Add Automatic-Module-Name to MANIFEST.MF

* Enhanced PKCS8 parsing to support PEM ASN.1 Private Keys

* Corrected copyright year to match existing license headers

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+* @hierynomus
+

.github/workflows/gradle.yml

@@ -0,0 +1,55 @@
+# This workflow will build a Java project with Gradle
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
+
+name: Build SSHJ
+
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  java12:
+    name: Build with Java 12
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up JDK 12
+      uses: actions/setup-java@v1
+      with:
+        java-version: 12
+    - name: Grant execute permission for gradlew
+      run: chmod +x gradlew
+    - name: Build with Gradle
+      run: ./gradlew check
+  # java10:
+  #   name: Build with Java 10
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #   - uses: actions/checkout@v2
+  #   - name: Set up JDK 10
+  #     uses: actions/setup-java@v1
+  #     with:
+  #       java-version: 10
+  #   - name: Grant execute permission for gradlew
+  #     run: chmod +x gradlew
+  #   - name: Build with Gradle
+  #     run: ./gradlew check -xanimalsnifferMain -xanimalsnifferTest
+
+  integration:
+    name: Integration test
+    needs: [java12]
+    runs-on: [ubuntu-latest]
+    steps:
+      - uses: actions/checkout@v2
+      - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
+      - uses: actions/setup-java@v1
+        with:
+          java-version: 12
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+      - name: Build with Gradle
+        run: ./gradlew integrationTest
+

.gitignore

@@ -13,6 +13,7 @@
 out/
 target/
 classes/
+bin/
 build/
 docs/
 .gradle/
@@ -20,3 +21,6 @@ sshj.jar
 
 # MacOS X
 .DS_Store
+
+# VSCode
+.metals/

.java-version

@@ -0,0 +1 @@
+11.0

.travis.yml

@@ -1,30 +0,0 @@
-language: java
-dist: trusty
-sudo: required
-
-services:
-  - docker
-
-jdk:
-  - oraclejdk8
-  - openjdk8
-  - oraclejdk9
-
-before_cache:
-  - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
-  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
-
-cache:
-  directories:
-  - $HOME/.gradle/caches/
-  - $HOME/.gradle/wrapper/
-
-before_install:
-  - pip install --user codecov
-
-script:
-  - ./gradlew check
-  - ./gradlew integrationTest
-
-after_success:
-- codecov

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+    "java.checkstyle.configuration": "${workspaceFolder}/gradle/config/checkstyle/checkstyle.xml",
+    "files.watcherExclude": {
+        "**/target": true
+    }
+}

NOTICE

@@ -15,7 +15,7 @@ The Apache Software Foundation (http://www.apache.org/):
    ==  in this case for the SSHD distribution.                            ==
    =========================================================================
 
-   This product contains software developped by JCraft,Inc. and subject to
+   This product contains software developed by JCraft,Inc. and subject to
    the following license:
 
 Copyright (c) 2002,2003,2004,2005,2006,2007,2008 Atsuhiko Yamanaka, JCraft,Inc.

README.adoc

@@ -1,7 +1,7 @@
 = sshj - SSHv2 library for Java
 Jeroen van Erp
 :sshj_groupid: com.hierynomus
-:sshj_version: 0.23.0
+:sshj_version: 0.31.0
 :source-highlighter: pygments
 
 image:https://api.bintray.com/packages/hierynomus/maven/sshj/images/download.svg[link="https://bintray.com/hierynomus/maven/sshj/_latestVersion"]
@@ -10,7 +10,6 @@ image:https://api.codacy.com/project/badge/Grade/14a0a316bb9149739b5ea26dbfa8da8
 image:https://codecov.io/gh/hierynomus/sshj/branch/master/graph/badge.svg["codecov", link="https://codecov.io/gh/hierynomus/sshj"]
 image:http://www.javadoc.io/badge/com.hierynomus/sshj.svg?color=blue["JavaDocs", link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
 image:https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj/badge.svg["Maven Central",link="https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj"]
-image:https://javadoc-emblem.rhcloud.com/doc/com.hierynomus/sshj/badge.svg["Javadoc",link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
 
 To get started, have a look at one of the examples. Hopefully you will find the API pleasant to work with :)
 
@@ -65,7 +64,7 @@ In the `examples` directory, there is a separate Maven project that shows how th
 Implementations / adapters for the following algorithms are included:
 
 ciphers::
-  `aes{128,192,256}-{cbc,ctr}`, `blowfish-{cbc,ctr}`, `3des-{cbc,ctr}`, `twofish{128,192,256}-{cbc,ctr}`, `twofish-cbc`, `serpent{128,192,256}-{cbc,ctr}`, `idea-{cbc,ctr}`, `cast128-{cbc,ctr}`, `arcfour`, `arcfour{128,256}`
+  `aes{128,192,256}-{cbc,ctr}`, `aes{128,256}-gcm@openssh.com`, `blowfish-{cbc,ctr}`, `chacha20-poly1305@openssh.com`, `3des-{cbc,ctr}`, `twofish{128,192,256}-{cbc,ctr}`, `twofish-cbc`, `serpent{128,192,256}-{cbc,ctr}`, `idea-{cbc,ctr}`, `cast128-{cbc,ctr}`, `arcfour`, `arcfour{128,256}`
   SSHJ also supports the following extended (non official) ciphers: `camellia{128,192,256}-{cbc,ctr}`, `camellia{128,192,256}-{cbc,ctr}@openssh.org`
 
 key exchange::
@@ -73,15 +72,17 @@ key exchange::
   `diffie-hellman-group14-sha256`, `diffie-hellman-group15-sha512`, `diffie-hellman-group16-sha512`, `diffie-hellman-group17-sha512`, `diffie-hellman-group18-sha512`
   `diffie-hellman-group-exchange-sha1`, `diffie-hellman-group-exchange-sha256`,
   `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`, `curve25519-sha256@libssh.org`
-  SSHJ also supports the following extended (non official) key exchange algoriths:
+
+  SSHJ also supports the following extended (non official) key exchange algorithms:
   `diffie-hellman-group14-sha256@ssh.com`, `diffie-hellman-group15-sha256`, `diffie-hellman-group15-sha256@ssh.com`, `diffie-hellman-group15-sha384@ssh.com`,
   `diffie-hellman-group16-sha256`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`
 
 signatures::
-  `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519`
+  `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519`, `ssh-rsa2-256`, `ssh-rsa2-512`
 
 mac::
-  `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`
+  `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`, `hmac-ripemd160`, `hmac-ripemd160@openssh.com`
+  `hmac-md5-etm@openssh.com`, `hmac-md5-96-etm@openssh.com`, `hmac-sha1-etm@openssh.com`, `hmac-sha1-96-etm@openssh.com`, `hmac-sha2-256-etm@openssh.com`, `hmac-sha2-512-etm@openssh.com`, `hmac-ripemd160-etm@openssh.com`
 
 compression::
   `zlib` and `zlib@openssh.com` (delayed zlib)
@@ -100,40 +101,86 @@ Java 6+. http://www.slf4j.org/download.html[slf4j] is required. http://www.bounc
 == Reporting bugs
 Issue tracker: https://github.com/hierynomus/sshj/issues
 
-== Discussion
-Google Group: http://groups.google.com/group/sshj-users
-
 == Contributing
 Fork away!
 
