mirror of
https://github.com/hierynomus/sshj.git
synced 2025-12-06 15:20:54 +03:00
Support host certificate keys (#703)
* Handle @cert-authority in known_hosts. * Fix ClassCastException when receiving an ECDSA-CERT host key. * Mention what exactly is not negotiated. * Verify host key certificates during key exchange. * Unit and integration tests for host key verification. * Show sshd logs when integration test finishes. * Review fixes: extract to private method, change strings.
This commit is contained in:
Vladimir Lagunov
12
build.gradle
12
build.gradle
@@ -276,6 +276,15 @@ task startItestContainer(type: DockerStartContainer) {
|
|||||||
targetContainerId createItestContainer.getContainerId()
|
targetContainerId createItestContainer.getContainerId()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
task logItestContainer(type: DockerLogsContainer) {
|
||||||
|
dependsOn createItestContainer
|
||||||
|
targetContainerId createItestContainer.getContainerId()
|
||||||
|
showTimestamps = true
|
||||||
|
stdErr = true
|
||||||
|
stdOut = true
|
||||||
|
tailAll = true
|
||||||
|
}
|
||||||
|
|
||||||
task stopItestContainer(type: DockerStopContainer) {
|
task stopItestContainer(type: DockerStopContainer) {
|
||||||
targetContainerId createItestContainer.getContainerId()
|
targetContainerId createItestContainer.getContainerId()
|
||||||
}
|
}
|
||||||
@@ -288,6 +297,9 @@ task forkedUploadRelease(type: GradleBuild) {
|
|||||||
project.tasks.integrationTest.dependsOn(startItestContainer)
|
project.tasks.integrationTest.dependsOn(startItestContainer)
|
||||||
project.tasks.integrationTest.finalizedBy(stopItestContainer)
|
project.tasks.integrationTest.finalizedBy(stopItestContainer)
|
||||||
|
|
||||||
|
// Being enabled, it pollutes logs on CI. Uncomment when debugging some test to get sshd logs.
|
||||||
|
// project.tasks.stopItestContainer.dependsOn(logItestContainer)
|
||||||
|
|
||||||
project.tasks.release.dependsOn([project.tasks.integrationTest, project.tasks.build])
|
project.tasks.release.dependsOn([project.tasks.integrationTest, project.tasks.build])
|
||||||
project.tasks.release.finalizedBy(project.tasks.forkedUploadRelease)
|
project.tasks.release.finalizedBy(project.tasks.forkedUploadRelease)
|
||||||
project.tasks.jacocoTestReport.dependsOn(project.tasks.test)
|
project.tasks.jacocoTestReport.dependsOn(project.tasks.test)
|
||||||
|
|||||||
@@ -8,17 +8,17 @@ ADD test-container/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key
|
|||||||
ADD test-container/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_ed25519_key.pub
|
ADD test-container/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_ed25519_key.pub
|
||||||
ADD test-container/sshd_config /etc/ssh/sshd_config
|
ADD test-container/sshd_config /etc/ssh/sshd_config
|
||||||
COPY test-container/trusted_ca_keys /etc/ssh/trusted_ca_keys
|
COPY test-container/trusted_ca_keys /etc/ssh/trusted_ca_keys
|
||||||
|
COPY test-container/host_keys/* /etc/ssh/
|
||||||
|
|
||||||
RUN apk add --no-cache tini
|
RUN apk add --no-cache tini
|
||||||
RUN \
|
RUN \
|
||||||
echo "root:smile" | chpasswd && \
|
echo "root:smile" | chpasswd && \
|
||||||
adduser -D -s /bin/ash sshj && \
|
adduser -D -s /bin/ash sshj && \
|
||||||
passwd -u sshj && \
|
passwd -u sshj && \
|
||||||
|
echo "sshj:ultrapassword" | chpasswd && \
|
||||||
chmod 600 /home/sshj/.ssh/authorized_keys && \
|
chmod 600 /home/sshj/.ssh/authorized_keys && \
|
||||||
chmod 600 /etc/ssh/ssh_host_ecdsa_key && \
|
chmod 600 /etc/ssh/ssh_host_*_key && \
|
||||||
chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub && \
|
chmod 644 /etc/ssh/*.pub && \
|
||||||
chmod 600 /etc/ssh/ssh_host_ed25519_key && \
|
|
||||||
chmod 644 /etc/ssh/ssh_host_ed25519_key.pub && \
|
|
||||||
chown -R sshj:sshj /home/sshj
|
chown -R sshj:sshj /home/sshj
|
||||||
|
|
||||||
ENTRYPOINT ["/sbin/tini", "/entrypoint.sh", "-o", "LogLevel=DEBUG2"]
|
ENTRYPOINT ["/sbin/tini", "/entrypoint.sh", "-o", "LogLevel=DEBUG2"]
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
|
||||||
|
1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQR1fMdT7FYIpIo+4hhd5oOgHk6uW79B
|
||||||
|
HVscKp83yPhFylnG4NtpF7anAWTcpl5aB9eJVWTCP5KVvlVLVkxUSRDwAAAAwITPM06Ezz
|
||||||
|
NOAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7i
|
||||||
|
GF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEP
|
||||||
|
AAAAAhAP21AnkkpifUJgiBSYk7YhOfcwC4VfMB3n+BBln73VnmAAAAImlkX2VjZHNhXzI1
|
||||||
|
Nl9yZmM0NzE2X3NpZ25lZF9ieV9yc2EBAgMEBQ==
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQgbM6lYD+Yx1aendIKHYuKthkIN0WhvPdMA0DbC/QmEAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgAOa69XTj4yOPjKtN5Few84Y2qj4p/4RK9yiAjWWxbMQv+dlLzEH/wtj6p1SeDJozFssVfyH2ODFGY9Dct3K4SbLA1b8LfM6vaf1bUxdQz7njsQ40KpcJu662hMOkj9AKTQgpVUVgJJOQuLrIbyfjKClaqt2W6ziH2eLn7wPsZ6HGhQMALQVmebzgFepnwCve9wgX1HNOfuAYYVQwFXddi/xQ4BIVmsH6E3DcUUzjtZZaG063CddPYOW2Ea1efWqHu20FRWqsMnwbL6Hr9JkjKv/Iub8mgLMP1bhbMEblb+tQ+y9RRvPwjT89tKljc7hXvBxpHA4c4ZlnTidsjqPHVeARCt5LV4lES7HWEZ+kFIkGndNLYXOUnxgk6iSLLHVVZUCZPbUiZbSJdoj7r7LGiz4KA7mnqQQGU2jWxSI2drD5T6SW0TFspzjX4dPnJyzFpe02Fl+NvblUUHsnPTHdsRexHRNfqkQhKIO4i8AM8U02nU/uBmXFPb9ANbLcq+Npw== id_ecdsa_256_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPA= id_ecdsa_256_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
|
||||||
|
1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQQ00XynBzgyJLB+1SDf2elIDYt7Lz6g
|
||||||
|
Y3dzdqKmYe5L6jzUShmV1UjiE9gCl7i47aRWHSZ3VwiZ0jsT2ekL+ctScSn+NGgw/6BgFr
|
||||||
|
c3zIkJoYWYzpg2D3mKUkNDMnJWgisAAADw6GCqcuhgqnIAAAATZWNkc2Etc2hhMi1uaXN0
|
||||||
|
cDM4NAAAAAhuaXN0cDM4NAAAAGEENNF8pwc4MiSwftUg39npSA2Ley8+oGN3c3aipmHuS+
|
||||||
|
o81EoZldVI4hPYApe4uO2kVh0md1cImdI7E9npC/nLUnEp/jRoMP+gYBa3N8yJCaGFmM6Y
|
||||||
|
Ng95ilJDQzJyVoIrAAAAMQDwyD4C4DbK9DVDOovHqCt/f2TKaho1F4wouIIa4ZTph+9cSp
|
||||||
|
PUhlSNXKDRD7pOUdIAAAAiaWRfZWNkc2FfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQEC
|
||||||
|
AwQF
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2byoaIudWiOZaNJMfyOHNw5tOy8lWAADbp/rNkJ7krwAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKwAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAV3uUrbSScu722FmIUG1FEtd7X+y58XlZyBZMDkI2G8RL0bZtALg8kfAUqRs17XS8MEIsG2STDGvDoKpPlGrupTGAwjnpTrDsgr/WaXUn/21Tyv6h4npcPxX5h5OU24UdZRXUGMRqwRXn4d6c44I6lAXkFGEHV20da+2sKR02QOIEfYik7kYgUzkVE5QPr0YN2hWCNxPNahgPow2RvPDHKL0PBS2CASeIo9pZ6OECdsCX92+BXN+e8oPO+BTp2mwzaepFPiSO6pIdTOnhFHwiY7mG7Y+Xw3nCYJl9cILzeuuUeEw3elRMYtnIoUye/IZaZw6GNBObb59seFOaf8Hm7NV6F7L/RNUG7aESB2n6KKggbPci8xuCulfgi/XBxjsXd/affASOUcn3X6IIUwJDqwMBkhmagvYVoLX1gMoHBW0aLZDQEXigV0WW8v1oMsEp6Sl9Y0kRs9vPBr/8LX9vDaPKmNxOBV8uOnicDb9HZicyLkVQyPFobHOvYt/gfEUM id_ecdsa_384_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKw== id_ecdsa_384_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS
|
||||||
|
1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBkA3IU8ml4HuqnsOYb2H89fRKo0Wx
|
||||||
|
nFnke8J5olJ0eyaoAv/0fSZDiOeF5j/K6VGeCa45edqJZCNCwda0vzQaZH8AYUnwojVGH1
|
||||||
|
pchzLm1U9C3WlF0wP/c141GiNVmkKAQDN7J4KKxchhByMKVPLUzHv181OvItrLR3ECuhGT
|
||||||
|
a8xpJRYAAAEgetmfwXrZn8EAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ
|
||||||
|
AAAIUEAZANyFPJpeB7qp7DmG9h/PX0SqNFsZxZ5HvCeaJSdHsmqAL/9H0mQ4jnheY/yulR
|
||||||
|
ngmuOXnaiWQjQsHWtL80GmR/AGFJ8KI1Rh9aXIcy5tVPQt1pRdMD/3NeNRojVZpCgEAzey
|
||||||
|
eCisXIYQcjClTy1Mx79fNTryLay0dxAroRk2vMaSUWAAAAQWe6t//lZtwKOHz9KOFcSfpO
|
||||||
|
DPQTu+PyzryWrwG99r6IoEqXahhK6FjTJ7U0/Ep9zVeeiLpRVlKe15pcN6U3dp9uAAAAIm
|
||||||
|
lkX2VjZHNhXzUyMV9yZmM0NzE2X3NpZ25lZF9ieV9yc2EB
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAghRVKHO1c4TGUTQt6NcV1mXd4HCBJLlkJZtPmVp0EQjUAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFgAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAmpwzeo95ahCTQuLfdsHSlWhNlBVUsEze9ogzqhnh1unL0uDztGbEwZ3+2vAQI9wRlIBJhg+FFIOc6KW6Hi9zHZaU/ipmrtDwoMfaRrL6ZgP+COvCxPMiTuJPt8Er2OsRnarc7iM1RnhFz3jVTGhkTG8W9yvN6Pr7SeJ9DokrRMfuDBosLE7i22pLWWBeDmSHz0dh6VGUhTnEK/9RzRnPQmByRQJ+Xfv4He7QE1IWIufG6zYKi42XiCpC2DKCxI0yapKvqVWkR1snc/0ykMUESsAgyzZoYqzxUCSmTzfT/DCb1WRswFVlLb+uccpo6ioi62CCNvC88WDsXhSO4VYsUno33KL9MopvbO1Gg5IncJP+a2wbP3fFQpefx0D828DovGKNSDxGmzXE2HoEQSsW9EsrBOEBZffHRIgLx+yuR9Er67RrIzUZclUlGZaLf/PWf2JSNwuIhxCShwPu1d3I2VYx5Lcn5MXk/IpHP8xLXH/g8/Mm+NhO4blVFAOwYaox id_ecdsa_521_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFg== id_ecdsa_521_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||||
|
QyNTUxOQAAACAz/M/Awfg01fL5pK7PsOmk8sdM98WFXv/7ycMEsMu8EgAAAKilREz2pURM
|
||||||
|
9gAAAAtzc2gtZWQyNTUxOQAAACAz/M/Awfg01fL5pK7PsOmk8sdM98WFXv/7ycMEsMu8Eg
|
||||||
|
AAAEB9mj+1Z9CnxalesmwJiPa7051sjjnXKR00aQ59jCX0GTP8z8DB+DTV8vmkrs+w6aTy
|
||||||
|
x0z3xYVe//vJwwSwy7wSAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3
|
||||||
|
JzYQE=
