2048_pem_signed_by_ecdsa diff --git a/src/itest/resources/keyfiles/certificates/id_rsa_2048_pem_signed_by_ed25519_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_rsa_2048_pem_signed_by_ed25519_host-cert.pub new file mode 100644 index 000000000..d9e10d669 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_rsa_2048_pem_signed_by_ed25519_host-cert.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgHQ0uhiEmRWzLXEXqOLFUg8jW7a+Eha7N3shuEUN8B/QAAAADAQABAAABAQCi4f4v2VVqxGyNhXMuIZi4rOts8W5Id/MEguyO06G/zWCgufUGHYTOqMH1h4UCmn4VMwA7eq72MKIYgUT0rodZr5HBPXx83cA7dhKpLfGNCPjp+KyEEMXuy2b+Ge6ZOVtssTHKvGdHA3dQEUJlH9eHG5lX++6L/Y7T6yVM7APoLsm0JOq57cU1AfBcglpVGVGnU0hox6cMseBWDmWVRnjsnPUpW0FV9RGXYdTjkFl6Br0/OBcBGa6XKyPT3yN+BOLrRcdIyRzM30DgDACT95C3gsrRyvyjIAkNLTf2N4svfDiLQ3P0vkQgdd+x68uUWNtEN2SwsBZ9BIb0wfYJyOW9AAAAAAAAAAAAAAACAAAAIWlkX3JzYV8yMDQ4X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQP3A39F4TWICXZwoUCfJXdlZZIYx63xMsdQOUtnfo71BbRo0g+w4fBeq/VMAxpwDP97pApmC8hquWBYUC1AP8gg= id_rsa_2048_pem_signed_by_ed25519 diff --git a/src/itest/resources/keyfiles/certificates/id_rsa_2048_pem_signed_by_rsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_rsa_2048_pem_signed_by_rsa_host-cert.pub new file mode 100644 index 000000000..a07d6e56c --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_rsa_2048_pem_signed_by_rsa_host-cert.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgDwDM1NcRGgPpz7ToAutSs9GiY9vfHRrQ2441HRG3FrYAAAADAQABAAABAQCnVoILEZ27lIPYGAeVwW2hw1n0tCLJCcUPavojTBGNlkwGF3zDphPrGSHSnUL1t4pkNaKOAGVECYOMpfW0f3lSxFoM2gHLBStS2hqSHQIVbXnvWf3JF2SAwU5BQxMc9mITr7ig894lQXfWjTCck1AqAUGIGBNlgDYXTOoZZjEti9ee05mDqixUcfo4Q3eBgVBMR0Q9Zf518dhsJS3TyUBiLrrT0HD4AUR5MsnhawWdMSsl7itG6h++xBP7YR9u6TTcPPmaBPCnwU7U/xnlVXODg1Ru9WY1GlDx/H/4ZteNCNb0YimjpLve+HsJj729XS5p5Ra8vvWOUwsp79RkEMYzAAAAAAAAAAAAAAACAAAAHWlkX3JzYV8yMDQ4X3BlbV9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAY9jLX691l9Etdix/weRDTsVGPPofH6rH8946/NDwD/ux7CwCKU14OOB1RzAomM37oXShhf00DlfhxtZDQFzStLHGTA/o/FUUz5YhFYffjT8kTw76aA0OlajveE5R1of/6VEh8Wcja1r7CTsG6SAsEZTLZXjiwZ/bnHQTeO2M2crjvK+LHpGpwbQ16XxuPl30R8huYmGrC0pBzLk5aNkpnTKgVjKeqElsI9jhAfSREBSrHKWKlIoNur6pAbovbbUKks6VSHGPvXlLyvuz0vfrvuJQSo1g9fyKfCWMKxegsOJLNMrSoq8O3wnW39sdTXtz3u/7RmZUC+uqqpFpEnHNKG6tRccyA5HWrGquYW5mZZVMMdbUEe//gMEYvlGuvszWRQUt4Hipe6ZgSkKK+ldPTleY7ug0CEL7RJ6t4MyXoYhSWNwgp/KxBLLZdeHri6VS58mtE6dZnNgx8Kdus9UUXtuP1CfmDRB6mfgJy9a5DPOUrCU9I2G19+9y3Y8vs7Wi id_rsa_2048_pem_signed_by_rsa diff --git a/src/itest/resources/keyfiles/certificates/id_rsa_2048_rfc4716_signed_by_ecdsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_rsa_2048_rfc4716_signed_by_ecdsa_host-cert.pub new file mode 100644 index 000000000..6b111b565 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_rsa_2048_rfc4716_signed_by_ecdsa_host-cert.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgR26e1ueYBqbL0QiZB93BRUbChyzJRnrTjGuzyrdpUpoAAAADAQABAAABAQChzfhMsTK9RqNGOmgl4cRfYF5JmEVk2TkZL87LsB5WOllI3wcPtRycwlK4+o0R/7x0Z01+jHSdrXhV7LqYe5l6JzNjzuXO+MqwoGjSB0KAg/whZrId0HANvytE3CW7V0IKddOJNTqYBXLRcDuf09/CCB1Jtkigq/vzBC+7lMUi0cLRtuLDEq2v8Bp6Zyr72pGexpzJuF2mtih7RHuBd7fZvwOsRJHHMfQskzftcLNUvqQVUtrNjzqgEj7UrWcC48E8o2/ilD00EJELXBlKd6zJ7lDfcjGbbLiQ25L5vcmGSedSs67q10YLTbJU/aBFFtUw6mLv0Nj/Nzy8lfbPwYiNAAAAAAAAAAAAAAACAAAAI2lkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAZAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASQAAACBXNsWldlK2bKN76qYGPvbSytO69UlwFf2afmPpcj4CLAAAACEAhaFEFhap3hVZT0Y6jBOhAnKGFMMENPARGUMRPiUTLt4= id_rsa_2048_rfc4716_signed_by_ecdsa diff --git a/src/itest/resources/keyfiles/certificates/id_rsa_2048_rfc4716_signed_by_ed25519_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_rsa_2048_rfc4716_signed_by_ed25519_host-cert.pub new file mode 100644 index 000000000..4a3f673df --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_rsa_2048_rfc4716_signed_by_ed25519_host-cert.