 == Release history
+SSHJ 0.31.0 (2021-02-08)::
+* Bump dependencies (asn-one 0.5.0, BouncyCastle 1.68, slf4j-api 1.7.30)
+* Merged https://github.com/hierynomus/sshj/pull/660[#660]: Support ED25519 and ECDSA keys in PuTTY format
+* Merged https://github.com/hierynomus/sshj/pull/655[#655]: Bump BouncyCastle due to CVE
+* Merged https://github.com/hierynomus/sshj/pull/653[#653]: Make Parameters class useable as HashMap key
+* Merged https://github.com/hierynomus/sshj/pull/647[#647]: Reduce log level for identification parser
+* Merged https://github.com/hierynomus/sshj/pull/630[#630]: Add support for `aes128-gcm@openssh.com` and `aes256-gcm@openssh.com` ciphers
+* Merged https://github.com/hierynomus/sshj/pull/636[#636]: Improved Android compatibility
+* Merged https://github.com/hierynomus/sshj/pull/627[#627]: Prevent key leakage
+SSHJ 0.30.0 (2020-08-17)::
+* **BREAKING CHANGE**: Removed `setSignatureFactories` and `getSignatureFactories` from the Config and switched them for `getKeyAlgorithms` and `setKeyAlgorithms`
+* Fixed https://github.com/hierynomus/sshj/pull/588[#588]: Add support for `ssh-rsa2-256` and `ssh-rsa2-512` signatures
+* Merged https://github.com/hierynomus/sshj/pull/579[#579]: Fix NPE in OpenSSHKnownHosts
+* Merged https://github.com/hierynomus/sshj/pull/587[#587]: Add passwordfinder retry for OpenSSHKeyV1KeyFile
+* Merged https://github.com/hierynomus/sshj/pull/586[#586]: Make KeyType compatible with Android Store
+* Merged  https://github.com/hierynomus/sshj/pull/593[#593]: Change `UserAuth.getAllowedMethods()` to Collection return type
+* Merged  https://github.com/hierynomus/sshj/pull/595[#595]: Allow reading arbitrary length keys
+* Merged  https://github.com/hierynomus/sshj/pull/591[#591]: Allow to query SFTP extensions
+* Merged  https://github.com/hierynomus/sshj/pull/603[#603]: Add method to create Stateful SFTP client
+* Merged  https://github.com/hierynomus/sshj/pull/605[#605]: Use Daemon threads to avoid blocking JVM shutdown
+* Merged  https://github.com/hierynomus/sshj/pull/606[#606]: Always use the JCERandom RNG by default
+* Merged  https://github.com/hierynomus/sshj/pull/609[#609]: Clear passphrase after use to prevent security issues
+* Merged  https://github.com/hierynomus/sshj/pull/618[#618]: Fix localport of DirectConnection for use with OpenSSH > 8.0
+* Merged  https://github.com/hierynomus/sshj/pull/619[#619]: Upgraded BouncyCastle to 1.66
+* Merged  https://github.com/hierynomus/sshj/pull/622[#622]: Send 'ext-info-c' with KEX algorithms
+* Merged  https://github.com/hierynomus/sshj/pull/623[#623]: Fix transport encoding of `nistp521` signatures
+* Merged  https://github.com/hierynomus/sshj/pull/607[#607]: Fix mathing pubkeys to key algorithms
+* Merged  https://github.com/hierynomus/sshj/pull/602[#602]: Fix RSA certificate key determination
+SSHJ 0.27.0 (2019-01-24)::
+* Fixed https://github.com/hierynomus/sshj/issues/415[#415]: Fixed wrongly prefixed '/' to path in SFTPClient.mkdirs
+* Added support for ETM (Encrypt-then-Mac) MAC algorithms.
+* Fixed https://github.com/hierynomus/sshj/issues/454[#454]: Added missing capacity check for Buffer.putUint64
+* Fixed https://github.com/hierynomus/sshj/issues/466[#466]: Added lock timeout for remote action to prevent hanging
+* Fixed https://github.com/hierynomus/sshj/issues/470[#470]: Made EdDSA the default (first) signature factory
+* Fixed https://github.com/hierynomus/sshj/issues/467[#467]: Added AES256-CBC as cipher mode in openssh-key-v1 support
+* Fixed https://github.com/hierynomus/sshj/issues/464[#464]: Enabled curve25519-sha256@openssh.org in DefaultConfig
+* Fixed https://github.com/hierynomus/sshj/issues/472[#472]: Handle server initiated global requests
+* Fixed https://github.com/hierynomus/sshj/issues/485[#485]: Added support for all keytypes to openssh-key-v1 keyfiles.
+SSHJ 0.26.0 (2018-07-24)::
+* Fixed https://github.com/hierynomus/sshj/issues/413[#413]: Use UTF-8 for PrivateKeyFileResource
+* Fixed https://github.com/hierynomus/sshj/issues/427[#427]: Support encrypted ed25519 openssh-key-v1 files
+* Upgraded BouncyCastle to 1.60
+* Added support for hmac-ripemd160@openssh.com MAC
+SSHJ 0.24.0 (2018-04-04)::
+* Added support for hmac-ripemd160
+* Fixed https://github.com/hierynomus/sshj/issues/382[#382]: Fixed escaping in WildcardHostmatcher
+* Added integration testsuite using Docker against OpenSSH
+* Fixed https://github.com/hierynomus/sshj/issues/187[#187]: Fixed length bug in Buffer.putString
+* Fixed https://github.com/hierynomus/sshj/issues/405[#405]: Continue host verification if first hostkey does not match.
 SSHJ 0.23.0 (2017-10-13)::
-* Merged https://github.com/hierynomus/sshj/pulls/372[#372]: Upgrade to 'net.i2p.crypto:eddsa:0.2.0'
+* Merged https://github.com/hierynomus/sshj/pull/372[#372]: Upgrade to 'net.i2p.crypto:eddsa:0.2.0'
 * Fixed https://github.com/hierynomus/sshj/issues/355[#355] and https://github.com/hierynomus/sshj/issues/354[#354]: Correctly decode signature bytes
 * Fixed https://github.com/hierynomus/sshj/issues/365[#365]: Added support for new-style OpenSSH fingerprints of server keys
 * Fixed https://github.com/hierynomus/sshj/issues/356[#356]: Fixed key type detection for ECDSA public keys
 * Made SSHJ Java9 compatible
 SSHJ 0.22.0 (2017-08-24)::
-* Fixed https://github.com/hierynomus/sshj/pulls/341[#341]: Fixed path walking during recursive copy
-* Merged https://github.com/hierynomus/sshj/pulls/338[#338]: Added ConsolePasswordFinder to read password from stdin
-* Merged https://github.com/hierynomus/sshj/pulls/336[#336]: Added support for ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 signatures
+* Fixed https://github.com/hierynomus/sshj/pull/341[#341]: Fixed path walking during recursive copy
+* Merged https://github.com/hierynomus/sshj/pull/338[#338]: Added ConsolePasswordFinder to read password from stdin
+* Merged https://github.com/hierynomus/sshj/pull/336[#336]: Added support for ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 signatures
 * Fixed https://github.com/hierynomus/sshj/issues/331[#331]: Added support for wildcards in known_hosts file
 SSHJ 0.21.1 (2017-04-25)::
-* Merged https://github.com/hierynomus/sshj/pulls/322[#322]: Fix regression from 40f956b (invalid length parameter on outputstream)
+* Merged https://github.com/hierynomus/sshj/pull/322[#322]: Fix regression from 40f956b (invalid length parameter on outputstream)
 SSHJ 0.21.0 (2017-04-14)::
-* Merged https://github.com/hierynomus/sshj/pulls/319[#319]: Added support for `ssh-rsa-cert-v01@openssh.com` and `ssh-dsa-cert-v01@openssh.com` certificate key files
+* Merged https://github.com/hierynomus/sshj/pull/319[#319]: Added support for `ssh-rsa-cert-v01@openssh.com` and `ssh-dsa-cert-v01@openssh.com` certificate key files
 * Upgraded Gradle to 3.4.1
-* Merged https://github.com/hierynomus/sshj/pulls/305[#305]: Added support for custom string encoding
+* Merged https://github.com/hierynomus/sshj/pull/305[#305]: Added support for custom string encoding
 * Fixed https://github.com/hierynomus/sshj/issues/312[#312]: Upgraded BouncyCastle to 1.56
 SSHJ 0.20.0 (2017-02-09)::
-* Merged https://github.com/hierynomus/sshj/pulls/294[#294]: Reference ED25519 by constant instead of name
-* Merged https://github.com/hierynomus/sshj/pulls/293[#293], https://github.com/hierynomus/sshj/pulls/295[#295] and https://github.com/hierynomus/sshj/pulls/301[#301]: Fixed OSGi packaging
+* Merged https://github.com/hierynomus/sshj/pull/294[#294]: Reference ED25519 by constant instead of name
+* Merged https://github.com/hierynomus/sshj/pull/293[#293], https://github.com/hierynomus/sshj/pull/295[#295] and https://github.com/hierynomus/sshj/pull/301[#301]: Fixed OSGi packaging
 * Added new Diffie Hellman groups 15-18 for stronger KeyExchange algorithms
 SSHJ 0.19.1 (2016-12-30)::
 * Enabled PKCS5 Key files in DefaultConfig
-* Merged https://github.com/hierynomus/sshj/pulls/291[#291]: Fixed sshj.properties loading and chained exception messages
-* Merged https://github.com/hierynomus/sshj/pulls/284[#284]: Correctly catch interrupt in keepalive thread
-* Fixed https://github.com/hierynomus/sshj/issues/292[#292]: Pass the configured RandomFactory to Diffie Hellmann KEX
+* Merged https://github.com/hierynomus/sshj/pull/291[#291]: Fixed sshj.properties loading and chained exception messages
+* Merged https://github.com/hierynomus/sshj/pull/284[#284]: Correctly catch interrupt in keepalive thread
+* Fixed https://github.com/hierynomus/sshj/issues/292[#292]: Pass the configured RandomFactory to Diffie Hellman KEX
 * Fixed https://github.com/hierynomus/sshj/issues/256[#256]: SSHJ now builds if no git repository present
 * LocalPortForwarder now correctly interrupts its own thread on close()
 SSHJ 0.19.0 (2016-11-25)::
@@ -142,11 +189,11 @@ SSHJ 0.19.0 (2016-11-25)::
 SSHJ 0.18.0 (2016-09-30)::
 * Fixed Android compatibility
 * Upgrade to Gradle 3.0
-* Merged https://github.com/hierynomus/sshj/pulls/271[#271]: Load known_hosts without requiring BouncyCastle
-* Merged https://github.com/hierynomus/sshj/pulls/269[#269]: Brought back Java6 support by popular demand
-* Merged https://github.com/hierynomus/sshj/pulls/267[#267]: Added support for per connection logging (Fixes https://github.com/hierynomus/sshj/issues/264[#264])
-* Merged https://github.com/hierynomus/sshj/pulls/262[#262], https://github.com/hierynomus/sshj/pulls/265[#265] and https://github.com/hierynomus/sshj/pulls/266[#266]: Added PKCS5 key file support
-* Fixed toString of sftp FileAttributes (Fixes https://github.com/hierynomus/sshj/pulls/258[#258])
+* Merged https://github.com/hierynomus/sshj/pull/271[#271]: Load known_hosts without requiring BouncyCastle
+* Merged https://github.com/hierynomus/sshj/pull/269[#269]: Brought back Java6 support by popular demand
+* Merged https://github.com/hierynomus/sshj/pull/267[#267]: Added support for per connection logging (Fixes https://github.com/hierynomus/sshj/issues/264[#264])
+* Merged https://github.com/hierynomus/sshj/pull/262[#262], https://github.com/hierynomus/sshj/pull/265[#265] and https://github.com/hierynomus/sshj/pull/266[#266]: Added PKCS5 key file support
+* Fixed toString of sftp FileAttributes (Fixes https://github.com/hierynomus/sshj/pull/258[#258])
 * Fixed https://github.com/hierynomus/sshj/issues/255[#255]: No longer depending on 'privately marked' classes in `net.i2p.crypto.eddsa.math` package, fixes OSGI dependencies
 SSHJ 0.17.2 (2016-07-07)::
 * Treating SSH Server identification line ending in '\n' instead of '\r\n' leniently.
@@ -156,7 +203,7 @@ SSHJ 0.17.0 (2016-07-05)::
 * *Introduced breaking change in SFTP copy behaviour*: Previously an SFTP copy operation would behave differently if both source and target were folders with different names.
   In this case instead of copying the contents of the source into the target directory, the directory itself was copied as a sub directory of the target directory.
   This behaviour has been removed in favour of the default behaviour which is to copy the contents of the source into the target. Bringing the behaviour in line with how SCP works.
-* Fixed https://github.com/hierynomus/sshj/issues/252[#252] (via: https://github.com/hierynomus/sshj/pulls/253[#253]): Same name subdirs are no longer merged by accident
+* Fixed https://github.com/hierynomus/sshj/issues/252[#252] (via: https://github.com/hierynomus/sshj/pull/253[#253]): Same name subdirs are no longer merged by accident
 SSHJ 0.16.0 (2016-04-11)::
 * Fixed https://github.com/hierynomus/sshj/issues/239[#239]: Remote port forwards did not work if you used the empty string as address, or a catch-all address.
 * Fixed https://github.com/hierynomus/sshj/issues/242[#242]: Added OSGI headers to sources jar manifest

build-publishing.gradle

@@ -17,7 +17,7 @@ configurations {
   pom
 }
 
-def bouncycastleVersion = "1.50"
+def bouncycastleVersion = "1.67"
 
 dependencies {
   compile "org.slf4j:slf4j-api:1.7.7"

build.gradle

@@ -6,64 +6,19 @@ plugins {
   id "java"
   id "groovy"
   id "jacoco"
-  id "osgi"
+  id "com.github.blindpirate.osgi" version '0.0.3'
   id "maven-publish"
-  id "com.bmuschko.docker-remote-api" version "3.2.1"
-  id 'pl.allegro.tech.build.axion-release' version '1.8.1'
+  id 'pl.allegro.tech.build.axion-release' version '1.11.0'
+  id "com.bmuschko.docker-remote-api" version "6.4.0"
   id "com.github.hierynomus.license" version "0.12.1"
-  id "com.jfrog.bintray" version "1.7"
+  id "com.jfrog.bintray" version "1.8.5"
   id 'ru.vyarus.java-lib' version '1.0.5'
   // id 'ru.vyarus.pom' version '1.0.3'
   id 'ru.vyarus.github-info' version '1.1.0'
-  id 'ru.vyarus.animalsniffer' version '1.4.2'
 }
 
 group = "com.hierynomus"
-
-defaultTasks "build"
-
-repositories {
-  mavenCentral()
-  maven {
-    url "https://dl.bintray.com/mockito/maven/"
-  }
-}
-
-sourceCompatibility = 1.6
-targetCompatibility = 1.6
-
-configurations.compile.transitive = false
-
-def bouncycastleVersion = "1.57"
-
-dependencies {
-  signature 'org.codehaus.mojo.signature:java16:1.1@signature'
-
-  compile "org.slf4j:slf4j-api:1.7.7"
-  compile "org.bouncycastle:bcprov-jdk15on:$bouncycastleVersion"
-  compile "org.bouncycastle:bcpkix-jdk15on:$bouncycastleVersion"
-  compile "com.jcraft:jzlib:1.1.3"
-
-  compile "net.i2p.crypto:eddsa:0.2.0"
-
-  testCompile "junit:junit:4.11"
-  testCompile 'org.spockframework:spock-core:1.0-groovy-2.4'
-  testCompile "org.mockito:mockito-core:2.9.2"
-  testCompile "org.apache.sshd:sshd-core:1.2.0"
-  testRuntime "ch.qos.logback:logback-classic:1.1.2"
-  testCompile 'org.glassfish.grizzly:grizzly-http-server:2.3.17'
-  testCompile 'org.apache.httpcomponents:httpclient:4.5.2'
-
-}
-
-license {
-  header rootProject.file('LICENSE_HEADER')
-  strictCheck true
-  mapping {
-    java = 'SLASHSTAR_STYLE'
-  }
-  excludes(['**/djb/Curve25519.java', '**/sshj/common/Base64.java'])
-}
+ext.moduleName = "${project.group}.${project.name}"
 