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJPdoRzLgA3gyn+/e94rnl7IvN7PxvEeV0JTITLah2ipAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJob5TylOxmfFX5qH3iE53+zgXp3JbuxcRG9aYx/5GFiWx2yCku1/2lN/KgW2AOb31iS22LXlhCUtZBmbHiYI9aftZAyBcHGYcHvMCDHH66q+bVLlmRlNW+JjWLM46ythgRT+1dKGWAarZSwAC8hYxlV07pvt7EXFmzy4Kv0C/FL8d78P3nrRsmDTYBwrhQy1s5gwOeZlLyomPtSL7kfdxBXum8v4lG+ddtcL82iGdp2gNyonrjyaDZcdXD1FoBDlqM+lvWGO1n4ikts7JG3jcgK3QRdYOVmPnsCzEHaiTm9APuhf72+B5RXybbQcyHTA49+TptavkoxVaMqzdvIunfEYVf1S5zCHgysOkqGLOEVyMSxZk3pORajr2kdyc02Q4Plrb8B6G0rbixJRCJouS6I8J4W/Orypa2ge/un3U1JYaBeA18va7hwHoG/0zsdswETyIB+nrj59YM6Zm4zzC7Sm0SBNXFN0m2f6SDj6CDTnmj13aejQLUzED4e2Bm6Qw== id_ed25519_384_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wS id_ed25519_384_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1,27 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
|
||||||
|
NhAAAAAwEAAQAAAQEA1iHGJi0EhM4vSCe40N3670OWx6tsA28P7Rpqgl9VdYtorneByT6U
|
||||||
|
3o7nSIK7MCGXD9XFCPDbQPnCpjIOQaq9f7wzaj7vEzN3iPEsUohfGIhBnZUZqtHdPSMhqE
|
||||||
|
JwxuIqRAlSjy8XnBNK6EjgpZGyXL5NijjR9dp/jYgOCMMmJB585BWhYQt7P5qceFjz6AqH
|
||||||
|
WKnBbajorFjiJQR9LVhi9nBCC1I02e8aWqS05JR51J8J1+lECJEiKBbzD0dhAd0CPsGlux
|
||||||
|
BtwVGZF13+xzc9/NZLUUb4wJxWM0R8flmIochK+yqPgCmr7rjA3yyEPXtQrvTQ46Jjt/u6
|
||||||
|
uKyLbdiZ2QAAA9i320dZt9tHWQAAAAdzc2gtcnNhAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5
|
||||||
|
bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8T
|
||||||
|
M3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA
|
||||||
|
4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnU
|
||||||
|
nwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko
|
||||||
|
+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAwEAAQAAAQEAkd0x4GF8GYdmV+2P
|
||||||
|
DOCZhhDxjhQsoO4v2CDNev+79DVB2s7XnyG9QRnxXMiJAJFxGL1S2fNQN6OrP5ELexn2ui
|
||||||
|
OWloJGUzsU6zj2K0ZwGQMAR3sAoAcTgQkEbVzM+/2mMvByx8yZdZ0CwtaaCM8Fw/1yTnzE
|
||||||
|
MYhkqSGMBdYBjknjZ8pPMYNVucncmdYibPU5VRRhWSSXlee6oZRgWrcW8VGlFtQU/RHt1a
|
||||||
|
LUPrSk/3e1Iqk75AWaFVVwnTnz8pPBpQXboiN22gZ8fvPYO9wphPmuXPapGFUt5NHBgMOv
|
||||||
|
Yr2+uzeSYg79VKhRv6YEM3aeW8kkjdZ7r4uP8EFnimUDAQAAAIEAsIsTx8nO65tEJbCEmM
|
||||||
|
/bFXHRmMSnVyQWQgyPXTvbWyI1Uk0YyaFOnsFCuXwfM/3fupvFyKTC4rdeJYl9HiVbZAm3
|
||||||
|
puI+GIRPOdKMWdh+e802KdeGXPsc+LU0tw5zwaRKH46QtmKEu1UICmUEsDFQxYfSlL8zhc
|
||||||
|
/OrNwPUZTRtrYAAACBAOsPC4PtdyItaHVYbSlgp++foTm4adby3lYQOh4VDanY4H95ct/P
|
||||||
|
4Qa9BklZmkN5HoaPBnOCV66+RzW42qSbincRSdsYXP6t5fnnQwp9+tqCQaPuHVIGuW9MI9
|
||||||
|
qO1hwOl1HnvYFvOEvdvA+Os3as5DyZO5AP5Eta6cwjMwKDTB/hAAAAgQDpNXQL3vJvsUgP
|
||||||
|
yZjhxodGGoT7HvLVClrICEuVrJj/10t5AabWjh5G3FILZyTU+zNTGLn+emocuKf+sbrlAe
|
||||||
|
6sImXPfKKx/kgSR7knPlUi0TEOow4XbIif0cfGxqkamANe1Sv7xReR2rIqkWqEZsDNhtZR
|
||||||
|
oQQY9bNehpqAweCY+QAAACFpZF9yc2FfMjA0OF9yZmM0NzE2X3NpZ25lZF9ieV9yc2E=
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgKsWt/s6Kl/ti8EuWBhg0TdS/kEUWRzsogWz5M1CVjtoAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAAAAAAAAAAACAAAAIWlkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJSHsEN9ccb4C/wrw0Lq22tZ/tLdjXxHKa1xBZZf81z7POZy8njEDN9bXHQalpLzgR12HDnkbBhk0tBrH8JDEmddOiMZrjD5GUzsK5Y3X6H/MTZrPYSqeO7ikmffxRI4A0BjYBmGk5ClntKzs3VhbhnlwBzTbvl+lwGVnP2EJmmP6/xjB0V3udYOQMbRd9Q2ORIZWF0VSexhjVVSdEwDlDdHWubFJwpHGDXKWeijGxSYXbZGwCGhqU04DYIx7HEIm0sulIX9GxjAm16y8QvrSjKCmfOkvg6T/TVVStYGkU2BGGhXyCfCA3gecdxI8mijuLsuBnkr0rVlDg00FLOAduLzsQq7gSC0/xit4OlJO7MoNUSnC9NjNSLjPy7DzW0bwfkmvfuTpKhDmO0lNbr+6if3+Q8pXZV+q1bRFMO9AsSO52gXA/IXGZC3u5JCL56hqb03sQPn/K9ZWmiRzwJYWTpgIgycGwR1ZIYFvtqKJqtVoGaZfCIQD/I4i01qqHxVAg== id_rsa_2048_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZ id_rsa_2048_rfc4716_signed_by_rsa
|
||||||
@@ -133,4 +133,26 @@ macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.
|
|||||||
|
|
||||||
TrustedUserCAKeys /etc/ssh/trusted_ca_keys
|
TrustedUserCAKeys /etc/ssh/trusted_ca_keys
|
||||||
|
|
||||||
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
|
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
|
||||||
|
|
||||||
|
HostKey /etc/ssh/ssh_host_rsa_key
|
||||||
|
HostKey /etc/ssh/ssh_host_dsa_key
|
||||||
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||||
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||||
|
|
||||||
|
HostKey /etc/ssh/ssh_host_ecdsa_256_key
|
||||||
|
HostCertificate /etc/ssh/ssh_host_ecdsa_256_key-cert.pub
|
||||||
|
|
||||||
|
HostKey /etc/ssh/ssh_host_ecdsa_384_key
|
||||||
|
HostCertificate /etc/ssh/ssh_host_ecdsa_384_key-cert.pub
|
||||||
|
|
||||||
|
HostKey /etc/ssh/ssh_host_ecdsa_521_key
|
||||||
|
HostCertificate /etc/ssh/ssh_host_ecdsa_521_key-cert.pub
|
||||||
|
|
||||||
|
HostKey /etc/ssh/ssh_host_ed25519_384_key
|
||||||
|
HostCertificate /etc/ssh/ssh_host_ed25519_384_key-cert.pub
|
||||||
|
|
||||||
|
HostKey /etc/ssh/ssh_host_rsa_2048_key
|
||||||
|
HostCertificate /etc/ssh/ssh_host_rsa_2048_key-cert.pub
|
||||||
|
|
||||||
|
LogLevel DEBUG2
|
||||||
@@ -1,5 +1,10 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# Don't call it frequently. It's rather a documentation how everything is generated.
|
# This script is intended for generating SSH keys required for unit and integration tests. If you intend to add a new
|
||||||
|
# key to the tests, please write its generation command there.
|
||||||
|
#
|
||||||
|
# All generation commands should generate only files that does not exist. If some key is already generated, the script
|
||||||
|
# should not overwrite the key.
|
||||||
|
|
||||||
set -e -o pipefail
|
set -e -o pipefail
|
||||||
cd "${BASH_SOURCES[0]}"
|
cd "${BASH_SOURCES[0]}"
|
||||||
|
|
||||||
@@ -13,6 +18,22 @@ function generate() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function generate_cert() {
|
||||||
|
local private_key
|
||||||
|
local suffix
|
||||||
|
local cert
|
||||||
|
private_key="$1"
|
||||||
|
suffix="$2"
|
||||||
|
shift 2
|
||||||
|
cert="$private_key$suffix-cert.pub"
|
||||||
|
if [[ ! -f "$cert" ]]; then
|
||||||
|
cp "$private_key" "$private_key$suffix"
|
||||||
|
cp "$private_key.pub" "$private_key$suffix.pub"
|
||||||
|
generate "$cert" "$@" "$private_key$suffix.pub"
|
||||||
|
rm -f "$private_key$suffix" "$private_key$suffix.pub"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
generate resources/users_rsa_ca -t rsa -N ''
|
generate resources/users_rsa_ca -t rsa -N ''
|
||||||
if [[ -f resources/users_rsa_ca.pub ]]; then
|
if [[ -f resources/users_rsa_ca.pub ]]; then
|
||||||
mv resources/users_rsa_ca.pub docker-image/test-container
|
mv resources/users_rsa_ca.pub docker-image/test-container
|
||||||
@@ -41,6 +62,41 @@ for ca_algo in ecdsa rsa ed25519; do
|
|||||||
user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_${ca_algo}"
|
user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_${ca_algo}"
|
||||||
generate "$user_key" -N '' -t "$key_algo" -b "$bits" -m "$format" -C "$(basename "$user_key")"
|
generate "$user_key" -N '' -t "$key_algo" -b "$bits" -m "$format" -C "$(basename "$user_key")"
|
||||||
generate "${user_key}-cert.pub" -s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -n sshj "${user_key}.pub"
|
generate "${user_key}-cert.pub" -s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -n sshj "${user_key}.pub"
|
||||||
|
|
||||||
|
# These certificates are to be used as host certificates of sshd.
|
||||||
|
generate_cert "$user_key" _host \
|
||||||
|
-s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -h -n 127.0.0.1
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
|
mkdir -p docker-image/test-container/host_keys
|
||||||
|
|
||||||
|
for key_algo_pair in "${key_algo_pairs[@]}"; do
|
||||||
|
key_algo="${key_algo_pair/_*/}"
|
||||||
|
bits="${key_algo_pair/*_/}"
|
||||||
|
|
||||||
|
user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_rsa"
|
||||||
|
host_key="docker-image/test-container/host_keys/ssh_host_${key_algo_pair}_key"
|
||||||
|
if [[ ! -f "$host_key" ]]; then
|
||||||
|
cp -p "$user_key" "$host_key"
|
||||||
|
cp -p "${user_key}.pub" "${host_key}.pub"
|
||||||
|
cp -p "${user_key}_host-cert.pub" "${host_key}-cert.pub"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
(
|
||||||
|
cd resources/keyfiles/certificates
|
||||||
|
|
||||||
|
generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_valid_before_past \
|
||||||
|
-s "CA_rsa.pem" -I valid_before_past -h -n 127.0.0.1 -V 'always:20210101000000'
|
||||||
|
|
||||||
|
generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_valid_after_future \
|
||||||
|
-s "CA_rsa.pem" -I valid_after_future -h -n 127.0.0.1 -V '20990101000000:forever'
|
||||||
|
|
||||||
|
generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_no_principal \
|
||||||
|
-s "CA_rsa.pem" -I no_principal -h
|
||||||
|
|
||||||
|
generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_principal_wildcard_example_com \
|
||||||
|
-s "CA_rsa.pem" -I principal_wildcard_example_com -h -n '*.example.com'
|
||||||
|
)
|
||||||
|
|||||||
@@ -16,8 +16,19 @@
|
|||||||
package com.hierynomus.sshj.signature
|
package com.hierynomus.sshj.signature
|
||||||
|
|
||||||
import com.hierynomus.sshj.IntegrationBaseSpec
|
import com.hierynomus.sshj.IntegrationBaseSpec
|
||||||
|
import net.schmizz.sshj.DefaultConfig
|
||||||
|
import net.schmizz.sshj.SSHClient
|
||||||
|
import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts
|
||||||
import spock.lang.Unroll
|
import spock.lang.Unroll
|
||||||
|
|
||||||
|
import java.nio.file.Files
|
||||||
|
import java.util.stream.Collectors
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is a brief test for verifying connection to a server using keys with certificates.