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgWhpb/3tZC1M/jLshw7fgQYdmYjOeOaF4NDY0bqZvtPQAAAADAQABAAABAQDqNvETxJaUoQ+RU2XEkG1BCvi0CMef7xyZK3dL4mnYDpQ4y2jWyEnfkIDzdj+EIFExTm6Gagz+WM9/LrAYMQtQHiX7l56ztHlsTRJTNJjXDn/YR//IBrMKRZq+3VBT6bC3CBSux8RVtU8RmhwIk/338ad1KS3dMZ7AkZ1ulOuYhVZ/eg5AMw9EuPNH4Uj6Cd5oazV6cOs8vRE75yZK7RAridBcFiJDtnAMi/yfCNJAPhKc/7gV7gtfVPA2P26hgwdlWjg47y5uHf/TR+dyNvm2LGev6wwoJiErFVQHgNDqWXBl5/PpiCYkUqqt8RAFvivbJ19yTy9FuUGENhQLosgdAAAAAAAAAAAAAAACAAAAJWlkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuHAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEBp5TfQATvq3liq/XLC+JuzUJA+MRC0o9e8LHEnzt9vuCXEzGT+3AespnxjVsZpwsc2uB7he5nFlhusLE5Ow2oD id_rsa_2048_rfc4716_signed_by_ed25519 diff --git a/src/itest/resources/keyfiles/certificates/id_rsa_2048_rfc4716_signed_by_rsa_host-cert.pub b/src/itest/resources/keyfiles/certificates/id_rsa_2048_rfc4716_signed_by_rsa_host-cert.pub new file mode 100644 index 000000000..0e04e61e1 --- /dev/null +++ b/src/itest/resources/keyfiles/certificates/id_rsa_2048_rfc4716_signed_by_rsa_host-cert.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgKsWt/s6Kl/ti8EuWBhg0TdS/kEUWRzsogWz5M1CVjtoAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAAAAAAAAAAACAAAAIWlkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJSHsEN9ccb4C/wrw0Lq22tZ/tLdjXxHKa1xBZZf81z7POZy8njEDN9bXHQalpLzgR12HDnkbBhk0tBrH8JDEmddOiMZrjD5GUzsK5Y3X6H/MTZrPYSqeO7ikmffxRI4A0BjYBmGk5ClntKzs3VhbhnlwBzTbvl+lwGVnP2EJmmP6/xjB0V3udYOQMbRd9Q2ORIZWF0VSexhjVVSdEwDlDdHWubFJwpHGDXKWeijGxSYXbZGwCGhqU04DYIx7HEIm0sulIX9GxjAm16y8QvrSjKCmfOkvg6T/TVVStYGkU2BGGhXyCfCA3gecdxI8mijuLsuBnkr0rVlDg00FLOAduLzsQq7gSC0/xit4OlJO7MoNUSnC9NjNSLjPy7DzW0bwfkmvfuTpKhDmO0lNbr+6if3+Q8pXZV+q1bRFMO9AsSO52gXA/IXGZC3u5JCL56hqb03sQPn/K9ZWmiRzwJYWTpgIgycGwR1ZIYFvtqKJqtVoGaZfCIQD/I4i01qqHxVAg== id_rsa_2048_rfc4716_signed_by_rsa diff --git a/src/main/java/net/schmizz/sshj/Config.java b/src/main/java/net/schmizz/sshj/Config.java index 79189998b..dfb6c1229 100644 --- a/src/main/java/net/schmizz/sshj/Config.java +++ b/src/main/java/net/schmizz/sshj/Config.java @@ -90,6 +90,13 @@ public interface Config { */ String getVersion(); + /** + * Returns true if host key certificates should be verified while connecting to the server. It is recommended to + * verify them, but can cause connection failures in cases when previous versions of the library could have managed + * to connect. + */ + boolean isVerifyHostKeyCertificates(); + /** * Set the named factories for {@link Cipher}. * @@ -187,4 +194,10 @@ public interface Config { * @return The LoggerFactory the SSHClient will use. */ LoggerFactory getLoggerFactory(); + + /** + * Sets whether the SSH client should verify host key certificates or not. + * See {@link #isVerifyHostKeyCertificates()}. + */ + void setVerifyHostKeyCertificates(boolean value); } diff --git a/src/main/java/net/schmizz/sshj/ConfigImpl.java b/src/main/java/net/schmizz/sshj/ConfigImpl.java index 0bddd18e7..836f2161b 100644 --- a/src/main/java/net/schmizz/sshj/ConfigImpl.java +++ b/src/main/java/net/schmizz/sshj/ConfigImpl.java @@ -47,6 +47,7 @@ public class ConfigImpl private boolean waitForServerIdentBeforeSendingClientIdent = false; private LoggerFactory loggerFactory; + private boolean verifyHostKeyCertificates = true; @Override public List> getCipherFactories() { @@ -177,4 +178,14 @@ public LoggerFactory getLoggerFactory() { public void setLoggerFactory(LoggerFactory loggerFactory) { this.loggerFactory = loggerFactory; } + + @Override + public boolean isVerifyHostKeyCertificates() { + return verifyHostKeyCertificates; + } + + @Override + public void setVerifyHostKeyCertificates(boolean value) { + verifyHostKeyCertificates = value; + } } diff --git