 scmVersion {
   tag {
@@ -78,6 +33,51 @@ scmVersion {
 
 project.version = scmVersion.version
 
+defaultTasks "build"
+
+repositories {
+  mavenCentral()
+}
+
+configurations.compile.transitive = false
+
+def bouncycastleVersion = "1.69"
+def sshdVersion = "2.1.0"
+
+dependencies {
+  implementation "org.slf4j:slf4j-api:1.7.30"
+  implementation "org.bouncycastle:bcprov-jdk15on:$bouncycastleVersion"
+  implementation "org.bouncycastle:bcpkix-jdk15on:$bouncycastleVersion"
+  implementation "com.jcraft:jzlib:1.1.3"
+  implementation "com.hierynomus:asn-one:0.5.0"
+
+  implementation "net.i2p.crypto:eddsa:0.3.0"
+
+  testImplementation "junit:junit:4.12"
+  testImplementation 'org.spockframework:spock-core:1.3-groovy-2.4'
+  testImplementation "org.mockito:mockito-core:2.28.2"
+  testImplementation "org.apache.sshd:sshd-core:$sshdVersion"
+  testImplementation "org.apache.sshd:sshd-sftp:$sshdVersion"
+  testImplementation "org.apache.sshd:sshd-scp:$sshdVersion"
+  testRuntimeOnly "ch.qos.logback:logback-classic:1.2.3"
+  testImplementation 'org.glassfish.grizzly:grizzly-http-server:2.4.4'
+  testImplementation 'org.apache.httpcomponents:httpclient:4.5.9'
+
+}
+
+license {
+  header rootProject.file('LICENSE_HEADER')
+  strictCheck true
+  mapping {
+    java = 'SLASHSTAR_STYLE'
+  }
+  excludes(['**/djb/Curve25519.java', '**/sshj/common/Base64.java', '**/org/mindrot/jbcrypt/*.java'])
+}
+
+if (!JavaVersion.current().isJava9Compatible()) {
+  throw new GradleScriptException("Minimum compilation version is Java 9")
+}
+
 // This disables the pedantic doclint feature of JDK8
 if (JavaVersion.current().isJava8Compatible()) {
   tasks.withType(Javadoc) {
@@ -85,6 +85,11 @@ if (JavaVersion.current().isJava8Compatible()) {
   }
 }
 
+
+compileJava {
+  options.compilerArgs.addAll(['--release', '7'])
+}
+
 task writeSshjVersionProperties {
   doLast {
     project.file("${project.buildDir}/resources/main").mkdirs()
@@ -96,7 +101,10 @@ task writeSshjVersionProperties {
 
 jar.dependsOn writeSshjVersionProperties
 jar {
+  inputs.property("moduleName", moduleName)
   manifest {
+    attributes 'Automatic-Module-Name': moduleName
+
     // please see http://bnd.bndtools.org/chapters/390-wrapping.html
     instruction "Bundle-Description", "SSHv2 library for Java"
     instruction "Bundle-License", "http://www.apache.org/licenses/LICENSE-2.0.txt"
@@ -129,8 +137,8 @@ sourcesJar {
 }
 
 configurations {
-  integrationTestCompile.extendsFrom testCompile
-  integrationTestRuntime.extendsFrom testRuntime
+  integrationTestImplementation.extendsFrom testImplementation
+  integrationTestRuntimeOnly.extendsFrom testRuntimeOnly
 }
 
 sourceSets {
@@ -223,13 +231,13 @@ if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey
     publications = ["maven"]
     pkg {
       repo = "maven"
-      name = project.name
+      name = "${project.name}"
       licenses = ["Apache-2.0"]
       vcsUrl = "https://github.com/hierynomus/sshj.git"
       labels = ["ssh", "sftp", "secure-shell", "network", "file-transfer"]
       githubRepo = "hierynomus/sshj"
       version {
-        name = project.version.toString()
+        name = "${project.version}"
         vcsTag = "v${project.version}"
         released = new SimpleDateFormat('yyyy-MM-dd\'T\'HH:mm:ss.SSSZZ').format(new Date())
         gpg {
@@ -257,28 +265,46 @@ jacocoTestReport {
 
 task buildItestImage(type: DockerBuildImage) {
     inputDir = file('src/itest/docker-image')
-    tag = 'sshj/sshd-itest'
+    images.add('sshj/sshd-itest:latest')
 }
 
 task createItestContainer(type: DockerCreateContainer) {
     dependsOn buildItestImage
-    targetImageId { buildItestImage.getImageId() }
-    portBindings = ['2222:22']
+    targetImageId buildItestImage.getImageId()
+    hostConfig.portBindings = ['2222:22']
+    hostConfig.autoRemove = true
 }
 
 task startItestContainer(type: DockerStartContainer) {
     dependsOn createItestContainer
-    targetContainerId { createItestContainer.getContainerId() }
+    targetContainerId createItestContainer.getContainerId()
+}
+
+task logItestContainer(type: DockerLogsContainer) {
+    dependsOn createItestContainer
+    targetContainerId createItestContainer.getContainerId()
+    showTimestamps = true
+    stdErr = true
+    stdOut = true
+    tailAll = true
 }
 
 task stopItestContainer(type: DockerStopContainer) {
-    targetContainerId { createItestContainer.getContainerId() }
+    targetContainerId createItestContainer.getContainerId()
+}
+
+task forkedUploadRelease(type: GradleBuild) {
+  buildFile = project.buildFile
+  tasks = ["bintrayUpload"]
 }
 
 project.tasks.integrationTest.dependsOn(startItestContainer)
 project.tasks.integrationTest.finalizedBy(stopItestContainer)
 
+// Being enabled, it pollutes logs on CI. Uncomment when debugging some test to get sshd logs.
+// project.tasks.stopItestContainer.dependsOn(logItestContainer)
+
 project.tasks.release.dependsOn([project.tasks.integrationTest, project.tasks.build])
-project.tasks.release.finalizedBy(project.tasks.bintrayUpload)
+project.tasks.release.finalizedBy(project.tasks.forkedUploadRelease)
 project.tasks.jacocoTestReport.dependsOn(project.tasks.test)
 project.tasks.check.dependsOn(project.tasks.jacocoTestReport)

examples/pom.xml

@@ -55,7 +55,7 @@
         <dependency>
             <groupId>com.hierynomus</groupId>
             <artifactId>sshj</artifactId>
-            <version>0.19.0</version>
+            <version>0.31.0</version>
         </dependency>
     </dependencies>
 

examples/src/main/java/net/schmizz/sshj/examples/Exec.java

@@ -5,30 +5,36 @@ import net.schmizz.sshj.common.IOUtils;
 import net.schmizz.sshj.connection.channel.direct.Session;
 import net.schmizz.sshj.connection.channel.direct.Session.Command;
 
+import java.io.Console;
 import java.io.IOException;
 import java.util.concurrent.TimeUnit;
 
 /** This examples demonstrates how a remote command can be executed. */
 public class Exec {
+    private static final Console con = System.console();
 
     public static void main(String... args)
             throws IOException {
         final SSHClient ssh = new SSHClient();
         ssh.loadKnownHosts();
-
         ssh.connect("localhost");
+        Session session = null;
         try {
             ssh.authPublickey(System.getProperty("user.name"));
-            final Session session = ssh.startSession();
-            try {
-                final Command cmd = session.exec("ping -c 1 google.com");
-                System.out.println(IOUtils.readFully(cmd.getInputStream()).toString());
-                cmd.join(5, TimeUnit.SECONDS);
-                System.out.println("\n** exit status: " + cmd.getExitStatus());
-            } finally {
-                session.close();
-            }
+            session = ssh.startSession();
+            final Command cmd = session.exec("ping -c 1 google.com");
+            con.writer().print(IOUtils.readFully(cmd.getInputStream()).toString());
+            cmd.join(5, TimeUnit.SECONDS);
+            con.writer().print("\n** exit status: " + cmd.getExitStatus());
         } finally {
+            try {
+                if (session != null) {
+                    session.close();
+                }
+            } catch (IOException e) {
+                // Do Nothing   
+            }
+            
             ssh.disconnect();
         }
     }

examples/src/main/java/net/schmizz/sshj/examples/InMemoryKnownHosts.java

@@ -0,0 +1,31 @@
+package net.schmizz.sshj.examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.transport.verification.HostKeyVerifier;
+import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
+import net.schmizz.sshj.xfer.FileSystemFile;
+
+import java.io.*;
+import java.nio.charset.Charset;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.List;
+
+/** This examples demonstrates how to configure {@link net.schmizz.sshj.SSHClient} client with an in-memory known_hosts file */
+public class InMemoryKnownHosts {
+
+    public static void main(String[] args) throws IOException {
+        InputStream entry = new ByteArrayInputStream("localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmhSBtMctNa4hsZt8QGlsYSE5/gMkjeand69Vj4ir13".getBytes(Charset.defaultCharset()));
+        SSHClient ssh = new SSHClient();
+        ssh.addHostKeyVerifier(new OpenSSHKnownHosts(new InputStreamReader(entry, Charset.defaultCharset())));
+        ssh.connect("localhost");
+        try {
+            ssh.authPublickey(System.getProperty("user.name"));
+            ssh.newSCPFileTransfer().download("test_file", new FileSystemFile("/tmp/"));
+        } finally {
+            ssh.disconnect();
+        }
+    }
+
+}

examples/src/main/java/net/schmizz/sshj/examples/Jump.java

@@ -0,0 +1,50 @@
+package net.schmizz.sshj.examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.connection.channel.direct.DirectConnection;
+import net.schmizz.sshj.connection.channel.direct.Session;
+
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * This example demonstrates connecting via an intermediate "jump" server using a direct TCP/IP channel.
+ */
+public class Jump {
+    public static void main(String... args)
+            throws IOException {
+        SSHClient firstHop = new SSHClient();
+
+        firstHop.loadKnownHosts();
+
+        firstHop.connect("localhost");
+        try {
+
+            firstHop.authPublickey(System.getProperty("user.name"));
+
+            DirectConnection tunnel = firstHop.newDirectConnection("localhost", 22);
+
+            SSHClient ssh = new SSHClient();
+            try {
+                ssh.loadKnownHosts();
+                ssh.connectVia(tunnel);
+                ssh.authPublickey(System.getProperty("user.name"));
+
+                final Session session = ssh.startSession();
+                try {
+                    final Session.Command cmd = session.exec("ping -c 1 google.com");
+                    System.out.println(IOUtils.readFully(cmd.getInputStream()).toString());
+                    cmd.join(5, TimeUnit.SECONDS);
+                    System.out.println("\n** exit status: " + cmd.getExitStatus());
+                } finally {
+                    session.close();
+                }
+            } finally {
+                ssh.disconnect();
+            }
+        } finally {
+            firstHop.disconnect();
+        }
+    }
+}

examples/src/main/java/net/schmizz/sshj/examples/LocalPF.java

@@ -2,6 +2,7 @@ package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.connection.channel.direct.LocalPortForwarder;
+import net.schmizz.sshj.connection.channel.direct.Parameters;
 
 import java.io.IOException;
 import java.net.InetSocketAddress;
@@ -28,8 +29,8 @@ public class LocalPF {
             * _We_ listen on localhost:8080 and forward all connections on to server, which then forwards it to
             * google.com:80
             */
-            final LocalPortForwarder.Parameters params
-                    = new LocalPortForwarder.Parameters("0.0.0.0", 8080, "google.com", 80);
+            final Parameters params
+                    = new Parameters("0.0.0.0", 8080, "google.com", 80);
             final ServerSocket ss = new ServerSocket();
             ss.setReuseAddress(true);
             ss.bind(new InetSocketAddress(params.getLocalHost(), params.getLocalPort()));