|
||||||
|
*
|
||||||
|
* Also, take a look at the unit test {@link net.schmizz.sshj.transport.verification.KeyWithCertificateUnitSpec}.
|
||||||
|
*/
|
||||||
class KeyWithCertificateSpec extends IntegrationBaseSpec {
|
class KeyWithCertificateSpec extends IntegrationBaseSpec {
|
||||||
|
|
||||||
@Unroll
|
@Unroll
|
||||||
@@ -62,4 +73,43 @@ class KeyWithCertificateSpec extends IntegrationBaseSpec {
|
|||||||
"id_ed25519_384_rfc4716_signed_by_rsa",
|
"id_ed25519_384_rfc4716_signed_by_rsa",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Unroll
|
||||||
|
def "accepting a signed host public key with type #hostKeyAlgo"() {
|
||||||
|
given:
|
||||||
|
File knownHosts = Files.createTempFile("known_hosts", "").toFile()
|
||||||
|
knownHosts.deleteOnExit()
|
||||||
|
|
||||||
|
and:
|
||||||
|
File caPubKey = new File("src/itest/resources/keyfiles/certificates/CA_rsa.pem.pub")
|
||||||
|
String knownHostsFileContents = "" +
|
||||||
|
"@cert-authority $SERVER_IP ${caPubKey.text}" +
|
||||||
|
"\n@cert-authority [$SERVER_IP]:$DOCKER_PORT ${caPubKey.text}"
|
||||||
|
knownHosts.write(knownHostsFileContents)
|
||||||
|
|
||||||
|
and:
|
||||||
|
def config = new DefaultConfig()
|
||||||
|
config.keyAlgorithms = config.keyAlgorithms.stream()
|
||||||
|
.filter { it.name == hostKeyAlgo }
|
||||||
|
.collect(Collectors.toList())
|
||||||
|
SSHClient sshClient = new SSHClient(config)
|
||||||
|
sshClient.addHostKeyVerifier(new OpenSSHKnownHosts(knownHosts))
|
||||||
|
sshClient.connect(SERVER_IP, DOCKER_PORT)
|
||||||
|
|
||||||
|
when:
|
||||||
|
sshClient.authPassword("sshj", "ultrapassword")
|
||||||
|
|
||||||
|
then:
|
||||||
|
sshClient.authenticated
|
||||||
|
|
||||||
|
and:
|
||||||
|
knownHosts.getText() == knownHostsFileContents
|
||||||
|
|
||||||
|
where:
|
||||||
|
hostKeyAlgo << [
|
||||||
|
"ecdsa-sha2-nistp256-cert-v01@openssh.com",
|
||||||
|
"ssh-ed25519-cert-v01@openssh.com",
|
||||||
|
"ssh-rsa-cert-v01@openssh.com",
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgl67ZVJD8No6A02obFMo6hs8Ldt14DeO6b58RWpAiPycAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5MAAAAAAAAAAAAAAAIAAAAgaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIFO6PcSIVKhcnYZRRLes2qPZMpq7P+UDW20vYQn9aQltAAAAIQC877vpE4EbsJuyymmw/T7NsjmVcQnH/U6WjwZCODxI1g== id_ecdsa_256_pem_signed_by_ecdsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgAfBLm5SO2/sG021RdO4S+q1AVpdahAz3jx3XIBMX/DcAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fgAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQD/r1H8JDNXac/XsQr5pxLKAa2EkBtitlyjQlAWX3UlBdm00r9NfcNa0qOhYEAITA2ipM0Kox43KzkSIB9N8yw4= id_ecdsa_256_pem_signed_by_ed25519
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg39MCdE+TdsgibyL9pdV+Oip06sFgPj7Lldoa8Mdrr6EAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDoAAAAAAAAAAAAAAAIAAAAeaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAu9U1TrUpxb5Iq1/3i5gvgiUk+Pr8ckCJ1X2v2g0wJF1iDRgt1ynL5o842Va0dND8r/tlYuXiXDY+nVK3P5e+Qdyq7ORbbibqDfJXpXN3WRCY4IjXzAWBUh2h8ywDTBgpbvBdcv0ITOF8V9w8LwCzFMqAEAf9ZvxqNA33qJjUXpP/XFwrkK81VJo4XNPXFf5NXRrUn7nDDU2QMyzfLYJwErNVV8iw/U/cef9ens1M15IX8yrMJxCQb7JQkvKeUPrs6ALa4lgvMISl1/jDEQ4nCw0YrXC9rWOTr71HS7SZrw3KLJQYyQNGBjqc4n4BqhPUYf9ac+w1trKBMtw0tFKjVEzsjg6dpYMr5cIon6Gm1N9GWV6pRcghkDoC3qbSUDbvqFWUOt9HAuiFUpye4BxP/W52PM63xVJhkOQ0DpQbCM2W7KWj6E/KjHlFeoTPzy3GmG3KBUrl1nQK5HSriuINyLZAq6Q8AUhekG8Td52rucU9WYfz1W6J7XrdEy73jsVT id_ecdsa_256_pem_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg0cIXSpmbkGXAqBI2MfH9tpCITWA28bvcPogKDHk2+aUAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmoAAAAAAAAAAAAAAAIAAAAkaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAZQAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASgAAACEAm95yiB9YDmtQJR1Eqeg9Di5GAu0BmbIIVQXKqAmbNgkAAAAhAOCYC23uX7C1wSo4uHcDnIkN1fwjTkrmzryLbGQvI10R id_ecdsa_256_rfc4716_signed_by_ecdsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgrJTOkSNe36/l/T13/eKF59eow8nik6PMBXKDJc52ODwAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3PQAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4yaIAAAAAAAAAAAAAAAIAAAAmaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuHAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECrlWp1E6MWq80NGW5i4gpWH/hKwEJlsoKMokLUi1GilQuMaS0FPrFl4XJR44fCZKKuugaoouL8zxUgficeVOYM id_ecdsa_256_rfc4716_signed_by_ed25519
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQgbM6lYD+Yx1aendIKHYuKthkIN0WhvPdMA0DbC/QmEAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgAOa69XTj4yOPjKtN5Few84Y2qj4p/4RK9yiAjWWxbMQv+dlLzEH/wtj6p1SeDJozFssVfyH2ODFGY9Dct3K4SbLA1b8LfM6vaf1bUxdQz7njsQ40KpcJu662hMOkj9AKTQgpVUVgJJOQuLrIbyfjKClaqt2W6ziH2eLn7wPsZ6HGhQMALQVmebzgFepnwCve9wgX1HNOfuAYYVQwFXddi/xQ4BIVmsH6E3DcUUzjtZZaG063CddPYOW2Ea1efWqHu20FRWqsMnwbL6Hr9JkjKv/Iub8mgLMP1bhbMEblb+tQ+y9RRvPwjT89tKljc7hXvBxpHA4c4ZlnTidsjqPHVeARCt5LV4lES7HWEZ+kFIkGndNLYXOUnxgk6iSLLHVVZUCZPbUiZbSJdoj7r7LGiz4KA7mnqQQGU2jWxSI2drD5T6SW0TFspzjX4dPnJyzFpe02Fl+NvblUUHsnPTHdsRexHRNfqkQhKIO4i8AM8U02nU/uBmXFPb9ANbLcq+Npw== id_ecdsa_256_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgY2OzNmZOc/vZIZBQFWEORqvMf/oHPrX+yxHKqhAZ28cAAAAIbmlzdHAzODQAAABhBKvEgMXaTNdJ6LBFZUD2wQl/z9IHTkkUr6B7ooE6v+2+/oQhJvzBUyaQAZRvmgsvoSBpn13WrrDelOFbZ0LhtDI/sHVbhNopkJHAXwQf7O84/pBE7PEVtfMICIKNy9twHQAAAAAAAAAAAAAAAgAAACBpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lY2RzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAgMqxtjTDkl14nj/EpXUdqoheSYN6nNsH6J4ZedLti6AcAAAAhAIkJoGGFMb0sTPfmWEa7Dd0GIZYz6jhV+P34XT5krXcB id_ecdsa_384_pem_signed_by_ecdsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgGZiVJml5jUGLWIzSqiJPuIHQlllgL0ACSFDfHcI/KyQAAAAIbmlzdHAzODQAAABhBOJBx4Ut3ZRLNQngcHU2aV4zaElAEneWe6vD4usYodHbHCXzBl4+G29WkJWd1/QYuZt5NNyINIDagBogvrcDPCCcZa5IKZB1PJUjNht/Dp4I+LiEZzxwpLxkdBLY4rxq8QAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lZDI1NTE5AAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAFMAAAALc3NoLWVkMjU1MTkAAABAHyGchTk5zw6vfu+SdHdSz7p2Nb0gTnp2/DJ8I9oN1l4PQT2xnPOvPo0EiopxTFhu9gLmaBFBtb0Ld1KjseKADA== id_ecdsa_384_pem_signed_by_ed25519
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgjKDNUKzzdplM18CnnurEHP8+6IXdamkGh9Ph41DBJTgAAAAIbmlzdHAzODQAAABhBD1WQbH/pDaRjPc4QKpgtOEcW/LsSteXU9zIjEIVkCpd/WaPfrnql1zu/G0Ncx5YL2YfKEDtzXxhskac8OAR5Cr7wMg6CYh1NuOBqsPSbELCtf1F2SLbGEWG4d7HombN1AAAAAAAAAAAAAAAAgAAAB5pZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9yc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYBXT6blHmMNsbfVmpgXmtpqadS7GZAaGoI5QGuKBS6RheUfvDsMUGnyR87wsfZ2NP6AsFYMDMksqYR4VTiPiUUdA/owXUnOMlyUIYJ2viQaa7b4PPFtfLV5w8UicYzmASITd0OF4vXRjk6CMKjtABfU9pVuStHseTV6vYU2QVsQDWqTlkjYSNitkMY/bIBGihaUNi/6vh8sdfZYpRURx93lHJYPNwJ4NJCG7UZ+bzIoPw2RuF1RgZ+ttD7h7W5nb2sGkDTUqny3oLHBW9ojMhYl8Y3GKRdBpmnaWRsOF5a6ieH3WlICyHh2q8JPc0cJXKbUmkkiqt034nHbdM5Vb+qQekhTLK4FW0tgkrv2THGQF5WXxOHCXQwBQrYgYR/tBPkR7R6rqJOGnlBKGW7Sl1CZ4Steb88apE6P7Y4n1BDmNzNCfJcPHn/aAgCRoofoXS97i2H9o0Umo/CKPbaj4yRl4rJMhmlY+FKNOwPufG0B+fz8v6iPQc7CzbSVsM4JOF4= id_ecdsa_384_pem_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgIH2g9NXosXkqoj6f7eNLPk98Uh6MUmUhZ19LCxlzWa8AAAAIbmlzdHAzODQAAABhBLsm8bRWv9Txuseoc5B7iX2AF1rOV0zxmmlPIfQQaO1SApq25ve9yv+um6SKd+H1+cvs+Hdhkp8VF3Dw4kKcmj4QlMgm76HwXEBYJ6pQYyKfwte3fIvRmmJ/k8dyKyxf7QAAAAAAAAAAAAAAAgAAACRpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIAZvilKjdWVhv2A5epyRnl+SCniqMwsMCuOLLyMs1a6ZAAAAIQCZOSTiBbGXkOpfKAGMbwI/CuhzAJ7mEck2tUGy4Q1H/w== id_ecdsa_384_rfc4716_signed_by_ecdsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgpBK50228sbCN3k6O6Lq+6YXfw8pxjgUp9n4GOLgxiM4AAAAIbmlzdHAzODQAAABhBH41T4lRzsu5RQxdGxNMnLnll/AWqL2/fUpknCSU4WTYjY7zfz+N3YCw76P9ZZ5wdRqoMFSw1Qy3h8lYeo3HVbwaUKB0E5+nhuMiNC6o6UZXtoyjXewNf8okUe3Rf7SFZgAAAAAAAAAAAAAAAgAAACZpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQPmNVrSkiNwV5QTpJGgPALtBrJsBqdV/+62I9xbcyTK54EhepQpFCgCeA+IjgVHq/H0gTvEceBIeF2+dqnAziQo= id_ecdsa_384_rfc4716_signed_by_ed25519