a/src/main/java/net/schmizz/sshj/common/KeyType.java b/src/main/java/net/schmizz/sshj/common/KeyType.java index 571ec69c7..b34ebbe4f 100644 --- a/src/main/java/net/schmizz/sshj/common/KeyType.java +++ b/src/main/java/net/schmizz/sshj/common/KeyType.java @@ -17,12 +17,17 @@ import com.hierynomus.sshj.common.KeyAlgorithm; import com.hierynomus.sshj.signature.Ed25519PublicKey; +import com.hierynomus.sshj.signature.SignatureEdDSA; import com.hierynomus.sshj.userauth.certificate.Certificate; import net.i2p.crypto.eddsa.EdDSAPublicKey; import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec; import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable; import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec; import net.schmizz.sshj.common.Buffer.BufferException; +import net.schmizz.sshj.signature.Signature; +import net.schmizz.sshj.signature.SignatureDSA; +import net.schmizz.sshj.signature.SignatureECDSA; +import net.schmizz.sshj.signature.SignatureRSA; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -36,6 +41,7 @@ import java.security.spec.DSAPublicKeySpec; import java.security.spec.RSAPublicKeySpec; import java.util.*; +import java.util.regex.Pattern; /** Type of key e.g. rsa, dsa */ public enum KeyType { @@ -417,7 +423,7 @@ public String toString() { return sType; } - static class CertUtils { + public static class CertUtils { @SuppressWarnings("unchecked") static Certificate readPubKey(Buffer buf, KeyType innerKeyType) throws GeneralSecurityException { @@ -461,6 +467,122 @@ static void writePubKeyContentsIntoBuffer(PublicKey publicKey, KeyType innerKeyT .putBytes(certificate.getSignature()); } + /** + * @param certRaw Already serialized host certificate that was received as a packet. Can be restored simply by + * calling {@code new Buffer.PlainBuffer().putPublicKey(cert)} + * @param cert A key with a certificate received from a server. + * @param hostname A hostname of the server. It is juxtaposed to the principals of the certificate. + * @return null if the certificate is valid, an error message if it is not valid. + * @throws Buffer.BufferException If something from {@code certRaw} or {@code cert} can't be parsed. + */ + public static String verifyHostCertificate(byte[] certRaw, Certificate cert, String hostname) + throws Buffer.BufferException, SSHRuntimeException { + String signatureType = new Buffer.PlainBuffer(cert.getSignature()).readString(); + final Signature signature = Factory.Named.Util.create(ALL_SIGNATURES, signatureType); + if (signature == null) { + return "Unknown signature algorithm `" + signatureType + "`"; + } + + // Quotes are from + // https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.19&content-type=text/plain + + // "valid principals" is a string containing zero or more principals as + // strings packed inside it. These principals list the names for which this + // certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and + // usernames for SSH_CERT_TYPE_USER certificates. As a special case, a + // zero-length "valid principals" field means the certificate is valid for + // any principal of the specified type. + if (cert.getValidPrincipals() != null && !cert.getValidPrincipals().isEmpty()) { + boolean ok = false; + for (String principal : cert.getValidPrincipals()) { + ok = matchPattern(hostname, principal); + if (ok) { + break; + } + } + if (!ok) { + StringBuilder error = new StringBuilder() + .append("Hostname `") + .append(hostname) + .append("` doesn't match any of the principals: `"); + String delimiter = ""; + for (String principal : cert.getValidPrincipals()) { + error.append(delimiter).append(principal); + delimiter = "`, `"; + } + error.append("`"); + return error.toString(); + } + } + + // "valid after" and "valid before" specify a validity