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,5 @@
-#Fri Mar 18 11:26:35 CET 2016
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.4-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.3-all.zip

gradlew

@@ -1,4 +1,20 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
+
+#
+# Copyright 2015 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
 
 ##############################################################################
 ##
@@ -6,47 +22,6 @@
 ##
 ##############################################################################
 
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS=""
-
-APP_NAME="Gradle"
-APP_BASE_NAME=`basename "$0"`
-
-# Use the maximum available, or set MAX_FD != -1 to use that value.
-MAX_FD="maximum"
-
-warn ( ) {
-    echo "$*"
-}
-
-die ( ) {
-    echo
-    echo "$*"
-    echo
-    exit 1
-}
-
-# OS specific support (must be 'true' or 'false').
-cygwin=false
-msys=false
-darwin=false
-case "`uname`" in
-  CYGWIN* )
-    cygwin=true
-    ;;
-  Darwin* )
-    darwin=true
-    ;;
-  MINGW* )
-    msys=true
-    ;;
-esac
-
-# For Cygwin, ensure paths are in UNIX format before anything is touched.
-if $cygwin ; then
-    [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
-fi
-
 # Attempt to set APP_HOME
 # Resolve links: $0 may be a link
 PRG="$0"
@@ -61,9 +36,49 @@ while [ -h "$PRG" ] ; do
     fi
 done
 SAVED="`pwd`"
-cd "`dirname \"$PRG\"`/" >&-
+cd "`dirname \"$PRG\"`/" >/dev/null
 APP_HOME="`pwd -P`"
-cd "$SAVED" >&-
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn () {
+    echo "$*"
+}
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
 
 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
@@ -90,7 +105,7 @@ location of your Java installation."
 fi
 
 # Increase the maximum file descriptors if we can.
-if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
     MAX_FD_LIMIT=`ulimit -H -n`
     if [ $? -eq 0 ] ; then
         if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
@@ -110,10 +125,11 @@ if $darwin; then
     GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
 fi
 
-# For Cygwin, switch paths to Windows format before running java
-if $cygwin ; then
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
     APP_HOME=`cygpath --path --mixed "$APP_HOME"`
     CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+    JAVACMD=`cygpath --unix "$JAVACMD"`
 
     # We build the pattern for arguments to be converted via cygpath
     ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
@@ -138,27 +154,30 @@ if $cygwin ; then
         else
             eval `echo args$i`="\"$arg\""
         fi
-        i=$((i+1))
+        i=`expr $i + 1`
     done
     case $i in
-        (0) set -- ;;
-        (1) set -- "$args0" ;;
-        (2) set -- "$args0" "$args1" ;;
-        (3) set -- "$args0" "$args1" "$args2" ;;
-        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
-        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
-        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
-        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
-        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
-        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+        0) set -- ;;
+        1) set -- "$args0" ;;
+        2) set -- "$args0" "$args1" ;;
+        3) set -- "$args0" "$args1" "$args2" ;;
+        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
     esac
 fi
 
-# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
-function splitJvmOpts() {
-    JVM_OPTS=("$@")
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
 }
-eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
-JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
+APP_ARGS=`save "$@"`
 
-exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+exec "$JAVACMD" "$@"

gradlew.bat

@@ -1,3 +1,19 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
 @if "%DEBUG%" == "" @echo off
 @rem ##########################################################################
 @rem
@@ -8,14 +24,17 @@
 @rem Set local scope for the variables with windows NT shell
 if "%OS%"=="Windows_NT" setlocal
 
-@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-set DEFAULT_JVM_OPTS=
-
 set DIRNAME=%~dp0
 if "%DIRNAME%" == "" set DIRNAME=.
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
 @rem Find java.exe
 if defined JAVA_HOME goto findJavaFromJavaHome
 
@@ -46,10 +65,9 @@ echo location of your Java installation.
 goto fail
 
 :init
-@rem Get command-line arguments, handling Windowz variants
+@rem Get command-line arguments, handling Windows variants
 
 if not "%OS%" == "Windows_NT" goto win9xME_args
-if "%@eval[2+2]" == "4" goto 4NT_args
 
 :win9xME_args
 @rem Slurp the command line arguments.
@@ -60,11 +78,6 @@ set _SKIP=2
 if "x%~1" == "x" goto execute
 
 set CMD_LINE_ARGS=%*
-goto execute
-
-:4NT_args
-@rem Get arguments from the 4NT Shell from JP Software
-set CMD_LINE_ARGS=%$
 
 :execute
 @rem Setup the command line

src/itest/docker-image/Dockerfile

@@ -1,16 +1,24 @@
-FROM sickp/alpine-sshd:7.5
+FROM sickp/alpine-sshd:7.5-r2
 
-ADD id_rsa.pub /home/sshj/.ssh/authorized_keys
+ADD authorized_keys /home/sshj/.ssh/authorized_keys
 
 ADD test-container/ssh_host_ecdsa_key     /etc/ssh/ssh_host_ecdsa_key
 ADD test-container/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
+ADD test-container/ssh_host_ed25519_key   /etc/ssh/ssh_host_ed25519_key
+ADD test-container/ssh_host_ed25519_key.pub   /etc/ssh/ssh_host_ed25519_key.pub
+ADD test-container/sshd_config /etc/ssh/sshd_config
+COPY test-container/trusted_ca_keys /etc/ssh/trusted_ca_keys
+COPY test-container/host_keys/* /etc/ssh/
 
+RUN apk add --no-cache tini
 RUN \
   echo "root:smile" | chpasswd && \
   adduser -D -s /bin/ash sshj && \
   passwd -u sshj && \
+  echo "sshj:ultrapassword" | chpasswd && \
   chmod 600 /home/sshj/.ssh/authorized_keys && \
-  chmod 600 /etc/ssh/ssh_host_ecdsa_key && \
-  chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub && \
+  chmod 600 /etc/ssh/ssh_host_*_key && \
+  chmod 644 /etc/ssh/*.pub && \
   chown -R sshj:sshj /home/sshj
 
+ENTRYPOINT ["/sbin/tini", "/entrypoint.sh", "-o", "LogLevel=DEBUG2"]

src/itest/docker-image/authorized_keys

@@ -0,0 +1,9 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOEQcvowiV3igdRO7rKPrZrao1hCQrnC4tgsxqSJdQCbABI+vHrdbJRfWZNuSk48aAtARJzJVmkn/r63EPJgkh8= root@itgcpkerberosstack-cbgateway-0-20151117031915
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHQiZm0wBbmI8gohA/N9ir1O+egikL6S9FjZS8GHbx4rTHI1V+vbXxx2O9bFWtep1PFb4iowtZkxf6gvRjGkL6M= ajvanerp@Heimdall.local
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAdJiRkkBM8yC8seTEoAn2PfwbLKrkcahZ0xxPoWICJ root@sshj
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8ww4hJG/gHJYdkjTTBDF1GNz+228nuWprPV+NbQauA ajvanerp@Heimdall.local
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaWrwt3drIOjeBq2LSHRavxAT7ja2f+5soOUJl/zKSI ajvanerp@Heimdall.xebialabs.com
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoZ9l6Tkm2aL1tSBy2yw4xU5s8BE9MfqS/4J7DzvsYJxF6oQmTIjmStuhH/CT7UjuDtKXdXZUsIhKtafiizxGO8kHSzKDeitpth2RSr8ddMzZKyD6RNs7MfsgjA3UTtrrSrCXEY6O43S2cnuJrWzkPxtwxaQ3zOvDbS2tiulzyq0VzYmuhA/a4CyuQtJBuu+P2oqmu6pU/VB6IzONpvBvYbNPsH1WDmP7zko5wHPihXPCliztspKxS4DRtOZ7BGXyvg44UmIy0Kf4jOkaBV/eCCA4qH7ZHz71/5ceMOpszPcNOEmLGGYhwI+P3OuGMpkrSAv1f8IY6R8spZNncP6UaQ== no-passphrase
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDKRyZAtOJJfAhPU6xE6ZXY564vwErAI3n3Yn4lTHL9bxev9Ily6eCqPLcV0WbSV04pztngFn9MjT7yb8mcXheHpIaWEH569sMpmpOtyfn4p68SceuXBGyyPGMIcfOTknkASd1JYSD4EPkd9rZmCzcx3vEnLu8ChnA/G221xSVQ5VC/jD/c/CgNUayhQ+xbn57qHKKtZwfTa21QmwIabGYJNwlVjlKTCdddeVnZfKqKrG7cxHQApsxd21rhM9IT/C/f4Y/Tx3WUUVeam0iZ265oiPHoPALqJIWSQIUheRYAxYAQqJwSQ0Or9MM8XXun2Iy3RUSGk6eIvrCsFbNURsHNs7Pu0UnpYv6FZ3vCkFep/1pAT6fQvY7pDOOWDHKXArD4watc9gIWaQBH73wDW/KgBcnMRSoGWgQjsYqIamP4oV1+HqUI3lRAsXZaX+eiBGt3+3A5KebP27UJ1YUwhwlzs7wzTKaCu0OaL+hOsP1F2AxAa995bgFksMd23645ux3YCJKXG4sGpJ1Z/Hs49K72gv+QjLZVxXqY623c8+3OUhlixqoEFd4iG7UMc5a552ch/VA+jaspmLZoFhPz99aBRVb1oCSPxSwLw+Q/wxv6pZmT+14rqTzY2farjU53hM+CsUPh7dnWXhGG7RuA5wCdeOXOYjuksfzAoHIZhPqTgQ== ajvanerp@Heimdall.local
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMvfRYSe44VQGwxexOMibcM3+fWeUP1jrBofOxFDRRrzRF8dK/vll2svqTPXMRnITnT1UoemEcB5OHtvH4hzfh/HFeDxJ5S7UncYxoClTSa8MeMFG2Zj9CoUZs1SHbwSGg== root@sshj
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHquUYgkU9wJrcxDWVtdqtfqf6SBDdPDRxwDl7OCohV2UNu2KdjJwSj8j0fsPeMdHjSiv9OCnHYrVilQ+W5WW5q5wGXwk10oIcV0JJscohLA0nS7mKinBrxUwVHnNZbPExFciicnEArcYRb1BuT7HF8hfjuSSpWS0rob6kloSSi/jV7ZA== root@sshj

src/itest/docker-image/id_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoZ9l6Tkm2aL1tSBy2yw4xU5s8BE9MfqS/4J7DzvsYJxF6oQmTIjmStuhH/CT7UjuDtKXdXZUsIhKtafiizxGO8kHSzKDeitpth2RSr8ddMzZKyD6RNs7MfsgjA3UTtrrSrCXEY6O43S2cnuJrWzkPxtwxaQ3zOvDbS2tiulzyq0VzYmuhA/a4CyuQtJBuu+P2oqmu6pU/VB6IzONpvBvYbNPsH1WDmP7zko5wHPihXPCliztspKxS4DRtOZ7BGXyvg44UmIy0Kf4jOkaBV/eCCA4qH7ZHz71/5ceMOpszPcNOEmLGGYhwI+P3OuGMpkrSAv1f8IY6R8spZNncP6UaQ== no-passphrase