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2byoaIudWiOZaNJMfyOHNw5tOy8lWAADbp/rNkJ7krwAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKwAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAV3uUrbSScu722FmIUG1FEtd7X+y58XlZyBZMDkI2G8RL0bZtALg8kfAUqRs17XS8MEIsG2STDGvDoKpPlGrupTGAwjnpTrDsgr/WaXUn/21Tyv6h4npcPxX5h5OU24UdZRXUGMRqwRXn4d6c44I6lAXkFGEHV20da+2sKR02QOIEfYik7kYgUzkVE5QPr0YN2hWCNxPNahgPow2RvPDHKL0PBS2CASeIo9pZ6OECdsCX92+BXN+e8oPO+BTp2mwzaepFPiSO6pIdTOnhFHwiY7mG7Y+Xw3nCYJl9cILzeuuUeEw3elRMYtnIoUye/IZaZw6GNBObb59seFOaf8Hm7NV6F7L/RNUG7aESB2n6KKggbPci8xuCulfgi/XBxjsXd/affASOUcn3X6IIUwJDqwMBkhmagvYVoLX1gMoHBW0aLZDQEXigV0WW8v1oMsEp6Sl9Y0kRs9vPBr/8LX9vDaPKmNxOBV8uOnicDb9HZicyLkVQyPFobHOvYt/gfEUM id_ecdsa_384_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgljz9cq4YOgdjizjJxYPhIblsiGaNr4rbW+UxI052PRgAAAAIbmlzdHA1MjEAAACFBADXgtn8yZsPVYf0BaJ4sfDcUoF2haBwNdn/2VkY/IGZrLsugZoEmH0NjrGtuKBEx81o58oWDzQ9n/MnWvY+y5qRmwCcxvW6GNvc/5JqxZCyikxVRg6b/d5PymXGzSLJZ8nNIsrXXGgJA1UrxlJ49BsimSXofYKeyaE7i9prp12LAc1g9QAAAAAAAAAAAAAAAgAAACBpZF9lY2RzYV81MjFfcGVtX3NpZ25lZF9ieV9lY2RzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAhANmQ0VNPszFETV7Lfn6VA+I/t2QSIjib/GNDxcAsjFm8AAAAIDi7J/plqM439EnUEdE+hWIjWr36/niunriITGK6LQtE id_ecdsa_521_pem_signed_by_ecdsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgYoxIX3Mo7+jAnHiCyZk0AWRXzoJQPamNhaRp21UFhjYAAAAIbmlzdHA1MjEAAACFBAG5csVGz7eZTbSPGi5xqSKFXSg0y0ejfLbdf7J1FXUPUUoWYQ6/I7MH/Syf0RbpOerqiJNv4eEQPAhd0jyQ+FqzaQHX1IFH5YOyKMzy8B7xCzk/GZnnUCVwiwiIvnTU3EAXCvLsu8J8/W0xLotP9d32eaeIf3bhuas3ynaVBshs4qUoBwAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV81MjFfcGVtX3NpZ25lZF9ieV9lZDI1NTE5AAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAFMAAAALc3NoLWVkMjU1MTkAAABA2q0DkWCWaGbuV+B6tn6fjoI5Fy8d5ql4vG9gyyi41h3BycYwkDbWDY/rjgBt6afX9cO67nMBf7VGjAbb8qVlDQ== id_ecdsa_521_pem_signed_by_ed25519
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgXzPBlfFOTmt4ROYqyBk7wLseG5ypOhseHeR9I9IM5uwAAAAIbmlzdHA1MjEAAACFBADFh68QqWBcD66XbyBApCA6m6/HHp0b004M7VeTeGsQjd6chsmnCJSAsBqIQT9+F+AFSISKpipVVDG4kXIasBGiHwAq14UBlZyfGK176ojym6IQ6tsIjfxz8DtQuyGHo6JIh4bEoP3x2L/q3Wdp43tYrAsmqFsxNHQbYEluq/TtcJjoxAAAAAAAAAAAAAAAAgAAAB5pZF9lY2RzYV81MjFfcGVtX3NpZ25lZF9ieV9yc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYCwfvVii3Oow0X2sEHUsSGu/edh/Q9ufhAcnhFfdTd6r0PdEFFTgwnaUDqObIADRC3kno8iE4EBzm/Xw0hiuOajMogPcuzEvsyolyufsF7MuNly+YdkGC62q1QrAiUhYhukC47sBB+F7VbU40iq0ZRgaLfy5MVmh3wtqNa3l/u436Y3Ktic0oEmgVoxJ0dE3qvblX+1KuzTp1yqZ/Y8YADDtOtPOsfrF9Vi7c/0sBv5UDGWChf75xyDENKgvPeRMJJIjSW1wQIQfl/RNu6dhgj52y6p55Y7ZztBzN2ur122pecR4DKDNFPvWJGhlJ2PEVLQa3JQLeWF5DSgS1qy97lKXgs2OtH8a+9W/FZSeArK3oDaOWD7enrsZGj4WOt4CAb4TsLV66SSJuaj0tyecJ1ac1Pf0ge52v5tvplXBYGq+imGeA36lla4CiLnOFZUIJspySSvmUUmpvCXWFHuXZfgeZoBg1Mo2c5xlQ6iyWsVskUvx0jJrYLGJTuBbSJBRc0= id_ecdsa_521_pem_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgEuAycKwsEpmV6yVJP9HCBVbguDTNoYm5MOmvz9SKFrcAAAAIbmlzdHA1MjEAAACFBAFRVmAGsmCeXn6RuYGxMIY8WcYaAsuJ9kJ5LzMYvbpm52YcAaL4IwzDwPQjt2XKvC8Hrp5TfSqdTJ2FIPizEeznAwGJiPa7APBg7NvOY3+fZJsMBrCaYotaNHOVzUcETmIubo2Ur1+U6EVMp3LkdCaA+0Xq5FHRIjPmYAV41bBn7CXsDwAAAAAAAAAAAAAAAgAAACRpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIQCrSAZ6bAf0trLQEEwdJpNP4CWvBKVwd5j+JfVybGWniAAAACBKGVOvYlH5D62gYZSnEDYRUiJ9GfmBmHhC4+JGT75jcQ== id_ecdsa_521_rfc4716_signed_by_ecdsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg4hle/btcQQy6KvwysH5Ca/DrEtiMFIFytG+e1dYdYUcAAAAIbmlzdHA1MjEAAACFBAFUxd19OpkxQlbq5n2cW98D7XKDz7b1/+fWMB4j7Rv+IrOAtJp4xW8U8+cfogfjVydxxlownzbsd8Px6t9zxMECaQBIC6hl0BT2+Ze0/AvsIjKL4wqSFbwBMRyZYbDTl5TlDD5j2HbSRVJcEXZdl/lZYI7N3qA2cn6R7sWrpNgA5EpAJAAAAAAAAAAAAAAAAgAAACZpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQG5klgohVK0FfiXiWBswiR4d5LBBgJRhkwV6ulqbZ5wHGH8GUg7Q/r9cgBGYWeafj5xLPleUtONhrp0cdSFsDwE= id_ecdsa_521_rfc4716_signed_by_ed25519
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAghRVKHO1c4TGUTQt6NcV1mXd4HCBJLlkJZtPmVp0EQjUAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFgAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAmpwzeo95ahCTQuLfdsHSlWhNlBVUsEze9ogzqhnh1unL0uDztGbEwZ3+2vAQI9wRlIBJhg+FFIOc6KW6Hi9zHZaU/ipmrtDwoMfaRrL6ZgP+COvCxPMiTuJPt8Er2OsRnarc7iM1RnhFz3jVTGhkTG8W9yvN6Pr7SeJ9DokrRMfuDBosLE7i22pLWWBeDmSHz0dh6VGUhTnEK/9RzRnPQmByRQJ+Xfv4He7QE1IWIufG6zYKi42XiCpC2DKCxI0yapKvqVWkR1snc/0ykMUESsAgyzZoYqzxUCSmTzfT/DCb1WRswFVlLb+uccpo6ioi62CCNvC88WDsXhSO4VYsUno33KL9MopvbO1Gg5IncJP+a2wbP3fFQpefx0D828DovGKNSDxGmzXE2HoEQSsW9EsrBOEBZffHRIgLx+yuR9Er67RrIzUZclUlGZaLf/PWf2JSNwuIhxCShwPu1d3I2VYx5Lcn5MXk/IpHP8xLXH/g8/Mm+NhO4blVFAOwYaox id_ecdsa_521_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIPuUNVb7fQWM90pUFvjt1DB7vZclmLuoNvRH2epqyKTvAAAAIByIPRHOEWFytcQuAbqhFept3pgPqpzt5ALqIczx4MeRAAAAAAAAAAAAAAACAAAAImlkX2VkMjU1MTlfMzg0X3BlbV9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABlAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABKAAAAIQD+2Ve9JcDSsrDNMhk5MAkwCtT19i/M3YMhZ0v2kIjDYQAAACEAwur83VZG11I+8UVV7shjbDrospxQ5AlHiIncDoPcttg= id_ed25519_384_pem_signed_by_ecdsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIBtktEOTbKpW3yct/WDfKxtOrM9qGOLQGEJyTlnPleLbAAAAILqslSEN2YOIAYi+3isnKwHWeno360GF7f8xMXrFJvYkAAAAAAAAAAAAAAACAAAAJGlkX2VkMjU1MTlfMzg0X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQMi2Yn2Gg+jffFffHxwnqX2PFBk+iQF60bbH3OvEJ1qb3hvu10TXCZRp9IK4alTCCvH8NTWYvsrqQXzp4AL0aQ4= id_ed25519_384_pem_signed_by_ed25519
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIH8rdkRE/S+wkb6oBlsxESUqFisqhneL1ftu9tjNuv0wAAAAIOnD3CuECiynBFqCR0sxZ7DhSoCbBUvkV4KTey8U5snsAAAAAAAAAAAAAAACAAAAIGlkX2VkMjU1MTlfMzg0X3BlbV9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAbx6XJ8mVvv4755eo9eRBYPqvt99+2o1AbSAP9AvN0Vhjci8bpaejppqvI2b2spcY89JiX7FeeXUPZha0tnYLBApvOZqKNV/+lC+Q2L2QJk4owdYFJBVCz10L26RaGbddGjUkkSBDwmZVO+He6h4kwHCeYOIU0xwL9ACM3G8imaIlAthgShmul7cPBOxtKgqOA1qcI10iCTHlaDNZd3ZdbdbK3xiTkH0SkU2ZUWK/ic3HD3RvkOBeekNQAlmTTnTYR9xJK/ByEn7p061Ltqt8PJnuRLDKFJytMMWgCoqXo8c5CNuIH5vCbS6L1TVikqveuieQInqO5ieG/0doiVelQ9+6+yEZzlkfXHF9o5pEf5WY8IEx2RoaDhe07Cqs2zbBA0gtQ/c5QUwEkp7gPqd8rH6lJourDNHn0jvmTfVSapNcAcF9pOFmzaZ2pf41ebxAwbTrCAhVER4BvbO7F/t8UM7tM78hxGR36XiJzr8V77qTme4zyjzqL2LVA1NS78uB id_ed25519_384_pem_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAINFbDKbeYwzCUInVJEv0plRCrCbC0MR5ggiAgjj/k+ulAAAAIPOpOX0eSgAKq8ScLsK5KUGwOmOyVEpe7GyQ63lEE3YUAAAAAAAAAAAAAAACAAAAJmlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAYwAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASAAAACB1UdoDvQCPFVu4oFlGBt8QHny3T04Ff0X02DiYOVIfhgAAACBSV4/AbZofELomySZHqgQd/Ml35hweRzA09GxS4pZyGA== id_ed25519_384_rfc4716_signed_by_ecdsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIKvwYrGku8uMgRVK6n2+rYSc53mWlaH8sktlM4HlAsvnAAAAICU8fq8BUhwAE5UvFjIY2WUWbkxtM7Ay7h5H33Y1wuFeAAAAAAAAAAAAAAACAAAAKGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuHAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEACFDvq2T22ICMUR5laAIQYB7fF42REAzQwUvO6xmAwcHuVXe/IDSA6OZISvbnbfus4wwgi9H3lOn2sHZKZ3KAE id_ed25519_384_rfc4716_signed_by_ed25519