period for the + // certificate. Each represents a time in seconds since 1970-01-01 + // 00:00:00. A certificate is considered valid if: + // valid after <= current time < valid before + Date today = new Date(); + if (cert.getValidAfter() != null && today.before(cert.getValidAfter())) { + return "Certificate is valid after " + cert.getValidAfter() + ", today is " + today; + } + if (cert.getValidBefore() != null && today.after(cert.getValidBefore())) { + return "Certificate is valid before " + cert.getValidBefore() + ", today is " + today; + } + + // All critical options supported by OpenSSH relate to the client. Nothing to take from host certificates. + + signature.initVerify(new Buffer.PlainBuffer(cert.getSignatureKey()).readPublicKey()); + // -4 -- minus the length of the integer holding the length of the signature. + signature.update(certRaw, 0, certRaw.length - cert.getSignature().length - 4); + if (signature.verify(cert.getSignature())) { + return null; + } else { + return "Signature verification failed"; + } + } + + /** + * This method must work exactly as match_pattern from match.c of OpenSSH. If it works differently, consider it + * as a bug that must be fixed. + */ + public static boolean matchPattern(String target, String pattern) { + StringBuilder regex = new StringBuilder(); + String endEscape = ""; + for (int i = 0; i < pattern.length(); ++i) { + char p = pattern.charAt(i); + if (p == '?' || p == '*') { + regex.append(endEscape); + endEscape = ""; + if (p == '?') { + regex.append('.'); + } else { + regex.append(".*"); + } + } else { + if (endEscape.isEmpty()) { + regex.append("\\Q"); + endEscape = "\\E"; + } + regex.append(p); + } + } + return Pattern.compile(regex.toString()).matcher(target).matches(); + } + + public static final List> ALL_SIGNATURES = Arrays.asList( + new SignatureRSA.FactorySSHRSA(), + new SignatureRSA.FactoryCERT(), + new SignatureRSA.FactoryRSASHA256(), + new SignatureRSA.FactoryRSASHA512(), + new SignatureDSA.Factory(), + new SignatureDSA.Factory(), + new SignatureECDSA.Factory256(), + new SignatureECDSA.Factory256(), + new SignatureECDSA.Factory384(), + new SignatureECDSA.Factory384(), + new SignatureECDSA.Factory521(), + new SignatureECDSA.Factory521(), + new SignatureEdDSA.Factory(), + new SignatureEdDSA.Factory()); + static boolean isCertificateOfType(Key key, KeyType innerKeyType) { if (!(key instanceof Certificate)) { return false; diff --git a/src/main/java/net/schmizz/sshj/transport/Proposal.java b/src/main/java/net/schmizz/sshj/transport/Proposal.java index 1176ff9da..ccc5a5283 100644 --- a/src/main/java/net/schmizz/sshj/transport/Proposal.java +++ b/src/main/java/net/schmizz/sshj/transport/Proposal.java @@ -127,41 +127,42 @@ public SSHPacket getPacket() { public NegotiatedAlgorithms negotiate(Proposal other) throws TransportException { return new NegotiatedAlgorithms( - firstMatch(this.getKeyExchangeAlgorithms(), other.getKeyExchangeAlgorithms()), - firstMatch(this.getHostKeyAlgorithms(), other.getHostKeyAlgorithms()), - firstMatch(this.getClient2ServerCipherAlgorithms(), other.getClient2ServerCipherAlgorithms()), - firstMatch(this.getServer2ClientCipherAlgorithms(), other.getServer2ClientCipherAlgorithms()), - firstMatch(this.getClient2ServerMACAlgorithms(), other.getClient2ServerMACAlgorithms()), - firstMatch(this.getServer2ClientMACAlgorithms(), other.getServer2ClientMACAlgorithms()), - firstMatch(this.getClient2ServerCompressionAlgorithms(), other.getClient2ServerCompressionAlgorithms()), - firstMatch(this.getServer2ClientCompressionAlgorithms(), other.getServer2ClientCompressionAlgorithms()), + firstMatch("KeyExchangeAlgorithms", + this.getKeyExchangeAlgorithms(), + other.getKeyExchangeAlgorithms()), + firstMatch("HostKeyAlgorithms", + this.getHostKeyAlgorithms(), + other.getHostKeyAlgorithms()), + firstMatch("Client2ServerCipherAlgorithms", + this.getClient2ServerCipherAlgorithms(), + other.getClient2ServerCipherAlgorithms()), + firstMatch("Server2ClientCipherAlgorithms", + this.getServer2ClientCipherAlgorithms(), + other.getServer2ClientCipherAlgorithms()), + firstMatch("Client2ServerMACAlgorithms", + this.getClient2ServerMACAlgorithms(), + other.getClient2ServerMACAlgorithms()), + firstMatch("Server2ClientMACAlgorithms", + this.getServer2ClientMACAlgorithms(), + other.getServer2ClientMACAlgorithms()), + firstMatch("Client2ServerCompressionAlgorithms", + this.getClient2ServerCompressionAlgorithms(), + other.getClient2ServerCompressionAlgorithms()), + firstMatch("Server2ClientCompressionAlgorithms", + this.getServer2ClientCompressionAlgorithms(), + other.getServer2ClientCompressionAlgorithms()), other.getHostKeyAlgorithms().containsAll(KeyAlgorithms.SSH_RSA_SHA2_ALGORITHMS) ); } - private static String firstMatch(List a, List b) + private static String firstMatch(String ofWhat, List a, List b) throws TransportException { for (String aa : a) { if (b.contains(aa)) { return aa; } } - throw new TransportException("Unable to reach a settlement: " + a + " and " + b); - } - - private static List allMatch(List a, List b) throws TransportException { - List res = new ArrayList(); - for (String aa : a) { - if (b.contains(aa)) { - res.add(aa); - } - } - - if (res.isEmpty()) { - throw new TransportException("Unable to reach a settlement: " + a + " and " + b); - } - - return res; + throw new TransportException("Unable to reach a settlement of " + ofWhat + ": " + a + " and " + b); } private static String toCommaString(List sl) { diff --git a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java index c494d53b4..e330ac40c 100644 --- a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java +++ b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java @@ -15,6 +15,7 @@ */ package net.schmizz.sshj.transport.kex; +import com.hierynomus.sshj.userauth.certificate.Certificate; import net.schmizz.sshj.common.*; import net.schmizz.sshj.signature.Signature; import net.schmizz.sshj.transport.Transport; @@ -79,14 +80,52 @@ public boolean next(Message msg, SSHPacket packet) Signature signature = trans.getHostKeyAlgorithm().newSignature(); - signature.initVerify(hostKey); + if (hostKey instanceof Certificate) { + signature.initVerify(((Certificate)hostKey).getKey()); + } + else { + signature.initVerify(hostKey); + } signature.update(H, 0, H.length); if (!signature.verify(sig)) throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, "KeyExchange signature verification failed"); + + verifyCertificate(K_S); + return true; } + private void verifyCertificate(byte[] K_S) throws TransportException { + if (hostKey instanceof Certificate && trans.getConfig().isVerifyHostKeyCertificates()) { + final Certificate hostKey = (Certificate) this.hostKey; + String signatureType, caKeyType; + try { + signatureType = new Buffer.PlainBuffer(hostKey.getSignature()).readString(); + } catch (Buffer.BufferException e) { + signatureType = null; + } + try { + caKeyType = new Buffer.PlainBuffer(hostKey.getSignatureKey()).readString(); + } catch (Buffer.BufferException e) { + caKeyType = null; + } + log.debug("Verifying signature of the key with type {} (signature type {}, CA key type {})", + hostKey.getType(), signatureType, caKeyType); + + try { + final String certError = KeyType.CertUtils.verifyHostCertificate(K_S, hostKey, trans.getRemoteHost()); + if (certError != null) { + throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, + "KeyExchange certificate check failed: " + certError); + } + } catch (Buffer.BufferException | SSHRuntimeException e) { + throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, + "KeyExchange