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key

@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQR1fMdT7FYIpIo+4hhd5oOgHk6uW79B
+HVscKp83yPhFylnG4NtpF7anAWTcpl5aB9eJVWTCP5KVvlVLVkxUSRDwAAAAwITPM06Ezz
+NOAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7i
+GF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEP
+AAAAAhAP21AnkkpifUJgiBSYk7YhOfcwC4VfMB3n+BBln73VnmAAAAImlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9yc2EBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQgbM6lYD+Yx1aendIKHYuKthkIN0WhvPdMA0DbC/QmEAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgAOa69XTj4yOPjKtN5Few84Y2qj4p/4RK9yiAjWWxbMQv+dlLzEH/wtj6p1SeDJozFssVfyH2ODFGY9Dct3K4SbLA1b8LfM6vaf1bUxdQz7njsQ40KpcJu662hMOkj9AKTQgpVUVgJJOQuLrIbyfjKClaqt2W6ziH2eLn7wPsZ6HGhQMALQVmebzgFepnwCve9wgX1HNOfuAYYVQwFXddi/xQ4BIVmsH6E3DcUUzjtZZaG063CddPYOW2Ea1efWqHu20FRWqsMnwbL6Hr9JkjKv/Iub8mgLMP1bhbMEblb+tQ+y9RRvPwjT89tKljc7hXvBxpHA4c4ZlnTidsjqPHVeARCt5LV4lES7HWEZ+kFIkGndNLYXOUnxgk6iSLLHVVZUCZPbUiZbSJdoj7r7LGiz4KA7mnqQQGU2jWxSI2drD5T6SW0TFspzjX4dPnJyzFpe02Fl+NvblUUHsnPTHdsRexHRNfqkQhKIO4i8AM8U02nU/uBmXFPb9ANbLcq+Npw== id_ecdsa_256_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPA= id_ecdsa_256_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key

@@ -0,0 +1,11 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
+1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQQ00XynBzgyJLB+1SDf2elIDYt7Lz6g
+Y3dzdqKmYe5L6jzUShmV1UjiE9gCl7i47aRWHSZ3VwiZ0jsT2ekL+ctScSn+NGgw/6BgFr
+c3zIkJoYWYzpg2D3mKUkNDMnJWgisAAADw6GCqcuhgqnIAAAATZWNkc2Etc2hhMi1uaXN0
+cDM4NAAAAAhuaXN0cDM4NAAAAGEENNF8pwc4MiSwftUg39npSA2Ley8+oGN3c3aipmHuS+
+o81EoZldVI4hPYApe4uO2kVh0md1cImdI7E9npC/nLUnEp/jRoMP+gYBa3N8yJCaGFmM6Y
+Ng95ilJDQzJyVoIrAAAAMQDwyD4C4DbK9DVDOovHqCt/f2TKaho1F4wouIIa4ZTph+9cSp
+PUhlSNXKDRD7pOUdIAAAAiaWRfZWNkc2FfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQEC
+AwQF
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2byoaIudWiOZaNJMfyOHNw5tOy8lWAADbp/rNkJ7krwAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKwAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAV3uUrbSScu722FmIUG1FEtd7X+y58XlZyBZMDkI2G8RL0bZtALg8kfAUqRs17XS8MEIsG2STDGvDoKpPlGrupTGAwjnpTrDsgr/WaXUn/21Tyv6h4npcPxX5h5OU24UdZRXUGMRqwRXn4d6c44I6lAXkFGEHV20da+2sKR02QOIEfYik7kYgUzkVE5QPr0YN2hWCNxPNahgPow2RvPDHKL0PBS2CASeIo9pZ6OECdsCX92+BXN+e8oPO+BTp2mwzaepFPiSO6pIdTOnhFHwiY7mG7Y+Xw3nCYJl9cILzeuuUeEw3elRMYtnIoUye/IZaZw6GNBObb59seFOaf8Hm7NV6F7L/RNUG7aESB2n6KKggbPci8xuCulfgi/XBxjsXd/affASOUcn3X6IIUwJDqwMBkhmagvYVoLX1gMoHBW0aLZDQEXigV0WW8v1oMsEp6Sl9Y0kRs9vPBr/8LX9vDaPKmNxOBV8uOnicDb9HZicyLkVQyPFobHOvYt/gfEUM id_ecdsa_384_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKw== id_ecdsa_384_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key

@@ -0,0 +1,12 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS
+1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBkA3IU8ml4HuqnsOYb2H89fRKo0Wx
+nFnke8J5olJ0eyaoAv/0fSZDiOeF5j/K6VGeCa45edqJZCNCwda0vzQaZH8AYUnwojVGH1
+pchzLm1U9C3WlF0wP/c141GiNVmkKAQDN7J4KKxchhByMKVPLUzHv181OvItrLR3ECuhGT
+a8xpJRYAAAEgetmfwXrZn8EAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ
+AAAIUEAZANyFPJpeB7qp7DmG9h/PX0SqNFsZxZ5HvCeaJSdHsmqAL/9H0mQ4jnheY/yulR
+ngmuOXnaiWQjQsHWtL80GmR/AGFJ8KI1Rh9aXIcy5tVPQt1pRdMD/3NeNRojVZpCgEAzey
+eCisXIYQcjClTy1Mx79fNTryLay0dxAroRk2vMaSUWAAAAQWe6t//lZtwKOHz9KOFcSfpO
+DPQTu+PyzryWrwG99r6IoEqXahhK6FjTJ7U0/Ep9zVeeiLpRVlKe15pcN6U3dp9uAAAAIm
+lkX2VjZHNhXzUyMV9yZmM0NzE2X3NpZ25lZF9ieV9yc2EB
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAghRVKHO1c4TGUTQt6NcV1mXd4HCBJLlkJZtPmVp0EQjUAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFgAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAmpwzeo95ahCTQuLfdsHSlWhNlBVUsEze9ogzqhnh1unL0uDztGbEwZ3+2vAQI9wRlIBJhg+FFIOc6KW6Hi9zHZaU/ipmrtDwoMfaRrL6ZgP+COvCxPMiTuJPt8Er2OsRnarc7iM1RnhFz3jVTGhkTG8W9yvN6Pr7SeJ9DokrRMfuDBosLE7i22pLWWBeDmSHz0dh6VGUhTnEK/9RzRnPQmByRQJ+Xfv4He7QE1IWIufG6zYKi42XiCpC2DKCxI0yapKvqVWkR1snc/0ykMUESsAgyzZoYqzxUCSmTzfT/DCb1WRswFVlLb+uccpo6ioi62CCNvC88WDsXhSO4VYsUno33KL9MopvbO1Gg5IncJP+a2wbP3fFQpefx0D828DovGKNSDxGmzXE2HoEQSsW9EsrBOEBZffHRIgLx+yuR9Er67RrIzUZclUlGZaLf/PWf2JSNwuIhxCShwPu1d3I2VYx5Lcn5MXk/IpHP8xLXH/g8/Mm+NhO4blVFAOwYaox id_ecdsa_521_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFg== id_ecdsa_521_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAz/M/Awfg01fL5pK7PsOmk8sdM98WFXv/7ycMEsMu8EgAAAKilREz2pURM
+9gAAAAtzc2gtZWQyNTUxOQAAACAz/M/Awfg01fL5pK7PsOmk8sdM98WFXv/7ycMEsMu8Eg
+AAAEB9mj+1Z9CnxalesmwJiPa7051sjjnXKR00aQ59jCX0GTP8z8DB+DTV8vmkrs+w6aTy
+x0z3xYVe//vJwwSwy7wSAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3
+JzYQE=
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key-cert.pub

@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJPdoRzLgA3gyn+/e94rnl7IvN7PxvEeV0JTITLah2ipAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJob5TylOxmfFX5qH3iE53+zgXp3JbuxcRG9aYx/5GFiWx2yCku1/2lN/KgW2AOb31iS22LXlhCUtZBmbHiYI9aftZAyBcHGYcHvMCDHH66q+bVLlmRlNW+JjWLM46ythgRT+1dKGWAarZSwAC8hYxlV07pvt7EXFmzy4Kv0C/FL8d78P3nrRsmDTYBwrhQy1s5gwOeZlLyomPtSL7kfdxBXum8v4lG+ddtcL82iGdp2gNyonrjyaDZcdXD1FoBDlqM+lvWGO1n4ikts7JG3jcgK3QRdYOVmPnsCzEHaiTm9APuhf72+B5RXybbQcyHTA49+TptavkoxVaMqzdvIunfEYVf1S5zCHgysOkqGLOEVyMSxZk3pORajr2kdyc02Q4Plrb8B6G0rbixJRCJouS6I8J4W/Orypa2ge/un3U1JYaBeA18va7hwHoG/0zsdswETyIB+nrj59YM6Zm4zzC7Sm0SBNXFN0m2f6SDj6CDTnmj13aejQLUzED4e2Bm6Qw== id_ed25519_384_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wS id_ed25519_384_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key

@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEA1iHGJi0EhM4vSCe40N3670OWx6tsA28P7Rpqgl9VdYtorneByT6U
+3o7nSIK7MCGXD9XFCPDbQPnCpjIOQaq9f7wzaj7vEzN3iPEsUohfGIhBnZUZqtHdPSMhqE
+JwxuIqRAlSjy8XnBNK6EjgpZGyXL5NijjR9dp/jYgOCMMmJB585BWhYQt7P5qceFjz6AqH
+WKnBbajorFjiJQR9LVhi9nBCC1I02e8aWqS05JR51J8J1+lECJEiKBbzD0dhAd0CPsGlux
+BtwVGZF13+xzc9/NZLUUb4wJxWM0R8flmIochK+yqPgCmr7rjA3yyEPXtQrvTQ46Jjt/u6
+uKyLbdiZ2QAAA9i320dZt9tHWQAAAAdzc2gtcnNhAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5
+bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8T
+M3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA
+4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnU
+nwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko
++AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAwEAAQAAAQEAkd0x4GF8GYdmV+2P
+DOCZhhDxjhQsoO4v2CDNev+79DVB2s7XnyG9QRnxXMiJAJFxGL1S2fNQN6OrP5ELexn2ui
+OWloJGUzsU6zj2K0ZwGQMAR3sAoAcTgQkEbVzM+/2mMvByx8yZdZ0CwtaaCM8Fw/1yTnzE
+MYhkqSGMBdYBjknjZ8pPMYNVucncmdYibPU5VRRhWSSXlee6oZRgWrcW8VGlFtQU/RHt1a
+LUPrSk/3e1Iqk75AWaFVVwnTnz8pPBpQXboiN22gZ8fvPYO9wphPmuXPapGFUt5NHBgMOv
+Yr2+uzeSYg79VKhRv6YEM3aeW8kkjdZ7r4uP8EFnimUDAQAAAIEAsIsTx8nO65tEJbCEmM
+/bFXHRmMSnVyQWQgyPXTvbWyI1Uk0YyaFOnsFCuXwfM/3fupvFyKTC4rdeJYl9HiVbZAm3
+puI+GIRPOdKMWdh+e802KdeGXPsc+LU0tw5zwaRKH46QtmKEu1UICmUEsDFQxYfSlL8zhc
+/OrNwPUZTRtrYAAACBAOsPC4PtdyItaHVYbSlgp++foTm4adby3lYQOh4VDanY4H95ct/P
+4Qa9BklZmkN5HoaPBnOCV66+RzW42qSbincRSdsYXP6t5fnnQwp9+tqCQaPuHVIGuW9MI9
+qO1hwOl1HnvYFvOEvdvA+Os3as5DyZO5AP5Eta6cwjMwKDTB/hAAAAgQDpNXQL3vJvsUgP
+yZjhxodGGoT7HvLVClrICEuVrJj/10t5AabWjh5G3FILZyTU+zNTGLn+emocuKf+sbrlAe
+6sImXPfKKx/kgSR7knPlUi0TEOow4XbIif0cfGxqkamANe1Sv7xReR2rIqkWqEZsDNhtZR
+oQQY9bNehpqAweCY+QAAACFpZF9yc2FfMjA0OF9yZmM0NzE2X3NpZ25lZF9ieV9yc2E=
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key-cert.pub