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJPdoRzLgA3gyn+/e94rnl7IvN7PxvEeV0JTITLah2ipAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJob5TylOxmfFX5qH3iE53+zgXp3JbuxcRG9aYx/5GFiWx2yCku1/2lN/KgW2AOb31iS22LXlhCUtZBmbHiYI9aftZAyBcHGYcHvMCDHH66q+bVLlmRlNW+JjWLM46ythgRT+1dKGWAarZSwAC8hYxlV07pvt7EXFmzy4Kv0C/FL8d78P3nrRsmDTYBwrhQy1s5gwOeZlLyomPtSL7kfdxBXum8v4lG+ddtcL82iGdp2gNyonrjyaDZcdXD1FoBDlqM+lvWGO1n4ikts7JG3jcgK3QRdYOVmPnsCzEHaiTm9APuhf72+B5RXybbQcyHTA49+TptavkoxVaMqzdvIunfEYVf1S5zCHgysOkqGLOEVyMSxZk3pORajr2kdyc02Q4Plrb8B6G0rbixJRCJouS6I8J4W/Orypa2ge/un3U1JYaBeA18va7hwHoG/0zsdswETyIB+nrj59YM6Zm4zzC7Sm0SBNXFN0m2f6SDj6CDTnmj13aejQLUzED4e2Bm6Qw== id_ed25519_384_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIF0yzVBaIjX3wUoburRPayIO+/1bNinAoryocYgIDiIuAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAADG5vX3ByaW5jaXBhbAAAAAAAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAtbKBpiEXJLTe9MZqpoYjF0b0hdEsUZkhVHfR1oQZpTwkZiR9XZw90BlSAd17T9NcCn7E3PDUnCf3OI6gQHWZcr+XfWV3foK1i4k98MVaitoKm/v5pf07arDXCQ86CjjSBYxH19YZFsyWXGifYkqpdJ69Iyu6UWpH+r6zOrCnirMQJR/UqraObxCSdFApqMpCRhrxqeFovdbPsNL9zES+tZpFdim4faxDCdEcK8wlSQpiiv5BMuJL8gk5vHGDcWKFw1nvfU4sXr9QZ/ZMH/AoLljfIcATTchGy93WKg0KN1I2hhaFPcjomx+bDUD8M4feFOqGoNxHFEQVlxP2in7ZCtLWLtxTF2jDeDjRrMxcA5V3/S6/fZtDXQoCieKluHF/PcN8LTx23pUYAptqPSNL3OQQqRNflznPpBc9zUwii+lBuuwhlfAGSyIJS9DVv75UaLdbB0X0PJaiaJ2/TJbzIy8icw6lCglF2c2cvaBFmoD5YwKXVW3dTGdhiL1Ocrgn id_ed25519_384_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIAB3LG/o5WHvX+ZAzFUiWxhhvsb42vvEFvvVI2EFeFS+AAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAHnByaW5jaXBhbF93aWxkY2FyZF9leGFtcGxlX2NvbQAAABEAAAANKi5leGFtcGxlLmNvbQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYBxBc/C0PaNBx27GpSw/fWAuunyhW5eVwKs2ZEu42M9ynzrrWbnayv4yc+SolZFs2tS5MH6v6CpIzM9dBZwsbnYPcFwTsrGZa1Uvta00RzheabzTUX7X24nG/zbm/aJeA/Ds3x8Suz8zmX3f4tczj+Lh1E3tGi2RLtxZlHpZoJ5B8z/YZPR30TsC1cQiKgrkXQyWLdyfQlpoO2TK3GofutQGEYwDwItNDUs83y2CiiJMwz3+mmVBYYSOP9ukNt0C8XIG8x0AOwHCASzJrPWyg8bmsUjzaO++MPU01Piq09Gzo+WZv7Lcg+62NjLlIymM9MKiYYWxDMpbwzxJgLeF3c1lxYd5FaA9jKtR0hxiRz8e4WVPDRT4M2ymsf7UiJpqUIOoWo2DnuoGNAT0Rj195KXyT3h5k7/aEaV65rAjyuMNfNedBkh5oXU8+DH28tOk61ElHeXFhGDrogyiJj2EBqUvbc9KA+QpgCp0g51P79AK8LG0ZfXRZkTK0ukO/Ke5Cg= id_ed25519_384_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIBVgz01W2NGee5mbYcK51YX29G9jW+9OBixplapZkFkdAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAEnZhbGlkX2FmdGVyX2Z1dHVyZQAAAA0AAAAJMTI3LjAuMC4xAAAAAPKkwRD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgIsjtxJK2y/mfVlY391EFLVkcsOVvMQ5q5GrNfoOHtzOtL4VQjoyxcUVYs9UQfyWJlApMbXsFJuUAyqOW9nXhBM6gzTGsNBu1CCaqOGWJDQXmQOz9rNcctqaCYJQ0od2hn5q1Dq5mZk1NUhJvf7UCuYnWP6yIEIdwWkHD0gGKzjktrm5HMcpfMGN7yfIFd/u9hmAss3n6FN78cAz7I7d8QIYUF02++qS01Kyu0KhGGdzMaxgeMF1FTZEnVWLaQtK2jyG4TwKEs6IesrmQ7FT9KvlVRfVMpsTumeoJnr9+BpoT5Gt0eW/wCFfjFtLr5kchS6/mnfOVX4fpocp4RqR01PJtD8p+7Vt8fzwus6QSZr2Ek7RL+WtZFzRBcLZPodYPPml8qrg3QEwOYvaeVDFsFe8YX+zlC+3Q5mjKsQmgr/zju8FcSzlGaVxJfF3PSIgjB8GwQEKXNZgjKLXs7QoW4HySiUdXX1kO5JkmetIRMhBHuefObYbu9ZIYv4palWkPw== id_ed25519_384_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIOl+YlsnRjEH2sOva2Ur1aYxhuQieVMhZsMwWJ2YaKxtAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAEXZhbGlkX2JlZm9yZV9wYXN0AAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAAAAAABf7gOQAAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGATlsN6BT8HOJKHNRni+VbRa1x6SloqcLTe1zksiyZXdWCZw+vX1Auhr4TW+FyVq4pPslpl9Q3DxFS3p5I2zETnhDj5mro1VcffAQh/AIz/YbsKbfc5oJidMiVJpotO4fLm7ugx0WSjmRqpVznCM5ctnrOQCvVMCElD/8Nzir/5tNsSvr7r/CbNCEPiEFNICLrL4Ab3Ukt8aa/w8YYczMwwUECJISQH6mu+Pw55w5DkaUdYk5khyzSDM42NQfMlzyJkEqq579S7NaeMLLI3zuKcZKCrHoXw2LlQ1qioQwe03tnWc+C4nVPYchDZM3iOhmgIugJuoYznvje5GDzNqbr+H9QRMj7fID1+dhkqRRm4Yj4uhlre3qHIQTfV12T8IE22qjgvm+aycZVTOlJOlyEzGBs8CtWm7n8ztkNVQjGNdLVTp/ZdqSij1ZClW25bM60CbcT2eGPV7j1igAefbeQinfhOw2c5qWkJZpBbWjU9Th/Ezeb0ZYMtjjwsGXbEbZ6 id_ed25519_384_rfc4716_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQePTFA5eBLg7Uoa5ZcWM0sw3d+XOvOWsakWV6SjFQ58AAAADAQABAAABAQC30ozNilw6pw8Msyuh10WCLC3TAMjSlj4At2RI1Dv5zIRlRVRkeIom0Z/OGvJItvFVy4lgAr5DBENs222zyVDJ7YfheoFfQNZCkyoxNjl9Q7QalHsGUUu9tp2h9Z0fFHhzYv9TY3vTOvNv7tdQP9bAv4TikRJ3yrXjNp7sh1FssgjsqB1PgSq5fcsgVl1wdTPply+Mll+ox7Xzy5SRyqHuQrYLjeqlEsv1QWVnVVZwZW/WlcsljecCmUFefEWVcAA9YDOSwE0Bof6/uEG5AzuiWlQnag1esb753WRO6Slc6V/xcRtdwGwEWkXQ+EECe+Rtm9URgQNsKQHoNr5n7PHJAAAAAAAAAAAAAAACAAAAH2lkX3JzYV8yMDQ4X3BlbV9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABjAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABIAAAAIEFdneHQn/1QjiEzjvGE/cqQpejAsaajlY5XaHv1bsarAAAAIDmGZKQJ4MiZYbYCeHGzrlO1rv6jreX7zf6qHgXbHT/G id_rsa_2048_pem_signed_by_ecdsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgHQ0uhiEmRWzLXEXqOLFUg8jW7a+Eha7N3shuEUN8B/QAAAADAQABAAABAQCi4f4v2VVqxGyNhXMuIZi4rOts8W5Id/MEguyO06G/zWCgufUGHYTOqMH1h4UCmn4VMwA7eq72MKIYgUT0rodZr5HBPXx83cA7dhKpLfGNCPjp+KyEEMXuy2b+Ge6ZOVtssTHKvGdHA3dQEUJlH9eHG5lX++6L/Y7T6yVM7APoLsm0JOq57cU1AfBcglpVGVGnU0hox6cMseBWDmWVRnjsnPUpW0FV9RGXYdTjkFl6Br0/OBcBGa6XKyPT3yN+BOLrRcdIyRzM30DgDACT95C3gsrRyvyjIAkNLTf2N4svfDiLQ3P0vkQgdd+x68uUWNtEN2SwsBZ9BIb0wfYJyOW9AAAAAAAAAAAAAAACAAAAIWlkX3JzYV8yMDQ4X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQP3A39F4TWICXZwoUCfJXdlZZIYx63xMsdQOUtnfo71BbRo0g+w4fBeq/VMAxpwDP97pApmC8hquWBYUC1AP8gg= id_rsa_2048_pem_signed_by_ed25519
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgDwDM1NcRGgPpz7ToAutSs9GiY9vfHRrQ2441HRG3FrYAAAADAQABAAABAQCnVoILEZ27lIPYGAeVwW2hw1n0tCLJCcUPavojTBGNlkwGF3zDphPrGSHSnUL1t4pkNaKOAGVECYOMpfW0f3lSxFoM2gHLBStS2hqSHQIVbXnvWf3JF2SAwU5BQxMc9mITr7ig894lQXfWjTCck1AqAUGIGBNlgDYXTOoZZjEti9ee05mDqixUcfo4Q3eBgVBMR0Q9Zf518dhsJS3TyUBiLrrT0HD4AUR5MsnhawWdMSsl7itG6h++xBP7YR9u6TTcPPmaBPCnwU7U/xnlVXODg1Ru9WY1GlDx/H/4ZteNCNb0YimjpLve+HsJj729XS5p5Ra8vvWOUwsp79RkEMYzAAAAAAAAAAAAAAACAAAAHWlkX3JzYV8yMDQ4X3BlbV9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAY9jLX691l9Etdix/weRDTsVGPPofH6rH8946/NDwD/ux7CwCKU14OOB1RzAomM37oXShhf00DlfhxtZDQFzStLHGTA/o/FUUz5YhFYffjT8kTw76aA0OlajveE5R1of/6VEh8Wcja1r7CTsG6SAsEZTLZXjiwZ/bnHQTeO2M2crjvK+LHpGpwbQ16XxuPl30R8huYmGrC0pBzLk5aNkpnTKgVjKeqElsI9jhAfSREBSrHKWKlIoNur6pAbovbbUKks6VSHGPvXlLyvuz0vfrvuJQSo1g9fyKfCWMKxegsOJLNMrSoq8O3wnW39sdTXtz3u/7RmZUC+uqqpFpEnHNKG6tRccyA5HWrGquYW5mZZVMMdbUEe//gMEYvlGuvszWRQUt4Hipe6ZgSkKK+ldPTleY7ug0CEL7RJ6t4MyXoYhSWNwgp/KxBLLZdeHri6VS58mtE6dZnNgx8Kdus9UUXtuP1CfmDRB6mfgJy9a5DPOUrCU9I2G19+9y3Y8vs7Wi id_rsa_2048_pem_signed_by_rsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgR26e1ueYBqbL0QiZB93BRUbChyzJRnrTjGuzyrdpUpoAAAADAQABAAABAQChzfhMsTK9RqNGOmgl4cRfYF5JmEVk2TkZL87LsB5WOllI3wcPtRycwlK4+o0R/7x0Z01+jHSdrXhV7LqYe5l6JzNjzuXO+MqwoGjSB0KAg/whZrId0HANvytE3CW7V0IKddOJNTqYBXLRcDuf09/CCB1Jtkigq/vzBC+7lMUi0cLRtuLDEq2v8Bp6Zyr72pGexpzJuF2mtih7RHuBd7fZvwOsRJHHMfQskzftcLNUvqQVUtrNjzqgEj7UrWcC48E8o2/ilD00EJELXBlKd6zJ7lDfcjGbbLiQ25L5vcmGSedSs67q10YLTbJU/aBFFtUw6mLv0Nj/Nzy8lfbPwYiNAAAAAAAAAAAAAAACAAAAI2lkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAZAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASQAAACBXNsWldlK2bKN76qYGPvbSytO69UlwFf2afmPpcj4CLAAAACEAhaFEFhap3hVZT0Y6jBOhAnKGFMMENPARGUMRPiUTLt4= id_rsa_2048_rfc4716_signed_by_ecdsa
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgWhpb/3tZC1M/jLshw7fgQYdmYjOeOaF4NDY0bqZvtPQAAAADAQABAAABAQDqNvETxJaUoQ+RU2XEkG1BCvi0CMef7xyZK3dL4mnYDpQ4y2jWyEnfkIDzdj+EIFExTm6Gagz+WM9/LrAYMQtQHiX7l56ztHlsTRJTNJjXDn/YR//IBrMKRZq+3VBT6bC3CBSux8RVtU8RmhwIk/338ad1KS3dMZ7AkZ1ulOuYhVZ/eg5AMw9EuPNH4Uj6Cd5oazV6cOs8vRE75yZK7RAridBcFiJDtnAMi/yfCNJAPhKc/7gV7gtfVPA2P26hgwdlWjg47y5uHf/TR+dyNvm2LGev6wwoJiErFVQHgNDqWXBl5/PpiCYkUqqt8RAFvivbJ19yTy9FuUGENhQLosgdAAAAAAAAAAAAAAACAAAAJWlkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuHAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEBp5TfQATvq3liq/XLC+JuzUJA+MRC0o9e8LHEnzt9vuCXEzGT+3AespnxjVsZpwsc2uB7he5nFlhusLE5Ow2oD id_rsa_2048_rfc4716_signed_by_ed25519
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgKsWt/s6Kl/ti8EuWBhg0TdS/kEUWRzsogWz5M1CVjtoAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAAAAAAAAAAACAAAAIWlkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJSHsEN9ccb4C/wrw0Lq22tZ/tLdjXxHKa1xBZZf81z7POZy8njEDN9bXHQalpLzgR12HDnkbBhk0tBrH8JDEmddOiMZrjD5GUzsK5Y3X6H/MTZrPYSqeO7ikmffxRI4A0BjYBmGk5ClntKzs3VhbhnlwBzTbvl+lwGVnP2EJmmP6/xjB0V3udYOQMbRd9Q2ORIZWF0VSexhjVVSdEwDlDdHWubFJwpHGDXKWeijGxSYXbZGwCGhqU04DYIx7HEIm0sulIX9GxjAm16y8QvrSjKCmfOkvg6T/TVVStYGkU2BGGhXyCfCA3gecdxI8mijuLsuBnkr0rVlDg00FLOAduLzsQq7gSC0/xit4OlJO7MoNUSnC9NjNSLjPy7DzW0bwfkmvfuTpKhDmO0lNbr+6if3+Q8pXZV+q1bRFMO9AsSO52gXA/IXGZC3u5JCL56hqb03sQPn/K9ZWmiRzwJYWTpgIgycGwR1ZIYFvtqKJqtVoGaZfCIQD/I4i01qqHxVAg== id_rsa_2048_rfc4716_signed_by_rsa
|
||||||
@@ -90,6 +90,13 @@ public interface Config {
|
|||||||
*/
|
*/
|
||||||
String getVersion();
|
String getVersion();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if host key certificates should be verified while connecting to the server. It is recommended to
|
||||||
|
* verify them, but can cause connection failures in cases when previous versions of the library could have managed
|
||||||
|
* to connect.