certificate check failed", e); + } + } + } + protected abstract void initDH(DHBase dh) throws GeneralSecurityException; diff --git a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java index cbf3122c9..7ced98242 100644 --- a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java +++ b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java @@ -16,6 +16,7 @@ package net.schmizz.sshj.transport.kex; import com.hierynomus.sshj.key.KeyAlgorithm; +import com.hierynomus.sshj.userauth.certificate.Certificate; import net.schmizz.sshj.common.*; import net.schmizz.sshj.signature.Signature; import net.schmizz.sshj.transport.Transport; @@ -88,7 +89,11 @@ private boolean parseGexReply(SSHPacket buffer) throws Buffer.BufferException, G H = digest.digest(); KeyAlgorithm keyAlgorithm = trans.getHostKeyAlgorithm(); Signature signature = keyAlgorithm.newSignature(); - signature.initVerify(hostKey); + if (hostKey instanceof Certificate) { + signature.initVerify(((Certificate) hostKey).getKey()); + } else { + signature.initVerify(hostKey); + } signature.update(H, 0, H.length); if (!signature.verify(sig)) throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, diff --git a/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java index 323290fb5..8f38472a0 100644 --- a/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java +++ b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java @@ -17,6 +17,7 @@ import com.hierynomus.sshj.common.KeyAlgorithm; import com.hierynomus.sshj.transport.verification.KnownHostMatchers; +import com.hierynomus.sshj.userauth.certificate.Certificate; import net.schmizz.sshj.common.*; import org.slf4j.Logger; @@ -356,18 +357,24 @@ public static class HostEntry implements KnownHostEntry { protected final PublicKey key; private final String comment; private final KnownHostMatchers.HostMatcher matcher; + protected final Logger log; public HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key) throws SSHException { this(marker, hostPart, type, key, ""); } public HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key, String comment) throws SSHException { + this(marker, hostPart, type, key, comment, LoggerFactory.DEFAULT); + } + + public HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key, String comment, LoggerFactory loggerFactory) throws SSHException { this.marker = marker; this.hostPart = hostPart; this.type = type; this.key = key; this.comment = comment; this.matcher = KnownHostMatchers.createMatcher(hostPart); + this.log = loggerFactory.getLogger(getClass()); } @Override @@ -387,11 +394,15 @@ public boolean appliesTo(String host) throws IOException { @Override public boolean appliesTo(KeyType type, String host) throws IOException { - return this.type == type && matcher.match(host); + return (this.type == type || (marker == Marker.CA_CERT && type.getParent() != null)) && matcher.match(host); } @Override public boolean verify(PublicKey key) throws IOException { + if (marker == Marker.CA_CERT && key instanceof Certificate) { + final PublicKey caKey = new Buffer.PlainBuffer(((Certificate) key).getSignatureKey()).readPublicKey(); + return this.type == KeyType.fromKey(caKey) && getKeyString(caKey).equals(getKeyString(this.key)); + } return getKeyString(key).equals(getKeyString(this.key)) && marker != Marker.REVOKED; } diff --git a/src/test/groovy/net/schmizz/sshj/transport/verification/KeyWithCertificateUnitSpec.groovy b/src/test/groovy/net/schmizz/sshj/transport/verification/KeyWithCertificateUnitSpec.groovy new file mode 100644 index 000000000..cbd1a8e4f --- /dev/null +++ b/src/test/groovy/net/schmizz/sshj/transport/verification/KeyWithCertificateUnitSpec.groovy @@ -0,0 +1,236 @@ +/* + * Copyright (C)2009 - SSHJ Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package net.schmizz.sshj.transport.verification + +import com.hierynomus.sshj.userauth.certificate.Certificate +import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyFileUtil +import net.schmizz.sshj.common.Buffer +import net.schmizz.sshj.common.KeyType +import spock.lang.Specification +import spock.lang.Unroll + +import java.nio.file.Files +import java.security.PublicKey +import java.util.regex.Pattern + +/** + * This is a comprehensive test for {@code @cert-authority} records in known_hosts and utilities for verifying + * host certificates. + * + * Also, take a look at the integration test {@link com.hierynomus.sshj.signature.KeyWithCertificateSpec} + * verifying that some of that host keys can be really accepted when served by sshd. + */ +class KeyWithCertificateUnitSpec extends Specification { + private static List ALL_KEYS = [ + "id_ecdsa_256_pem_signed_by_ecdsa", + "id_ecdsa_256_pem_signed_by_ed25519", + "id_ecdsa_256_pem_signed_by_rsa", + "id_ecdsa_256_rfc4716_signed_by_ecdsa", + "id_ecdsa_256_rfc4716_signed_by_ed25519", + "id_ecdsa_256_rfc4716_signed_by_rsa", + "id_ecdsa_384_pem_signed_by_ecdsa", + "id_ecdsa_384_pem_signed_by_ed25519", + "id_ecdsa_384_pem_signed_by_rsa", + "id_ecdsa_384_rfc4716_signed_by_ecdsa", + "id_ecdsa_384_rfc4716_signed_by_ed25519", + "id_ecdsa_384_rfc4716_signed_by_rsa", + "id_ecdsa_521_pem_signed_by_ecdsa", + "id_ecdsa_521_pem_signed_by_ed25519", + "id_ecdsa_521_pem_signed_by_rsa", + "id_ecdsa_521_rfc4716_signed_by_ecdsa", + "id_ecdsa_521_rfc4716_signed_by_ed25519", + "id_ecdsa_521_rfc4716_signed_by_rsa", + "id_ed25519_384_pem_signed_by_ecdsa", + "id_ed25519_384_pem_signed_by_ed25519", + "id_ed25519_384_pem_signed_by_rsa", + "id_ed25519_384_rfc4716_signed_by_ecdsa", + "id_ed25519_384_rfc4716_signed_by_ed25519", + "id_ed25519_384_rfc4716_signed_by_rsa", + "id_rsa_2048_pem_signed_by_ecdsa", + "id_rsa_2048_pem_signed_by_ed25519", + "id_rsa_2048_pem_signed_by_rsa", + "id_rsa_2048_rfc4716_signed_by_ecdsa", + "id_rsa_2048_rfc4716_signed_by_ed25519", + "id_rsa_2048_rfc4716_signed_by_rsa", + ] + + @Unroll + def "accepting a cert-authority key #hostKey"() { + given: + File knownHosts = Files.createTempFile("known_hosts", "").toFile() + knownHosts.deleteOnExit() + + and: + def matcher = Pattern.compile("^.*_signed_by_([^_]+)\$").matcher(hostKey) + assert matcher.matches() + File caPubKey = new File("src/itest/resources/keyfiles/certificates/CA_${matcher.group(1)}.pem.pub") + String knownHostsFileContents = "@cert-authority 127.0.0.1 " + caPubKey.getText() + knownHosts.write(knownHostsFileContents) + + and: + def verifier = new OpenSSHKnownHosts(knownHosts) + + and: + def publicKey = OpenSSHKeyFileUtil + .initPubKey(new FileReader( + new File("src/itest/resources/keyfiles/certificates/${hostKey}_host-cert.pub"))) + .pubKey + + when: + boolean result = verifier.verify("127.0.0.1", 22, publicKey) + + then: + result + + where: + hostKey << ALL_KEYS + } + + @Unroll + def "verifying a valid host certificate #hostKey"() { + given: + def hostCertificate = (Certificate) OpenSSHKeyFileUtil + .initPubKey(new FileReader( + new File("src/itest/resources/keyfiles/certificates/${hostKey}_host-cert.pub"))) + .pubKey + + and: + Buffer certRaw = new Buffer.PlainBuffer(); + certRaw.putPublicKey(hostCertificate); + + when: + String error = KeyType.CertUtils.verifyHostCertificate(certRaw.getCompactData(), hostCertificate, "127.0.0.1") + + then: + error == null + + where: + hostKey << ALL_KEYS + } + + def "verifying an invalid certificate which was valid before"() { + given: + def hostCertificate = (Certificate) OpenSSHKeyFileUtil + .initPubKey(new FileReader( + new File("src/itest/resources/keyfiles/certificates/" + + "id_ed25519_384_rfc4716_signed_by_rsa_host_valid_before_past-cert.pub"))) + .pubKey + + and: + Buffer certRaw = new Buffer.PlainBuffer(); + certRaw.putPublicKey(hostCertificate); + + when: + String error = KeyType.CertUtils.verifyHostCertificate(certRaw.getCompactData(), hostCertificate, "127.0.0.1") + + then: + error != null && error.startsWith("Certificate is valid before ") + } + + def "verifying an invalid certificate which will be valid after"() { + given: + def hostCertificate = (Certificate) OpenSSHKeyFileUtil + .initPubKey(new FileReader( + new File("src/itest/resources/keyfiles/certificates/" + + "id_ed25519_384_rfc4716_signed_by_rsa_host_valid_after_future-cert.pub"))) + .pubKey + + and: + Buffer certRaw = new Buffer.PlainBuffer(); + certRaw.putPublicKey(hostCertificate); + + when: + String error = KeyType.CertUtils.verifyHostCertificate(certRaw.getCompactData(), hostCertificate, "127.0.0.1") + + then: + error != null && error.startsWith("Certificate is valid after ") + } + + def "verifying an valid certificate with no principal"() { + given: + def hostCertificate = (Certificate) OpenSSHKeyFileUtil + .initPubKey(new FileReader( + new File("src/itest/resources/keyfiles/certificates/" + + "id_ed25519_384_rfc4716_signed_by_rsa_host_no_principal-cert.pub"))) + .pubKey + + and: + Buffer certRaw = new Buffer.PlainBuffer(); + certRaw.putPublicKey(hostCertificate); + + when: + String error1 = KeyType.CertUtils.verifyHostCertificate( + certRaw.getCompactData(), hostCertificate, "good.example.com") + String error2 = KeyType.CertUtils.verifyHostCertificate( + certRaw.getCompactData(), hostCertificate, "127.0.0.1") + String error3 = KeyType.CertUtils.verifyHostCertificate( + certRaw.getCompactData(), hostCertificate, "good.example.bad.com") + + then: + error1 == null + error2 == null + error3 == null + } + + def "verifying an valid certificate with wildcard principal"() { + given: + def hostCertificate = (Certificate) OpenSSHKeyFileUtil + .initPubKey(new FileReader( + new File("src/itest/resources/keyfiles/certificates/" + + "id_ed25519_384_rfc4716_signed_by_rsa_host_principal_wildcard_example_com-cert.pub"))) + .pubKey + + and: + Buffer certRaw = new Buffer.PlainBuffer(); + certRaw.putPublicKey(hostCertificate); + + when: + String error1 = KeyType.CertUtils.verifyHostCertificate( + certRaw.getCompactData(), hostCertificate, "good.example.com") + String error2 = KeyType.CertUtils.verifyHostCertificate( + certRaw.getCompactData(), hostCertificate, "127.0.0.1") + String error3 = KeyType.CertUtils.verifyHostCertificate( + certRaw.getCompactData(), hostCertificate, "good.example.bad.com") + + then: + error1 == null + error2 != null && error2.contains("doesn't match any of the principals") + error3 != null && error3.contains("doesn't match any of the principals") + } + + def "KeyType CertUtils checkPrincipals"() { + // Based on regress/unittests/match/test.c of portable OpenSSH, commit 068dc7ef783d135e91ff954e754d2ed432e + expect: + KeyType.CertUtils.matchPattern("", "") + !KeyType.CertUtils.matchPattern("", "xxx") + !KeyType.CertUtils.matchPattern("xxx", "") + !KeyType.CertUtils.matchPattern("xxx", "xxxx") + !KeyType.CertUtils.matchPattern("xxxx", "xxx") + KeyType.CertUtils.matchPattern("", "*") + KeyType.CertUtils.matchPattern("x", "?") + KeyType.CertUtils.matchPattern("xx", "x?") + KeyType.CertUtils.matchPattern("x", "*") + KeyType.CertUtils.matchPattern("xx", "x*") + KeyType.CertUtils.matchPattern("xx", "?*") + KeyType.CertUtils.matchPattern("xx", "**") + KeyType.CertUtils.matchPattern("xx", "?x") + KeyType.CertUtils.matchPattern("xx", "*x") + !KeyType.CertUtils.matchPattern("yx", "x?") + !KeyType.CertUtils.matchPattern("yx", "x*") + !KeyType.CertUtils.matchPattern("xy", "?x") + !KeyType.CertUtils.matchPattern("xy", "*x") + } +} \ No newline at end of file