@@ -0,0 +1 @@
+ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgKsWt/s6Kl/ti8EuWBhg0TdS/kEUWRzsogWz5M1CVjtoAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAAAAAAAAAAACAAAAIWlkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJSHsEN9ccb4C/wrw0Lq22tZ/tLdjXxHKa1xBZZf81z7POZy8njEDN9bXHQalpLzgR12HDnkbBhk0tBrH8JDEmddOiMZrjD5GUzsK5Y3X6H/MTZrPYSqeO7ikmffxRI4A0BjYBmGk5ClntKzs3VhbhnlwBzTbvl+lwGVnP2EJmmP6/xjB0V3udYOQMbRd9Q2ORIZWF0VSexhjVVSdEwDlDdHWubFJwpHGDXKWeijGxSYXbZGwCGhqU04DYIx7HEIm0sulIX9GxjAm16y8QvrSjKCmfOkvg6T/TVVStYGkU2BGGhXyCfCA3gecdxI8mijuLsuBnkr0rVlDg00FLOAduLzsQq7gSC0/xit4OlJO7MoNUSnC9NjNSLjPy7DzW0bwfkmvfuTpKhDmO0lNbr+6if3+Q8pXZV+q1bRFMO9AsSO52gXA/IXGZC3u5JCL56hqb03sQPn/K9ZWmiRzwJYWTpgIgycGwR1ZIYFvtqKJqtVoGaZfCIQD/I4i01qqHxVAg== id_rsa_2048_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZ id_rsa_2048_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/ssh_host_ed25519_key

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBFG9PKAq8FtH0me+LHUE6YaVANCMqy/Znkffzief1W/gAAAKCyyoBkssqA
+ZAAAAAtzc2gtZWQyNTUxOQAAACBFG9PKAq8FtH0me+LHUE6YaVANCMqy/Znkffzief1W/g
+AAAED+Yfza2xk5LqP9pN6TpvhWYP0L60zOQJpHhbEuiS3LLkUb08oCrwW0fSZ74sdQTphp
+UA0IyrL9meR9/OJ5/Vb+AAAAF2FqdmFuZXJwQEhlaW1kYWxsLmxvY2FsAQIDBAUG
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUb08oCrwW0fSZ74sdQTphpUA0IyrL9meR9/OJ5/Vb+ ajvanerp@Heimdall.local

src/itest/docker-image/test-container/sshd_config

@@ -0,0 +1,158 @@
+#	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/ssh/sftp-server
+
+# the following are HPN related configuration options
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
+
+# disable hpn performance boosts
+#HPNDisabled no
+
+# buffer size for hpn to non-hpn connections
+#HPNBufferSize 2048
+
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
+
+KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
+macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com
+
+TrustedUserCAKeys /etc/ssh/trusted_ca_keys
+
+Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
+
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+
+HostKey /etc/ssh/ssh_host_ecdsa_256_key
+HostCertificate /etc/ssh/ssh_host_ecdsa_256_key-cert.pub
+
+HostKey /etc/ssh/ssh_host_ecdsa_384_key
+HostCertificate /etc/ssh/ssh_host_ecdsa_384_key-cert.pub
+
+HostKey /etc/ssh/ssh_host_ecdsa_521_key
+HostCertificate /etc/ssh/ssh_host_ecdsa_521_key-cert.pub
+
+HostKey /etc/ssh/ssh_host_ed25519_384_key
+HostCertificate /etc/ssh/ssh_host_ed25519_384_key-cert.pub
+
+HostKey /etc/ssh/ssh_host_rsa_2048_key
+HostCertificate /etc/ssh/ssh_host_rsa_2048_key-cert.pub
+
+LogLevel DEBUG2

src/itest/docker-image/test-container/trusted_ca_keys

@@ -0,0 +1,4 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN70b/cYHZQMD1YW0mlncXqC2l++sEWrVYlIUCzNxNhRYjI4UmEVEq3ru1h6K3ZVAJi1DcZuf5ne1ZXtwJ1Uw1JA4wGdKw+9TwAb5Gubn+VEowgt62kLAPeChiPucTXD0FDDhIUOBv3KxytdrJIYAtzZT27STsBiDF1+7Ld3wk/1Dg9NAaI6q40PmuicTEACQRHn5snI1t9+LgZTd3/PPE5pjJM0ow9+r6mlUUM5oHCk5sZ8DBuRR1Ram4sxp/LFQM+9feMmW3ZM2C5AN0JG4A7NXnlwiTKmNVrGI0iFucBBKhjxN1qdgBF11/42cCrerC9UW1auTTi9mqwEIqBGL30VOPy+dCPQQViP+C09CBgyr3wpZciPKP1mvmcOkC5FDzKg9e3v1JBq0fqZgwt+PPG8cGnxRCGEQ+ZMLDuAixkQUEwDWeMskHLkbjUEiVZydViCPSzFczGtKatQiQVZA5Zx0Gn2sUaQjykhWzqKNL8oIbolEdkH9ubOZWNi0brzU= root@sshj
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFI= CA_ecdsa.pem
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0= CA_rsa.pem
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuH CA_ed25519.pem

src/itest/docker-image/test-container/users_rsa_ca.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN70b/cYHZQMD1YW0mlncXqC2l++sEWrVYlIUCzNxNhRYjI4UmEVEq3ru1h6K3ZVAJi1DcZuf5ne1ZXtwJ1Uw1JA4wGdKw+9TwAb5Gubn+VEowgt62kLAPeChiPucTXD0FDDhIUOBv3KxytdrJIYAtzZT27STsBiDF1+7Ld3wk/1Dg9NAaI6q40PmuicTEACQRHn5snI1t9+LgZTd3/PPE5pjJM0ow9+r6mlUUM5oHCk5sZ8DBuRR1Ram4sxp/LFQM+9feMmW3ZM2C5AN0JG4A7NXnlwiTKmNVrGI0iFucBBKhjxN1qdgBF11/42cCrerC9UW1auTTi9mqwEIqBGL30VOPy+dCPQQViP+C09CBgyr3wpZciPKP1mvmcOkC5FDzKg9e3v1JBq0fqZgwt+PPG8cGnxRCGEQ+ZMLDuAixkQUEwDWeMskHLkbjUEiVZydViCPSzFczGtKatQiQVZA5Zx0Gn2sUaQjykhWzqKNL8oIbolEdkH9ubOZWNi0brzU= root@sshj

src/itest/generate.sh

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+# This script is intended for generating SSH keys required for unit and integration tests. If you intend to add a new
+# key to the tests, please write its generation command there.
+#
+# All generation commands should generate only files that does not exist. If some key is already generated, the script
+# should not overwrite the key.
+
+set -e -o pipefail
+cd "${BASH_SOURCES[0]}"
+
+function generate() {
+  local destination="$1"
+  if [[ ! -f "$destination" ]]; then
+    echo "Generating $destination" 1>&2
+    shift
+    mkdir -p "$(dirname "$destination")"
+    ssh-keygen -q -f "$destination" "${@}"
+  fi
+}
+
+function generate_cert() {
+  local private_key
+  local suffix
+  local cert
+  private_key="$1"
+  suffix="$2"
+  shift 2
+  cert="$private_key$suffix-cert.pub"
+  if [[ ! -f "$cert" ]]; then
+    cp "$private_key" "$private_key$suffix"
+    cp "$private_key.pub" "$private_key$suffix.pub"
+    generate "$cert" "$@" "$private_key$suffix.pub"
+    rm -f "$private_key$suffix" "$private_key$suffix.pub"
+  fi
+}
+
+generate resources/users_rsa_ca -t rsa -N ''
+if [[ -f resources/users_rsa_ca.pub ]]; then
+  mv resources/users_rsa_ca.pub docker-image/test-container
+fi
+generate resources/keyfiles/id_rsa2 -t rsa -m pem -N ''
+generate resources/keyfiles/id_rsa2-cert.pub -s resources/users_rsa_ca -I my_key_id -n sshj resources/keyfiles/id_rsa2.pub
+
+cat docker-image/test-container/users_rsa_ca.pub >docker-image/test-container/trusted_ca_keys
+
+key_algo_pairs=(ecdsa_256 ecdsa_384 ecdsa_521 rsa_2048 ed25519_384)
+
+for ca_algo in ecdsa rsa ed25519; do
+  generate "resources/keyfiles/certificates/CA_${ca_algo}.pem" -N "" -t "$ca_algo" -C "CA_${ca_algo}.pem"
+  cat "resources/keyfiles/certificates/CA_${ca_algo}.pem.pub" >>docker-image/test-container/trusted_ca_keys
+
+  for key_algo_pair in "${key_algo_pairs[@]}"; do
+    key_algo="${key_algo_pair/_*/}"
+    bits="${key_algo_pair/*_/}"
+
+    for format in pem rfc4716; do
+      if [[ "$key_algo" == 'pem' && "$format" == 'ed25519' ]]; then
+        # Ed25519 keys are always generated in RFC4716 format.
+        continue
+      fi
+
+      user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_${ca_algo}"
+      generate "$user_key" -N '' -t "$key_algo" -b "$bits" -m "$format" -C "$(basename "$user_key")"
+      generate "${user_key}-cert.pub" -s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -n sshj "${user_key}.pub"
+
+      # These certificates are to be used as host certificates of sshd.
+      generate_cert "$user_key" _host \
+        -s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -h -n 127.0.0.1
+    done
+  done
+done
+
+mkdir -p docker-image/test-container/host_keys
+
+for key_algo_pair in "${key_algo_pairs[@]}"; do
+  key_algo="${key_algo_pair/_*/}"
+  bits="${key_algo_pair/*_/}"
+
+  user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_rsa"
+  host_key="docker-image/test-container/host_keys/ssh_host_${key_algo_pair}_key"
+  if [[ ! -f "$host_key" ]]; then
+    cp -p "$user_key" "$host_key"
+    cp -p "${user_key}.pub" "${host_key}.pub"
+    cp -p "${user_key}_host-cert.pub" "${host_key}-cert.pub"
+  fi
+done
+
+(
+  cd resources/keyfiles/certificates
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_valid_before_past \
+    -s "CA_rsa.pem" -I valid_before_past -h -n 127.0.0.1 -V 'always:20210101000000'
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_valid_after_future \
+    -s "CA_rsa.pem" -I valid_after_future -h -n 127.0.0.1 -V '20990101000000:forever'
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_no_principal \
+    -s "CA_rsa.pem" -I no_principal -h
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_principal_wildcard_example_com \
+    -s "CA_rsa.pem" -I principal_wildcard_example_com -h -n '*.example.com'
+)

src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy

@@ -15,22 +15,28 @@
  */
 package com.hierynomus.sshj
 
+import net.schmizz.sshj.Config
 import net.schmizz.sshj.DefaultConfig
 import net.schmizz.sshj.SSHClient
 import net.schmizz.sshj.transport.verification.PromiscuousVerifier
 import spock.lang.Specification
 
 class IntegrationBaseSpec extends Specification {
-    protected static final int DOCKER_PORT = 2222;
-    protected static final String USERNAME = "sshj";
-    protected final static String SERVER_IP = System.getProperty("serverIP", "127.0.0.1");
+    protected static final int DOCKER_PORT = 2222
+    protected static final String USERNAME = "sshj"
+    protected static final String KEYFILE = "src/itest/resources/keyfiles/id_rsa"
+    protected final static String SERVER_IP = System.getProperty("serverIP", "127.0.0.1")
+
+    protected static SSHClient getConnectedClient(Config config) {
+        SSHClient sshClient = new SSHClient(config)
+        sshClient.addHostKeyVerifier(new PromiscuousVerifier())
+        sshClient.connect(SERVER_IP, DOCKER_PORT)
+
+        return sshClient
+    }
 
     protected static SSHClient getConnectedClient() throws IOException {
-        SSHClient sshClient = new SSHClient(new DefaultConfig());
-        sshClient.addHostKeyVerifier(new PromiscuousVerifier());
-        sshClient.connect(SERVER_IP, DOCKER_PORT);
-
-        return sshClient;
+        return getConnectedClient(new DefaultConfig())
     }
 