|
||||||
|
*/
|
||||||
|
boolean isVerifyHostKeyCertificates();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the named factories for {@link Cipher}.
|
* Set the named factories for {@link Cipher}.
|
||||||
*
|
*
|
||||||
@@ -187,4 +194,10 @@ public interface Config {
|
|||||||
* @return The LoggerFactory the SSHClient will use.
|
* @return The LoggerFactory the SSHClient will use.
|
||||||
*/
|
*/
|
||||||
LoggerFactory getLoggerFactory();
|
LoggerFactory getLoggerFactory();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets whether the SSH client should verify host key certificates or not.
|
||||||
|
* See {@link #isVerifyHostKeyCertificates()}.
|
||||||
|
*/
|
||||||
|
void setVerifyHostKeyCertificates(boolean value);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -47,6 +47,7 @@ public class ConfigImpl
|
|||||||
|
|
||||||
private boolean waitForServerIdentBeforeSendingClientIdent = false;
|
private boolean waitForServerIdentBeforeSendingClientIdent = false;
|
||||||
private LoggerFactory loggerFactory;
|
private LoggerFactory loggerFactory;
|
||||||
|
private boolean verifyHostKeyCertificates = true;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Factory.Named<Cipher>> getCipherFactories() {
|
public List<Factory.Named<Cipher>> getCipherFactories() {
|
||||||
@@ -177,4 +178,14 @@ public class ConfigImpl
|
|||||||
public void setLoggerFactory(LoggerFactory loggerFactory) {
|
public void setLoggerFactory(LoggerFactory loggerFactory) {
|
||||||
this.loggerFactory = loggerFactory;
|
this.loggerFactory = loggerFactory;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isVerifyHostKeyCertificates() {
|
||||||
|
return verifyHostKeyCertificates;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setVerifyHostKeyCertificates(boolean value) {
|
||||||
|
verifyHostKeyCertificates = value;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,12 +17,17 @@ package net.schmizz.sshj.common;
|
|||||||
|
|
||||||
import com.hierynomus.sshj.common.KeyAlgorithm;
|
import com.hierynomus.sshj.common.KeyAlgorithm;
|
||||||
import com.hierynomus.sshj.signature.Ed25519PublicKey;
|
import com.hierynomus.sshj.signature.Ed25519PublicKey;
|
||||||
|
import com.hierynomus.sshj.signature.SignatureEdDSA;
|
||||||
import com.hierynomus.sshj.userauth.certificate.Certificate;
|
import com.hierynomus.sshj.userauth.certificate.Certificate;
|
||||||
import net.i2p.crypto.eddsa.EdDSAPublicKey;
|
import net.i2p.crypto.eddsa.EdDSAPublicKey;
|
||||||
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
|
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
|
||||||
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
|
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
|
||||||
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
|
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
|
||||||
import net.schmizz.sshj.common.Buffer.BufferException;
|
import net.schmizz.sshj.common.Buffer.BufferException;
|
||||||
|
import net.schmizz.sshj.signature.Signature;
|
||||||
|
import net.schmizz.sshj.signature.SignatureDSA;
|
||||||
|
import net.schmizz.sshj.signature.SignatureECDSA;
|
||||||
|
import net.schmizz.sshj.signature.SignatureRSA;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
@@ -36,6 +41,7 @@ import java.security.interfaces.RSAPublicKey;
|
|||||||
import java.security.spec.DSAPublicKeySpec;
|
import java.security.spec.DSAPublicKeySpec;
|
||||||
import java.security.spec.RSAPublicKeySpec;
|
import java.security.spec.RSAPublicKeySpec;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
/** Type of key e.g. rsa, dsa */
|
/** Type of key e.g. rsa, dsa */
|
||||||
public enum KeyType {
|
public enum KeyType {
|
||||||
@@ -417,7 +423,7 @@ public enum KeyType {
|
|||||||
return sType;
|
return sType;
|
||||||
}
|
}
|
||||||
|
|
||||||
static class CertUtils {
|
public static class CertUtils {
|
||||||
|
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
static <T extends PublicKey> Certificate<T> readPubKey(Buffer<?> buf, KeyType innerKeyType) throws GeneralSecurityException {
|
static <T extends PublicKey> Certificate<T> readPubKey(Buffer<?> buf, KeyType innerKeyType) throws GeneralSecurityException {
|
||||||
@@ -461,6 +467,122 @@ public enum KeyType {
|
|||||||
.putBytes(certificate.getSignature());
|
.putBytes(certificate.getSignature());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param certRaw Already serialized host certificate that was received as a packet. Can be restored simply by
|
||||||
|
* calling {@code new Buffer.PlainBuffer().putPublicKey(cert)}
|
||||||
|
* @param cert A key with a certificate received from a server.
|
||||||
|
* @param hostname A hostname of the server. It is juxtaposed to the principals of the certificate.
|
||||||
|
* @return null if the certificate is valid, an error message if it is not valid.
|
||||||
|
* @throws Buffer.BufferException If something from {@code certRaw} or {@code cert} can't be parsed.
|
||||||
|
*/
|
||||||
|
public static String verifyHostCertificate(byte[] certRaw, Certificate<?> cert, String hostname)
|
||||||
|
throws Buffer.BufferException, SSHRuntimeException {
|
||||||
|
String signatureType = new Buffer.PlainBuffer(cert.getSignature()).readString();
|
||||||
|
final Signature signature = Factory.Named.Util.create(ALL_SIGNATURES, signatureType);
|
||||||
|
if (signature == null) {
|
||||||
|
return "Unknown signature algorithm `" + signatureType + "`";
|
||||||
|
}
|
||||||
|
|
||||||
|
// Quotes are from
|
||||||
|
// https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.19&content-type=text/plain
|
||||||
|
|
||||||
|
// "valid principals" is a string containing zero or more principals as
|
||||||
|
// strings packed inside it. These principals list the names for which this
|
||||||
|
// certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and
|
||||||
|
// usernames for SSH_CERT_TYPE_USER certificates. As a special case, a
|
||||||
|
// zero-length "valid principals" field means the certificate is valid for
|
||||||
|
// any principal of the specified type.
|
||||||
|
if (cert.getValidPrincipals() != null && !cert.getValidPrincipals().isEmpty()) {
|
||||||
|
boolean ok = false;
|
||||||
|
for (String principal : cert.getValidPrincipals()) {
|
||||||
|
ok = matchPattern(hostname, principal);
|
||||||
|
if (ok) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!ok) {
|
||||||
|
StringBuilder error = new StringBuilder()
|
||||||
|
.append("Hostname `")
|
||||||
|
.append(hostname)
|
||||||
|
.append("` doesn't match any of the principals: `");
|
||||||
|
String delimiter = "";
|
||||||
|
for (String principal : cert.getValidPrincipals()) {
|
||||||
|
error.append(delimiter).append(principal);
|
||||||
|
delimiter = "`, `";
|
||||||
|
}
|
||||||
|
error.append("`");
|
||||||
|
return error.toString();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// "valid after" and "valid before" specify a validity period for the
|
||||||
|
// certificate. Each represents a time in seconds since 1970-01-01
|
||||||
|
// 00:00:00. A certificate is considered valid if:
|
||||||
|
// valid after <= current time < valid before
|
||||||
|
Date today = new Date();
|
||||||
|
if (cert.getValidAfter() != null && today.before(cert.getValidAfter())) {
|
||||||
|
return "Certificate is valid after " + cert.getValidAfter() + ", today is " + today;
|
||||||
|
}
|
||||||
|
if (cert.getValidBefore() != null && today.after(cert.getValidBefore())) {
|
||||||
|
return "Certificate is valid before " + cert.getValidBefore() + ", today is " + today;
|
||||||
|
}
|
||||||
|
|
||||||
|
// All critical options supported by OpenSSH relate to the client. Nothing to take from host certificates.
|
||||||
|
|
||||||
|
signature.initVerify(new Buffer.PlainBuffer(cert.getSignatureKey()).readPublicKey());
|
||||||
|
// -4 -- minus the length of the integer holding the length of the signature.
|
||||||
|
signature.update(certRaw, 0, certRaw.length - cert.getSignature().length - 4);
|
||||||
|
if (signature.verify(cert.getSignature())) {
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
return "Signature verification failed";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method must work exactly as match_pattern from match.c of OpenSSH. If it works differently, consider it
|
||||||
|
* as a bug that must be fixed.
