diff --git a/README.adoc b/README.adoc
index e5b69842..fa000eab 100644
--- a/README.adoc
+++ b/README.adoc
@@ -81,7 +81,7 @@ signatures::
`ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519`
mac::
- `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`
+ `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`, `hmac-ripemd160`
compression::
`zlib` and `zlib@openssh.com` (delayed zlib)
diff --git a/src/itest/docker-image/Dockerfile b/src/itest/docker-image/Dockerfile
index b306ac8c..f16a5ccb 100644
--- a/src/itest/docker-image/Dockerfile
+++ b/src/itest/docker-image/Dockerfile
@@ -4,6 +4,7 @@ ADD id_rsa.pub /home/sshj/.ssh/authorized_keys
ADD test-container/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key
ADD test-container/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
+ADD test-container/sshd_config /etc/ssh/sshd_config
RUN \
echo "root:smile" | chpasswd && \
diff --git a/src/itest/docker-image/test-container/sshd_config b/src/itest/docker-image/test-container/sshd_config
new file mode 100644
index 00000000..9618c781
--- /dev/null
+++ b/src/itest/docker-image/test-container/sshd_config
@@ -0,0 +1,132 @@
+# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+# the following are HPN related configuration options
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
+
+# disable hpn performance boosts
+#HPNDisabled no
+
+# buffer size for hpn to non-hpn connections
+#HPNBufferSize 2048
+
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
+
+
+macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com
diff --git a/src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy b/src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy
index 19ae629c..52e5d5e9 100644
--- a/src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy
@@ -15,22 +15,28 @@
*/
package com.hierynomus.sshj
+import net.schmizz.sshj.Config
import net.schmizz.sshj.DefaultConfig
import net.schmizz.sshj.SSHClient
import net.schmizz.sshj.transport.verification.PromiscuousVerifier
import spock.lang.Specification
class IntegrationBaseSpec extends Specification {
- protected static final int DOCKER_PORT = 2222;
- protected static final String USERNAME = "sshj";
- protected final static String SERVER_IP = System.getProperty("serverIP", "127.0.0.1");
+ protected static final int DOCKER_PORT = 2222
+ protected static final String USERNAME = "sshj"
+ protected static final String KEYFILE = "src/test/resources/id_rsa"
+ protected final static String SERVER_IP = System.getProperty("serverIP", "127.0.0.1")
+
+ protected static SSHClient getConnectedClient(Config config) {
+ SSHClient sshClient = new SSHClient(config)
+ sshClient.addHostKeyVerifier(new PromiscuousVerifier())
+ sshClient.connect(SERVER_IP, DOCKER_PORT)
+
+ return sshClient
+ }
protected static SSHClient getConnectedClient() throws IOException {
- SSHClient sshClient = new SSHClient(new DefaultConfig());
- sshClient.addHostKeyVerifier(new PromiscuousVerifier());
- sshClient.connect(SERVER_IP, DOCKER_PORT);
-
- return sshClient;
+ return getConnectedClient(new DefaultConfig())
}
}
diff --git a/src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy b/src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy
index 16d3e004..84a9ee17 100644
--- a/src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy
@@ -51,7 +51,7 @@ class IntegrationSpec extends IntegrationBaseSpec {
SSHClient client = getConnectedClient()
when:
- client.authPublickey("sshj", "src/test/resources/id_rsa")
+ client.authPublickey(USERNAME, KEYFILE)
then:
client.isAuthenticated()
diff --git a/src/itest/groovy/com/hierynomus/sshj/transport/mac/MacSpec.groovy b/src/itest/groovy/com/hierynomus/sshj/transport/mac/MacSpec.groovy
new file mode 100644
index 00000000..310275f8
--- /dev/null
+++ b/src/itest/groovy/com/hierynomus/sshj/transport/mac/MacSpec.groovy
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.mac
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.transport.mac.HMACRIPEMD160
+import net.schmizz.sshj.transport.mac.HMACSHA2256
+import spock.lang.Unroll
+
+class MacSpec extends IntegrationBaseSpec {
+
+ @Unroll
+ def "should correctly connect with #mac MAC"() {
+ given:
+ def cfg = new DefaultConfig()
+ cfg.setMACFactories(macFactory)
+ def client = getConnectedClient(cfg)
+
+ when:
+ client.authPublickey(USERNAME, KEYFILE)
+
+ then:
+ client.authenticated
+
+ where:
+ macFactory << [new HMACSHA2256.Factory(), new HMACRIPEMD160.Factory()]
+ mac = macFactory.name
+ }
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/mac/HMACRIPEMD160.java b/src/main/java/net/schmizz/sshj/transport/mac/HMACRIPEMD160.java
new file mode 100644
index 00000000..a228f7d1
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/mac/HMACRIPEMD160.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.transport.mac;
+
+public class HMACRIPEMD160 extends BaseMAC {
+ /** Named factory for the HMAC-SHA1 MAC */
+ public static class Factory
+ implements net.schmizz.sshj.common.Factory.Named {
+
+ @Override
+ public MAC create() {
+ return new HMACRIPEMD160();
+ }
+
+ @Override
+ public String getName() {
+ return "hmac-ripemd160";
+ }
+ }
+
+
+ public HMACRIPEMD160() {
+ super("HMACRIPEMD160", 20, 20);
+ }
+}