 }

src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy

@@ -15,23 +15,33 @@
  */
 package com.hierynomus.sshj
 
+import com.hierynomus.sshj.key.KeyAlgorithms
 import net.schmizz.sshj.DefaultConfig
 import net.schmizz.sshj.SSHClient
 import net.schmizz.sshj.transport.TransportException
 import net.schmizz.sshj.userauth.UserAuthException
+import spock.lang.Unroll
 
 class IntegrationSpec extends IntegrationBaseSpec {
 
-    def "should accept correct key"() {
+    @Unroll
+    def "should accept correct key for #signatureName"() {
         given:
-        SSHClient sshClient = new SSHClient(new DefaultConfig())
-        sshClient.addHostKeyVerifier("d3:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3") // test-containers/ssh_host_ecdsa_key's fingerprint
+        def config = new DefaultConfig()
+        config.setKeyAlgorithms(Collections.singletonList(signatureFactory))
+        SSHClient sshClient = new SSHClient(config)
+        sshClient.addHostKeyVerifier(fingerprint) // test-containers/ssh_host_ecdsa_key's fingerprint
 
         when:
         sshClient.connect(SERVER_IP, DOCKER_PORT)
 
         then:
         sshClient.isConnected()
+
+        where:
+        signatureFactory << [KeyAlgorithms.ECDSASHANistp256(), KeyAlgorithms.EdDSA25519()]
+        fingerprint << ["d3:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3", "dc:68:38:ce:fc:6f:2c:d6:6d:6b:34:eb:5c:f0:41:6a"]
+        signatureName = signatureFactory.getName()
     }
 
     def "should decline wrong key"() throws IOException {
@@ -46,15 +56,29 @@ class IntegrationSpec extends IntegrationBaseSpec {
         thrown(TransportException.class)
     }
 
-    def "should authenticate"() {
+    @Unroll
+    def "should authenticate with key #key"() {
         given:
         SSHClient client = getConnectedClient()
 
         when:
-        client.authPublickey("sshj", "src/test/resources/id_rsa")
+        def keyProvider = passphrase != null ? client.loadKeys("src/itest/resources/keyfiles/$key", passphrase) : client.loadKeys("src/itest/resources/keyfiles/$key")
+        client.authPublickey(USERNAME, keyProvider)
 
         then:
         client.isAuthenticated()
+
+        where:
+        key | passphrase
+//        "id_ecdsa_nistp256" | null // TODO: Need to improve PKCS8 key support.
+        "id_ecdsa_opensshv1" | null
+        "id_ed25519_opensshv1" | null
+        "id_ed25519_opensshv1_aes256cbc.pem" | "foobar"
+        "id_ed25519_opensshv1_protected" | "sshjtest"
+        "id_rsa" | null
+        "id_rsa_opensshv1" | null
+        "id_ecdsa_nistp384_opensshv1" | null
+        "id_ecdsa_nistp521_opensshv1" | null
     }
 
    def "should not authenticate with wrong key"() {
@@ -62,7 +86,7 @@ class IntegrationSpec extends IntegrationBaseSpec {
         SSHClient client = getConnectedClient()
 
         when:
-        client.authPublickey("sshj", "src/test/resources/id_dsa")
+        client.authPublickey("sshj", "src/itest/resources/keyfiles/id_unknown_key")
 
         then:
         thrown(UserAuthException.class)

src/itest/groovy/com/hierynomus/sshj/signature/KeyWithCertificateSpec.groovy

@@ -0,0 +1,115 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts
+import spock.lang.Unroll
+
+import java.nio.file.Files
+import java.util.stream.Collectors
+
+/**
+ * This is a brief test for verifying connection to a server using keys with certificates.
+ *
+ * Also, take a look at the unit test {@link net.schmizz.sshj.transport.verification.KeyWithCertificateUnitSpec}.
+ */
+class KeyWithCertificateSpec extends IntegrationBaseSpec {
+
+    @Unroll
+    def "authorising with a signed public key #keyName"() {
+        given:
+        def client = getConnectedClient()
+
+        when:
+        client.authPublickey(USERNAME, "src/itest/resources/keyfiles/certificates/$keyName")
+
+        then:
+        client.authenticated
+
+        where:
+        keyName << [
+                "id_ecdsa_256_pem_signed_by_ecdsa",
+                "id_ecdsa_256_rfc4716_signed_by_ecdsa",
+                "id_ecdsa_256_pem_signed_by_ed25519",
+                "id_ecdsa_256_rfc4716_signed_by_ed25519",
+                "id_ecdsa_256_pem_signed_by_rsa",
+                "id_ecdsa_256_rfc4716_signed_by_rsa",
+                "id_ecdsa_384_pem_signed_by_ecdsa",
+                "id_ecdsa_384_rfc4716_signed_by_ecdsa",
+                "id_ecdsa_384_pem_signed_by_ed25519",
+                "id_ecdsa_384_rfc4716_signed_by_ed25519",
+                "id_ecdsa_384_pem_signed_by_rsa",
+                "id_ecdsa_384_rfc4716_signed_by_rsa",
+                "id_ecdsa_521_pem_signed_by_ecdsa",
+                "id_ecdsa_521_rfc4716_signed_by_ecdsa",
+                "id_ecdsa_521_pem_signed_by_ed25519",
+                "id_ecdsa_521_rfc4716_signed_by_ed25519",
+                "id_ecdsa_521_pem_signed_by_rsa",
+                "id_ecdsa_521_rfc4716_signed_by_rsa",
+                "id_rsa_2048_pem_signed_by_ecdsa",
+                "id_rsa_2048_rfc4716_signed_by_ecdsa",
+                "id_rsa_2048_pem_signed_by_ed25519",
+                "id_rsa_2048_rfc4716_signed_by_ed25519",
+                "id_rsa_2048_pem_signed_by_rsa",
+                "id_rsa_2048_rfc4716_signed_by_rsa",
+                "id_ed25519_384_rfc4716_signed_by_ecdsa",
+                "id_ed25519_384_rfc4716_signed_by_ed25519",
+                "id_ed25519_384_rfc4716_signed_by_rsa",
+        ]
+    }
+
+    @Unroll
+    def "accepting a signed host public key with type #hostKeyAlgo"() {
+        given:
+        File knownHosts = Files.createTempFile("known_hosts", "").toFile()
+        knownHosts.deleteOnExit()
+
+        and:
+        File caPubKey = new File("src/itest/resources/keyfiles/certificates/CA_rsa.pem.pub")
+        String knownHostsFileContents = "" +
+                "@cert-authority $SERVER_IP ${caPubKey.text}" +
+                "\n@cert-authority [$SERVER_IP]:$DOCKER_PORT ${caPubKey.text}"
+        knownHosts.write(knownHostsFileContents)
+
+        and:
+        def config = new DefaultConfig()
+        config.keyAlgorithms = config.keyAlgorithms.stream()
+                .filter { it.name == hostKeyAlgo }
+                .collect(Collectors.toList())
+        SSHClient sshClient = new SSHClient(config)
+        sshClient.addHostKeyVerifier(new OpenSSHKnownHosts(knownHosts))
+        sshClient.connect(SERVER_IP, DOCKER_PORT)
+
+        when:
+        sshClient.authPassword("sshj", "ultrapassword")
+
+        then:
+        sshClient.authenticated
+
+        and:
+        knownHosts.getText() == knownHostsFileContents
+
+        where:
+        hostKeyAlgo << [
+                "ecdsa-sha2-nistp256-cert-v01@openssh.com",
+                "ssh-ed25519-cert-v01@openssh.com",
+                "ssh-rsa-cert-v01@openssh.com",
+        ]
+    }
+}

src/itest/groovy/com/hierynomus/sshj/signature/RsaSignatureClientKeySpec.groovy

@@ -0,0 +1,34 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import net.schmizz.sshj.DefaultConfig
+import spock.lang.Unroll
+
+class RsaSignatureClientKeySpec extends IntegrationBaseSpec {
+    @Unroll
+    def "should correctly connect using publickey auth with RSA key with signature"() {
+        given:
+        def client = getConnectedClient(new DefaultConfig())
+
+        when:
+        client.authPublickey(USERNAME, "src/itest/resources/keyfiles/id_rsa2")
+
+        then:
+        client.authenticated
+    }
+}

src/itest/groovy/com/hierynomus/sshj/signature/SignatureSpec.groovy

@@ -0,0 +1,42 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import com.hierynomus.sshj.key.KeyAlgorithms
+import net.schmizz.sshj.DefaultConfig
+import spock.lang.Unroll
+
+class SignatureSpec extends IntegrationBaseSpec {
+
+    @Unroll
+    def "should correctly connect with #sig Signature"() {
+        given:
+        def cfg = new DefaultConfig()
+        cfg.setKeyAlgorithms(Collections.singletonList(sigFactory))
+        def client = getConnectedClient(cfg)
+
+        when:
+        client.authPublickey(USERNAME, KEYFILE)
+
+        then:
+        client.authenticated
+
+        where:
+        sigFactory << [KeyAlgorithms.SSHRSA(), KeyAlgorithms.RSASHA256(), KeyAlgorithms.RSASHA512()]
+        sig = sigFactory.name
+    }
+}

src/itest/groovy/com/hierynomus/sshj/transport/cipher/CipherSpec.groovy

@@ -0,0 +1,55 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.cipher
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import net.schmizz.sshj.DefaultConfig
+import spock.lang.Unroll
+
+class CipherSpec extends IntegrationBaseSpec {
+
+    @Unroll
+    def "should correctly connect with #cipher Cipher"() {
+        given:
+        def cfg = new DefaultConfig()
+        cfg.setCipherFactories(cipherFactory)
+        def client = getConnectedClient(cfg)
+
+        when:
+        client.authPublickey(USERNAME, KEYFILE)
+
+        then:
+        client.authenticated
+
+        cleanup:
+        client.disconnect()
+
+        where:
+        cipherFactory << [BlockCiphers.TripleDESCBC(),
+                          BlockCiphers.BlowfishCBC(),
+                          BlockCiphers.AES128CBC(),
+                          BlockCiphers.AES128CTR(),
+                          BlockCiphers.AES192CBC(),
+                          BlockCiphers.AES192CTR(),
+                          BlockCiphers.AES256CBC(),
+                          BlockCiphers.AES256CTR(),
+                          GcmCiphers.AES128GCM(),
+                          GcmCiphers.AES256GCM(),
+                          ChachaPolyCiphers.CHACHA_POLY_OPENSSH()]
+        cipher = cipherFactory.name
+    }
+
+}