|
||||||
|
*/
|
||||||
|
public static boolean matchPattern(String target, String pattern) {
|
||||||
|
StringBuilder regex = new StringBuilder();
|
||||||
|
String endEscape = "";
|
||||||
|
for (int i = 0; i < pattern.length(); ++i) {
|
||||||
|
char p = pattern.charAt(i);
|
||||||
|
if (p == '?' || p == '*') {
|
||||||
|
regex.append(endEscape);
|
||||||
|
endEscape = "";
|
||||||
|
if (p == '?') {
|
||||||
|
regex.append('.');
|
||||||
|
} else {
|
||||||
|
regex.append(".*");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (endEscape.isEmpty()) {
|
||||||
|
regex.append("\\Q");
|
||||||
|
endEscape = "\\E";
|
||||||
|
}
|
||||||
|
regex.append(p);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return Pattern.compile(regex.toString()).matcher(target).matches();
|
||||||
|
}
|
||||||
|
|
||||||
|
public static final List<Factory.Named<Signature>> ALL_SIGNATURES = Arrays.asList(
|
||||||
|
new SignatureRSA.FactorySSHRSA(),
|
||||||
|
new SignatureRSA.FactoryCERT(),
|
||||||
|
new SignatureRSA.FactoryRSASHA256(),
|
||||||
|
new SignatureRSA.FactoryRSASHA512(),
|
||||||
|
new SignatureDSA.Factory(),
|
||||||
|
new SignatureDSA.Factory(),
|
||||||
|
new SignatureECDSA.Factory256(),
|
||||||
|
new SignatureECDSA.Factory256(),
|
||||||
|
new SignatureECDSA.Factory384(),
|
||||||
|
new SignatureECDSA.Factory384(),
|
||||||
|
new SignatureECDSA.Factory521(),
|
||||||
|
new SignatureECDSA.Factory521(),
|
||||||
|
new SignatureEdDSA.Factory(),
|
||||||
|
new SignatureEdDSA.Factory());
|
||||||
|
|
||||||
static boolean isCertificateOfType(Key key, KeyType innerKeyType) {
|
static boolean isCertificateOfType(Key key, KeyType innerKeyType) {
|
||||||
if (!(key instanceof Certificate)) {
|
if (!(key instanceof Certificate)) {
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@@ -127,41 +127,42 @@ class Proposal {
|
|||||||
public NegotiatedAlgorithms negotiate(Proposal other)
|
public NegotiatedAlgorithms negotiate(Proposal other)
|
||||||
throws TransportException {
|
throws TransportException {
|
||||||
return new NegotiatedAlgorithms(
|
return new NegotiatedAlgorithms(
|
||||||
firstMatch(this.getKeyExchangeAlgorithms(), other.getKeyExchangeAlgorithms()),
|
firstMatch("KeyExchangeAlgorithms",
|
||||||
firstMatch(this.getHostKeyAlgorithms(), other.getHostKeyAlgorithms()),
|
this.getKeyExchangeAlgorithms(),
|
||||||
firstMatch(this.getClient2ServerCipherAlgorithms(), other.getClient2ServerCipherAlgorithms()),
|
other.getKeyExchangeAlgorithms()),
|
||||||
firstMatch(this.getServer2ClientCipherAlgorithms(), other.getServer2ClientCipherAlgorithms()),
|
firstMatch("HostKeyAlgorithms",
|
||||||
firstMatch(this.getClient2ServerMACAlgorithms(), other.getClient2ServerMACAlgorithms()),
|
this.getHostKeyAlgorithms(),
|
||||||
firstMatch(this.getServer2ClientMACAlgorithms(), other.getServer2ClientMACAlgorithms()),
|
other.getHostKeyAlgorithms()),
|
||||||
firstMatch(this.getClient2ServerCompressionAlgorithms(), other.getClient2ServerCompressionAlgorithms()),
|
firstMatch("Client2ServerCipherAlgorithms",
|
||||||
firstMatch(this.getServer2ClientCompressionAlgorithms(), other.getServer2ClientCompressionAlgorithms()),
|
this.getClient2ServerCipherAlgorithms(),
|
||||||
|
other.getClient2ServerCipherAlgorithms()),
|
||||||
|
firstMatch("Server2ClientCipherAlgorithms",
|
||||||
|
this.getServer2ClientCipherAlgorithms(),
|
||||||
|
other.getServer2ClientCipherAlgorithms()),
|
||||||
|
firstMatch("Client2ServerMACAlgorithms",
|
||||||
|
this.getClient2ServerMACAlgorithms(),
|
||||||
|
other.getClient2ServerMACAlgorithms()),
|
||||||
|
firstMatch("Server2ClientMACAlgorithms",
|
||||||
|
this.getServer2ClientMACAlgorithms(),
|
||||||
|
other.getServer2ClientMACAlgorithms()),
|
||||||
|
firstMatch("Client2ServerCompressionAlgorithms",
|
||||||
|
this.getClient2ServerCompressionAlgorithms(),
|
||||||
|
other.getClient2ServerCompressionAlgorithms()),
|
||||||
|
firstMatch("Server2ClientCompressionAlgorithms",
|
||||||
|
this.getServer2ClientCompressionAlgorithms(),
|
||||||
|
other.getServer2ClientCompressionAlgorithms()),
|
||||||
other.getHostKeyAlgorithms().containsAll(KeyAlgorithms.SSH_RSA_SHA2_ALGORITHMS)
|
other.getHostKeyAlgorithms().containsAll(KeyAlgorithms.SSH_RSA_SHA2_ALGORITHMS)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String firstMatch(List<String> a, List<String> b)
|
private static String firstMatch(String ofWhat, List<String> a, List<String> b)
|
||||||
throws TransportException {
|
throws TransportException {
|
||||||
for (String aa : a) {
|
for (String aa : a) {
|
||||||
if (b.contains(aa)) {
|
if (b.contains(aa)) {
|
||||||
return aa;
|
return aa;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
throw new TransportException("Unable to reach a settlement: " + a + " and " + b);
|
throw new TransportException("Unable to reach a settlement of " + ofWhat + ": " + a + " and " + b);
|
||||||
}
|
|
||||||
|
|
||||||
private static List<String> allMatch(List<String> a, List<String> b) throws TransportException {
|
|
||||||
List<String> res = new ArrayList<String>();
|
|
||||||
for (String aa : a) {
|
|
||||||
if (b.contains(aa)) {
|
|
||||||
res.add(aa);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (res.isEmpty()) {
|
|
||||||
throw new TransportException("Unable to reach a settlement: " + a + " and " + b);
|
|
||||||
}
|
|
||||||
|
|
||||||
return res;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String toCommaString(List<String> sl) {
|
private static String toCommaString(List<String> sl) {
|
||||||
|
|||||||
@@ -15,6 +15,7 @@
|
|||||||
*/
|
*/
|
||||||
package net.schmizz.sshj.transport.kex;
|
package net.schmizz.sshj.transport.kex;
|
||||||
|
|
||||||
|
import com.hierynomus.sshj.userauth.certificate.Certificate;
|
||||||
import net.schmizz.sshj.common.*;
|
import net.schmizz.sshj.common.*;
|
||||||
import net.schmizz.sshj.signature.Signature;
|
import net.schmizz.sshj.signature.Signature;
|
||||||
import net.schmizz.sshj.transport.Transport;
|
import net.schmizz.sshj.transport.Transport;
|
||||||
@@ -79,14 +80,52 @@ public abstract class AbstractDHG extends AbstractDH {
|
|||||||
|
|
||||||
|
|
||||||
Signature signature = trans.getHostKeyAlgorithm().newSignature();
|
Signature signature = trans.getHostKeyAlgorithm().newSignature();
|
||||||
signature.initVerify(hostKey);
|
if (hostKey instanceof Certificate<?>) {
|
||||||
|
signature.initVerify(((Certificate<?>)hostKey).getKey());
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
signature.initVerify(hostKey);
|
||||||
|
}
|
||||||
signature.update(H, 0, H.length);
|
signature.update(H, 0, H.length);
|
||||||
if (!signature.verify(sig))
|
if (!signature.verify(sig))
|
||||||
throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,
|
throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,
|
||||||
"KeyExchange signature verification failed");
|
"KeyExchange signature verification failed");
|
||||||
|
|
||||||
|
verifyCertificate(K_S);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void verifyCertificate(byte[] K_S) throws TransportException {
|
||||||
|
if (hostKey instanceof Certificate<?> && trans.getConfig().isVerifyHostKeyCertificates()) {
|
||||||
|
final Certificate<?> hostKey = (Certificate<?>) this.hostKey;
|
||||||
|
String signatureType, caKeyType;
|
||||||
|
try {
|
||||||
|
signatureType = new Buffer.PlainBuffer(hostKey.getSignature()).readString();
|
||||||
|
} catch (Buffer.BufferException e) {
|
||||||
|
signatureType = null;
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
caKeyType = new Buffer.PlainBuffer(hostKey.getSignatureKey()).readString();
|
||||||
|
} catch (Buffer.BufferException e) {
|
||||||
|
caKeyType = null;
|
||||||
|
}
|
||||||
|
log.debug("Verifying signature of the key with type {} (signature type {}, CA key type {})",
|
||||||
|
hostKey.getType(), signatureType, caKeyType);
|
||||||
|
|
||||||
|
try {
|
||||||
|
final String certError = KeyType.CertUtils.verifyHostCertificate(K_S, hostKey, trans.getRemoteHost());
|
||||||
|
if (certError != null) {
|
||||||
|
throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,
|
||||||
|
"KeyExchange certificate check failed: " + certError);
|
||||||
|
}
|
||||||
|
} catch (Buffer.BufferException | SSHRuntimeException e) {
|
||||||
|
throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,
|
||||||
|
"KeyExchange certificate check failed", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
protected abstract void initDH(DHBase dh)
|
protected abstract void initDH(DHBase dh)
|
||||||
throws GeneralSecurityException;
|
throws GeneralSecurityException;
|
||||||
|
|
||||||
|
|||||||
@@ -16,6 +16,7 @@
|
|||||||
package net.schmizz.sshj.transport.kex;
|
package net.schmizz.sshj.transport.kex;
|
||||||
|
|
||||||
import com.hierynomus.sshj.key.KeyAlgorithm;
|
import com.hierynomus.sshj.key.KeyAlgorithm;
|
||||||
|
import com.hierynomus.sshj.userauth.certificate.Certificate;
|
||||||
import net.schmizz.sshj.common.*;
|
import net.schmizz.sshj.common.*;
|
||||||
import net.schmizz.sshj.signature.Signature;
|
import net.schmizz.sshj.signature.Signature;
|
||||||
import net.schmizz.sshj.transport.Transport;
|
import net.schmizz.sshj.transport.Transport;
|
||||||
@@ -88,7 +89,11 @@ public abstract class AbstractDHGex extends AbstractDH {
|
|||||||
H = digest.digest();
|
H = digest.digest();
|
||||||
KeyAlgorithm keyAlgorithm = trans.getHostKeyAlgorithm();
|
KeyAlgorithm keyAlgorithm = trans.getHostKeyAlgorithm();
|
||||||
Signature signature = keyAlgorithm.newSignature();
|
Signature signature = keyAlgorithm.newSignature();
|
||||||
signature.initVerify(hostKey);
|
if (hostKey instanceof Certificate<?>) {
|
||||||
|
signature.initVerify(((Certificate<?>) hostKey).getKey());
|
||||||
|
} else {
|
||||||
|
signature.initVerify(hostKey);
|
||||||
|
}
|
||||||
signature.update(H, 0, H.length);
|
signature.update(H, 0, H.length);
|
||||||
if (!signature.verify(sig))
|
if (!signature.verify(sig))
|
||||||
throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,
|
throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,
|
||||||
|
|||||||
@@ -17,6 +17,7 @@ package net.schmizz.sshj.transport.verification;
|
|||||||
|
|
||||||
import com.hierynomus.sshj.common.KeyAlgorithm;
|
import com.hierynomus.sshj.common.KeyAlgorithm;
|
||||||
import com.hierynomus.sshj.transport.verification.KnownHostMatchers;
|
import com.hierynomus.sshj.transport.verification.KnownHostMatchers;
|
||||||
|
import com.hierynomus.sshj.userauth.certificate.Certificate;
|
||||||
import net.schmizz.sshj.common.*;
|
import net.schmizz.sshj.common.*;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
|
|
||||||
@@ -356,18 +357,24 @@ public class OpenSSHKnownHosts
|
|||||||
protected final PublicKey key;
|
protected final PublicKey key;
|
||||||
private final String comment;
|
private final String comment;
|
||||||
private final KnownHostMatchers.HostMatcher matcher;
|
private final KnownHostMatchers.HostMatcher matcher;
|
||||||
|
protected final Logger log;
|
||||||
|
|
||||||
public HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key) throws SSHException {
|
public HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key) throws SSHException {
|
||||||
this(marker, hostPart, type, key, "");
|
this(marker, hostPart, type, key, "");
|
||||||
}
|
}
|
||||||
|
|
||||||
public HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key, String comment) throws SSHException {
|
public HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key, String comment) throws SSHException {
|
||||||
|
this(marker, hostPart, type, key, comment, LoggerFactory.DEFAULT);
|
||||||
|
}
|
||||||
|
|
||||||
|
public HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key, String comment, LoggerFactory loggerFactory) throws SSHException {
|
||||||
this.marker = marker;
|
this.marker = marker;
|
||||||
this.hostPart = hostPart;
|
this.hostPart = hostPart;
|
||||||
this.type = type;
|
this.type = type;
|
||||||
this.key = key;
|
this.key = key;
|
||||||
this.comment = comment;
|
this.comment = comment;
|
||||||
this.matcher = KnownHostMatchers.createMatcher(hostPart);
|
this.matcher = KnownHostMatchers.createMatcher(hostPart);
|
||||||
|
this.log = loggerFactory.getLogger(getClass());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -387,11 +394,15 @@ public class OpenSSHKnownHosts
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean appliesTo(KeyType type, String host) throws IOException {
|
public boolean appliesTo(KeyType type, String host) throws IOException {
|
||||||
return this.type == type && matcher.match(host);
|
return (this.type == type || (marker == Marker.CA_CERT && type.getParent() != null)) && matcher.match(host);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean verify(PublicKey key) throws IOException {
|
public boolean verify(PublicKey key) throws IOException {
|
||||||
|
if (marker == Marker.CA_CERT && key instanceof Certificate<?>) {
|
||||||
|
final PublicKey caKey = new Buffer.PlainBuffer(((Certificate<?>) key).getSignatureKey()).readPublicKey();
|
||||||
|
return this.type == KeyType.fromKey(caKey) && getKeyString(caKey).equals(getKeyString(this.key));
|
||||||
|
}
|
||||||
return getKeyString(key).equals(getKeyString(this.key)) && marker != Marker.REVOKED;
|
return getKeyString(key).equals(getKeyString(this.key)) && marker != Marker.REVOKED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,236 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (C)2009 - SSHJ Contributors
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package net.schmizz.sshj.transport.verification
|
||||||
|
|
||||||
|
import com.hierynomus.sshj.userauth.certificate.Certificate
|
||||||
|
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyFileUtil
|
||||||
|
import net.schmizz.sshj.common.Buffer
|
||||||
|
import net.schmizz.sshj.common.KeyType
|
||||||
|
import spock.lang.Specification
|
||||||
|
import spock.lang.Unroll
|
||||||
|
|
||||||
|
import java.nio.file.Files
|
||||||
|
import java.security.PublicKey
|
||||||
|
import java.util.regex.Pattern
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is a comprehensive test for {@code @cert-authority} records in known_hosts and utilities for verifying
|
||||||
|
* host certificates.
|
||||||
|
*
|
||||||
|
* Also, take a look at the integration test {@link com.hierynomus.sshj.signature.KeyWithCertificateSpec}
|
||||||
|
* verifying that some of that host keys can be really accepted when served by sshd.
|
||||||
|
*/
|
||||||
|
class KeyWithCertificateUnitSpec extends Specification {
|
||||||
|
private static List<String> ALL_KEYS = [
|
||||||
|
"id_ecdsa_256_pem_signed_by_ecdsa",
|
||||||
|
"id_ecdsa_256_pem_signed_by_ed25519",
|
||||||
|
"id_ecdsa_256_pem_signed_by_rsa",
|
||||||
|
"id_ecdsa_256_rfc4716_signed_by_ecdsa",
|
||||||
|
"id_ecdsa_256_rfc4716_signed_by_ed25519",
|
||||||
|
"id_ecdsa_256_rfc4716_signed_by_rsa",
|
||||||
|
"id_ecdsa_384_pem_signed_by_ecdsa",
|
||||||
|
"id_ecdsa_384_pem_signed_by_ed25519",
|
||||||
|
"id_ecdsa_384_pem_signed_by_rsa",
|
||||||
|
"id_ecdsa_384_rfc4716_signed_by_ecdsa",
|
||||||
|
"id_ecdsa_384_rfc4716_signed_by_ed25519",
|
||||||
|
"id_ecdsa_384_rfc4716_signed_by_rsa",
|
||||||
|
"id_ecdsa_521_pem_signed_by_ecdsa",
|
||||||
|
"id_ecdsa_521_pem_signed_by_ed25519",
|
||||||
|
"id_ecdsa_521_pem_signed_by_rsa",
|
||||||
|
"id_ecdsa_521_rfc4716_signed_by_ecdsa",
|
||||||
|
"id_ecdsa_521_rfc4716_signed_by_ed25519",
|
||||||
|
"id_ecdsa_521_rfc4716_signed_by_rsa",
|
||||||
|
"id_ed25519_384_pem_signed_by_ecdsa",
|
||||||
|
"id_ed25519_384_pem_signed_by_ed25519",
|
||||||
|
"id_ed25519_384_pem_signed_by_rsa",
|
||||||
|
"id_ed25519_384_rfc4716_signed_by_ecdsa",
|
||||||
|
"id_ed25519_384_rfc4716_signed_by_ed25519",
|
||||||
|
"id_ed25519_384_rfc4716_signed_by_rsa",
|
||||||
|
"id_rsa_2048_pem_signed_by_ecdsa",
|
||||||
|
"id_rsa_2048_pem_signed_by_ed25519",
|
||||||
|
"id_rsa_2048_pem_signed_by_rsa",
|
||||||
|
"id_rsa_2048_rfc4716_signed_by_ecdsa",
|
||||||
|
"id_rsa_2048_rfc4716_signed_by_ed25519",
|
||||||
|
"id_rsa_2048_rfc4716_signed_by_rsa",
|
||||||
|
]
|
||||||
|
|
||||||
|
@Unroll
|
||||||
|
def "accepting a cert-authority key #hostKey"() {
|
||||||
|
given:
|
||||||
|
File knownHosts = Files.createTempFile("known_hosts", "").toFile()
|
||||||
|
knownHosts.deleteOnExit()
|
||||||
|
|
||||||
|
and:
|
||||||
|
def matcher = Pattern.compile("^.*_signed_by_([^_]+)\$").matcher(hostKey)
|
||||||
|
assert matcher.matches()
|
||||||
|
File caPubKey = new File("src/itest/resources/keyfiles/certificates/CA_${matcher.group(1)}.pem.pub")
|
||||||
|
String knownHostsFileContents = "@cert-authority 127.0.0.1 " + caPubKey.getText()
|
||||||
|
knownHosts.write(knownHostsFileContents)
|
||||||
|
|
||||||
|
and:
|
||||||
|
def verifier = new OpenSSHKnownHosts(knownHosts)
|
||||||
|
|
||||||
|
and:
|
||||||
|
def publicKey = OpenSSHKeyFileUtil
|
||||||
|
.initPubKey(new FileReader(
|
||||||
|
new File("src/itest/resources/keyfiles/certificates/${hostKey}_host-cert.pub")))
|
||||||
|
.pubKey
|
||||||
|
|
||||||
|
when:
|
||||||
|
boolean result = verifier.verify("127.0.0.1", 22, publicKey)
|
||||||
|
|
||||||
|
then:
|
||||||
|
result
|
||||||
|
|
||||||
|
where:
|
||||||
|
hostKey << ALL_KEYS
|
||||||
|
}
|
||||||
|
|
||||||
|
@Unroll
|
||||||
|
def "verifying a valid host certificate #hostKey"() {
|
||||||
|
given:
|
||||||
|
def hostCertificate = (Certificate<PublicKey>) OpenSSHKeyFileUtil
|
||||||
|
.initPubKey(new FileReader(
|
||||||
|
new File("src/itest/resources/keyfiles/certificates/${hostKey}_host-cert.pub")))
|
||||||
|
.pubKey
|
||||||
|
|
||||||
|
and:
|
||||||
|
Buffer certRaw = new Buffer.PlainBuffer();
|
||||||
|
certRaw.putPublicKey(hostCertificate);
|
||||||
|
|
||||||
|
when:
|
||||||
|
String error = KeyType.CertUtils.verifyHostCertificate(certRaw.getCompactData(), hostCertificate, "127.0.0.1")
|
||||||
|
|
||||||
|
then:
|
||||||
|
error == null
|
||||||
|
|
||||||
|
where:
|
||||||
|
hostKey << ALL_KEYS
|
||||||
|
}
|
||||||
|
|
||||||
|
def "verifying an invalid certificate which was valid before"() {
|
||||||
|
given:
|
||||||
|
def hostCertificate = (Certificate<PublicKey>) OpenSSHKeyFileUtil
|
||||||
|
.initPubKey(new FileReader(
|
||||||
|
new File("src/itest/resources/keyfiles/certificates/" +
|
||||||
|
"id_ed25519_384_rfc4716_signed_by_rsa_host_valid_before_past-cert.pub")))
|
||||||
|
.pubKey
|
||||||
|
|
||||||
|
and:
|
||||||
|
Buffer certRaw = new Buffer.PlainBuffer();
|
||||||
|
certRaw.putPublicKey(hostCertificate);
|
||||||
|
|
||||||
|
when:
|
||||||
|
String error = KeyType.CertUtils.verifyHostCertificate(certRaw.getCompactData(), hostCertificate, "127.0.0.1")
|
||||||
|
|
||||||
|
then:
|
||||||
|
error != null && error.startsWith("Certificate is valid before ")
|
||||||
|
}
|
||||||
|
|
||||||
|
def "verifying an invalid certificate which will be valid after"() {
|
||||||
|
given:
|
||||||
|
def hostCertificate = (Certificate<PublicKey>) OpenSSHKeyFileUtil
|
||||||
|
.initPubKey(new FileReader(
|
||||||
|
new File("src/itest/resources/keyfiles/certificates/" +
|
||||||
|
"id_ed25519_384_rfc4716_signed_by_rsa_host_valid_after_future-cert.pub")))
|
||||||
|
.pubKey
|
||||||
|
|
||||||
|
and:
|
||||||
|
Buffer certRaw = new Buffer.PlainBuffer();
|
||||||
|
certRaw.putPublicKey(hostCertificate);
|
||||||
|
|
||||||
|
when:
|
||||||
|
String error = KeyType.CertUtils.verifyHostCertificate(certRaw.getCompactData(), hostCertificate, "127.0.0.1")
|
||||||
|
|
||||||
|
then:
|
||||||
|
error != null && error.startsWith("Certificate is valid after ")
|
||||||
|
}
|
||||||
|
|
||||||
|
def "verifying an valid certificate with no principal"() {
|
||||||
|
given:
|
||||||
|
def hostCertificate = (Certificate<PublicKey>) OpenSSHKeyFileUtil
|
||||||
|
.initPubKey(new FileReader(
|
||||||
|
new File("src/itest/resources/keyfiles/certificates/" +
|
||||||
|
"id_ed25519_384_rfc4716_signed_by_rsa_host_no_principal-cert.pub")))
|
||||||
|
.pubKey
|
||||||
|
|
||||||
|
and:
|
||||||
|
Buffer certRaw = new Buffer.PlainBuffer();
|
||||||
|
certRaw.putPublicKey(hostCertificate);
|
||||||
|
|
||||||
|
when:
|
||||||
|
String error1 = KeyType.CertUtils.verifyHostCertificate(
|
||||||
|
certRaw.getCompactData(), hostCertificate, "good.example.com")
|
||||||
|
String error2 = KeyType.CertUtils.verifyHostCertificate(
|
||||||
|
certRaw.getCompactData(), hostCertificate, "127.0.0.1")
|
||||||
|
String error3 = KeyType.CertUtils.verifyHostCertificate(
|
||||||
|
certRaw.getCompactData(), hostCertificate, "good.example.bad.com")
|
||||||
|
|
||||||
|
then:
|
||||||
|
error1 == null
|
||||||
|
error2 == null
|
||||||
|
error3 == null
|
||||||
|
}
|
||||||
|
|
||||||
|
def "verifying an valid certificate with wildcard principal"() {
|
||||||
|
given:
|
||||||
|
def hostCertificate = (Certificate<PublicKey>) OpenSSHKeyFileUtil
|
||||||
|
.initPubKey(new FileReader(
|
||||||
|
new File("src/itest/resources/keyfiles/certificates/" +
|
||||||
|
"id_ed25519_384_rfc4716_signed_by_rsa_host_principal_wildcard_example_com-cert.pub")))
|
||||||
|
.pubKey
|
||||||
|
|
||||||
|
and:
|
||||||
|
Buffer certRaw = new Buffer.PlainBuffer();
|
||||||
|
certRaw.putPublicKey(hostCertificate);
|
||||||
|
|
||||||
|
when:
|
||||||
|
String error1 = KeyType.CertUtils.verifyHostCertificate(
|
||||||
|
certRaw.getCompactData(), hostCertificate, "good.example.com")
|
||||||
|
String error2 = KeyType.CertUtils.verifyHostCertificate(
|
||||||
|
certRaw.getCompactData(), hostCertificate, "127.0.0.1")
|
||||||
|
String error3 = KeyType.CertUtils.verifyHostCertificate(
|
||||||
|
certRaw.getCompactData(), hostCertificate, "good.example.bad.com")
|
||||||
|
|
||||||
|
then:
|
||||||
|
error1 == null
|
||||||
|
error2 != null && error2.contains("doesn't match any of the principals")
|
||||||
|
error3 != null && error3.contains("doesn't match any of the principals")
|
||||||
|
}
|
||||||
|
|
||||||
|
def "KeyType CertUtils checkPrincipals"() {
|
||||||
|
// Based on regress/unittests/match/test.c of portable OpenSSH, commit 068dc7ef783d135e91ff954e754d2ed432e
|
||||||
|
expect:
|
||||||
|
KeyType.CertUtils.matchPattern("", "")
|
||||||
|
!KeyType.CertUtils.matchPattern("", "xxx")
|
||||||
|
!KeyType.CertUtils.matchPattern("xxx", "")
|
||||||
|
!KeyType.CertUtils.matchPattern("xxx", "xxxx")
|
||||||
|
!KeyType.CertUtils.matchPattern("xxxx", "xxx")
|
||||||
|
KeyType.CertUtils.matchPattern("", "*")
|
||||||
|
KeyType.CertUtils.matchPattern("x", "?")
|
||||||
|
KeyType.CertUtils.matchPattern("xx", "x?")
|
||||||
|
KeyType.CertUtils.matchPattern("x", "*")
|
||||||
|
KeyType.CertUtils.matchPattern("xx", "x*")
|
||||||
|
KeyType.CertUtils.matchPattern("xx", "?*")
|
||||||
|
KeyType.CertUtils.matchPattern("xx", "**")
|
||||||
|
KeyType.CertUtils.matchPattern("xx", "?x")
|
||||||
|
KeyType.CertUtils.matchPattern("xx", "*x")
|
||||||
|
!KeyType.CertUtils.matchPattern("yx", "x?")
|
||||||
|
!KeyType.CertUtils.matchPattern("yx", "x*")
|
||||||
|
!KeyType.CertUtils.matchPattern("xy", "?x")
|
||||||
|
!KeyType.CertUtils.matchPattern("xy", "*x")
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user