src/itest/groovy/com/hierynomus/sshj/transport/kex/KexSpec.groovy

@@ -0,0 +1,61 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.kex
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import com.hierynomus.sshj.transport.mac.Macs
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.transport.kex.Curve25519DH
+import net.schmizz.sshj.transport.kex.Curve25519SHA256
+import net.schmizz.sshj.transport.kex.DH
+import net.schmizz.sshj.transport.kex.DHGexSHA1
+import net.schmizz.sshj.transport.kex.DHGexSHA256
+import net.schmizz.sshj.transport.kex.ECDH
+import net.schmizz.sshj.transport.kex.ECDHNistP
+import spock.lang.Unroll
+
+class KexSpec extends IntegrationBaseSpec {
+
+    @Unroll
+    def "should correctly connect with #kex Key Exchange"() {
+        given:
+        def cfg = new DefaultConfig()
+        cfg.setKeyExchangeFactories(kexFactory)
+        def client = getConnectedClient(cfg)
+
+        when:
+        client.authPublickey(USERNAME, KEYFILE)
+
+        then:
+        client.authenticated
+
+        where:
+        kexFactory << [DHGroups.Group1SHA1(),
+                       DHGroups.Group14SHA1(),
+                       DHGroups.Group14SHA256(),
+                       DHGroups.Group16SHA512(),
+                       DHGroups.Group18SHA512(),
+                       new DHGexSHA1.Factory(),
+                       new DHGexSHA256.Factory(),
+                       new Curve25519SHA256.Factory(),
+                       new Curve25519SHA256.FactoryLibSsh(),
+                       new ECDHNistP.Factory256(),
+                       new ECDHNistP.Factory384(),
+                       new ECDHNistP.Factory521()]
+        kex = kexFactory.name
+    }
+
+}

src/itest/groovy/com/hierynomus/sshj/transport/mac/MacSpec.groovy

@@ -0,0 +1,65 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.mac
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import net.schmizz.sshj.DefaultConfig
+import spock.lang.Unroll
+
+class MacSpec extends IntegrationBaseSpec {
+
+    @Unroll
+    def "should correctly connect with #mac MAC"() {
+        given:
+        def cfg = new DefaultConfig()
+        cfg.setMACFactories(macFactory)
+        def client = getConnectedClient(cfg)
+
+        when:
+        client.authPublickey(USERNAME, KEYFILE)
+
+        then:
+        client.authenticated
+
+        cleanup:
+        client.disconnect()
+
+        where:
+        macFactory << [Macs.HMACRIPEMD160(), Macs.HMACRIPEMD160OpenSsh(), Macs.HMACSHA2256(), Macs.HMACSHA2512()]
+        mac = macFactory.name
+    }
+
+    @Unroll
+    def "should correctly connect with Encrypt-Then-Mac #mac MAC"() {
+        given:
+        def cfg = new DefaultConfig()
+        cfg.setMACFactories(macFactory)
+        def client = getConnectedClient(cfg)
+
+        when:
+        client.authPublickey(USERNAME, KEYFILE)
+
+        then:
+        client.authenticated
+
+        cleanup:
+        client.disconnect()
+
+        where:
+        macFactory << [Macs.HMACRIPEMD160Etm(), Macs.HMACSHA2256Etm(), Macs.HMACSHA2512Etm()]
+        mac = macFactory.name
+    }
+}

src/itest/resources/keyfiles/certificates/CA_ecdsa.pem

@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurL
+m6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAqP36PXj9+j
+14AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9Lpyp
+MH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEF
+IAAAAhAJoGc1L5zMmeORPDxMFTzo47oot8ao0BziAm3NU5ExxOAAAADENBX2VjZHNhLnBl
+bQECAw==
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/CA_ecdsa.pem.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFI= CA_ecdsa.pem

src/itest/resources/keyfiles/certificates/CA_ed25519.pem

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAJhnCXFqZwlx
+agAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hw
+AAAEBHofpGRYy15jvyiJrPuijusTXmM6bQs6fgegqljUzqwjphrlRZfHI2xJ7IIqmoLji2
+Bh2j7ZP0jynCL0TnjTuHAAAADkNBX2VkMjU1MTkucGVtAQIDBAUGBw==
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/CA_ed25519.pem.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuH CA_ed25519.pem

src/itest/resources/keyfiles/certificates/CA_rsa.pem

@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksN
+UKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUN
+WHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFH
+aLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPP
+GXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+
+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IF
+zLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuR
+TAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAAFgHGJKn5xiSp+AAAAB3NzaC1yc2
+EAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGC
+dqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK
+8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw
+1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWI
+LhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2r
+yUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYq
+DvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzp
+jI2xwC8ecQF9jeFGBcooa86OO65oPQAAAAMBAAEAAAGAc0imd8v9y4rW1ho/9Nd0fRXncS
+lbXpCioWH+KsVXS52FesKOLRvXGntT2SdqYCHXNqt2vZjh6H76AaKNbNt7nnHEw6ckVBeB
+4tbq2q4NOCDm0nDLWLRNzq6XuXfzPxYwiZTOlu4m7OxTBaokDhoR7EixBlMJ1Brv3pqjOf
+SmKsXOMUgZZGlRFTGNU9eY+UCZUC+Fmb6mJumFD2hM9QpkFT3H1PNHffGhpClVDni/axz5
+3nqZ9OlDS2B18DrdE1GoWhxvnX2nOpKZ+dSKAflyczQI9qOx0FczRuTmnjPz9jYLzTKPfi
+Pw9vkUxNiyJSkYgPMWODDwXCz0frv0n5ZUQvFrtQVjls+fHdoj3qnRYFAvgPgT8LLWE+SD
+SEvWXob6tldI9tTL4Ymx/9FsI5mvcGDhMQtK0YX1mwFBIUq3CRQD6CMd6oDcK1rpn7cQ2z
+AdI+MUdoTjDTr+sIr7ijcLvz1l/PHrFpmb5OCKr0HkVhfQHu8z1Est1ZL4ioQ1Y1ABAAAA
+wF07au4kjHZueAR+MSmD0uBzdZneq/2l5IXEtl4eC5gs2pNpkd4zoa1NhvimFqk2xgAN96
+k6sUXW/sJT+D/AC6heOC/DRUuemHcSyOpSosmGVf56WzC5eDXzrqNbyb6UEA/XshSW3lR5
+VZBO/gVMv0I5qWdTcvDbgAa6mi/gzRkZ6MqJ+zzaXyfz/W6wVD7v2PJAZB9GhNDTpA2UOC
+T3Z1Lk8i4hLX6r18AwYnh7f26LI5ZAMNv2kT98J5qZIV0ntwAAAMEA79Md+2SofgHcurgn
+O3xfH5EgLemF6X/KQTRojuVzlUiId2koMVk1iCv/a5wDqPwvU0kWJtd9RIzm+DeOzTlBwL
+49U3PSr0A4XFwU4Z6/9TlNFpqDbGIiPfFmnhwgi4iOtIHSUm/OdmX4ys0meDERDMCq1g0C
+rTLy9MtpUTv6oiAYLCk6N3lz7059R9394BQR2VoMoyvVmpbwReVqzx7HHb4i/YgdqiaSae
+NUyGv1/G5g0Lko+hFb+rZnCtTREHsdAAAAwQDX9p5+cXsLJygzppmK7yXalBmm0nWmnTnX
+faLp7qPOBxBsOCVno3Ud2BGNodcMkJPG9V8t1jnfFoEyAvq7eJxXCN3s1ACZDAXXp8dtWE
+1lUzZyX6uERljp2jXACpK2v3wBDNjoTr8GuQzJTi0U77YZ2iMs9HjDJFytAZjyl1dTZL5v
+jwTOZx17YQb0qfzAtkKQwxb8o54TK+p7yv8/vZb86WC+qtNsOrQAbhcyNhSeNBQz18oBwX
+tMsqKBf4Eo96EAAAAKQ0FfcnNhLnBlbQE=
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/CA_rsa.pem.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0= CA_rsa.pem

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIfJPrGJGZ7jWfxLWoA4DLK4UX8xeKPZBhpRW8Lf6+C3oAoGCCqGSM49
+AwEHoUQDQgAE5Hdnjy/w72a9P3sSQd57DJayX9m75p1N/W1mh3IDIrI6xIOVeu6g
+w0KbBSExvjsS6TrtJPgGo9XTFp2LcQBDkw==
+-----END EC PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgpQb0g0drrzK2coGjm7xOG0FeIl5pqEoNhbY9VbmEJzsAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5MAAAAAAAAAAAAAAAEAAAAgaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWNkc2EAAAAIAAAABHNzaGoAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAhAPdi7qLZdHYtpNiaQlzT+p//KduiWy3B4o3g+8qmTrywAAAAIGrPimSBL8JTI0YuRzS54Vg90r52aTkRmtOKBXkd7mbx id_ecdsa_256_pem_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5M= id_ecdsa_256_pem_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgl67ZVJD8No6A02obFMo6hs8Ldt14DeO6b58RWpAiPycAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5MAAAAAAAAAAAAAAAIAAAAgaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIFO6PcSIVKhcnYZRRLes2qPZMpq7P+UDW20vYQn9aQltAAAAIQC877vpE4EbsJuyymmw/T7NsjmVcQnH/U6WjwZCODxI1g== id_ecdsa_256_pem_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFEVp4a/QxSG2pwM8l2yK17tTC3f98FOd4NAUECN0jZcoAoGCCqGSM49
+AwEHoUQDQgAEfz2MGBoHybmWH1pCMKn0u7sLeyDiH5HedZGmQFniDZSUHJErbpaA
+pRhnoR12OHyNpblTd3UhpOJl76tp/2Ht+A==
+-----END EC PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgjgBeNTL1MzUsswy1BYjpiftZ9C9PEGvM6vngt6hJL/EAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fgAAAAAAAAAAAAAAAEAAAAiaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAAgAAAAEc3NoagAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAFMAAAALc3NoLWVkMjU1MTkAAABAfg65fi6me4HL37NLoLi+9NeAZFHPfS5PfNLbx5ZAvA/wOrV//NlFMiiJ6lAuTLQtQU8WMESDZbf7diSDQI34BQ== id_ecdsa_256_pem_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fg= id_ecdsa_256_pem_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgAfBLm5SO2/sG021RdO4S+q1AVpdahAz3jx3XIBMX/DcAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fgAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQD/r1H8JDNXac/XsQr5pxLKAa2EkBtitlyjQlAWX3UlBdm00r9NfcNa0qOhYEAITA2ipM0Kox43KzkSIB9N8yw4= id_ecdsa_256_pem_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOzGWqHfgD0W/1E3lozWoK0EGi/fh07uw1YR9K3y/EA/oAoGCCqGSM49
+AwEHoUQDQgAECRvqxweOpIpe/gX/0htrI+ZH0gqPT9YYxrIrGJKGJ4X3g24tqyI/
+VAJGyJ3e/bAE1Mnlm4EAN08cokWUOF+wOg==
+-----END EC PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb79Hsx9T9VAh4/hyezWkS4le/m0+YLq9sUXAme7QiRQAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDoAAAAAAAAAAAAAAAEAAAAeaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfcnNhAAAACAAAAARzc2hqAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYCLm55D5nwIJNNCPidXas09UpeBc7FO5SBNq2rzOWeFkLcqfEq6uYJvX5/Va/zq9TCW+m1lQrVsqZVa3Ks4lKz44IBzyqBBpWcfgqNcXOc7wltSW8tfIsmQvSMODMn+bKSQzMWPSt3gjgHFylL4iNbCVSpHmPL3UjhUJurJrtIhTyYtZD6AVZvRS7J07eOTWIl0dx2txJ2xn2fRSx9jkpPDPsuHVB/scE5lm2cqFT5UMe3TVo4jSy6yMqnp+iIThMydsTsq8dFzg8PMFQdCD6MK+zjOPTnKW9wYCuQkjN8/9Ln6imWcpkYNGQsBJiPb1qMUxPzrUnUYMXvjUpzjBiiFaugshmuLFSKxEDSWkjHw6TGAagylOH7vItcptULNmcBrq2gDbI/Pl71aFVFjooOnjeWSmLoAcEIT+2K2e8YMOcC1eBCltVo9hhnfzRLrnV0ss1NI0cP9m0uBri7O77+NPA+TrMMTybe4x3gMzHobEKDrZlyNwJfHUA+vdzCJNQ4= id_ecdsa_256_pem_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDo= id_ecdsa_256_pem_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg39MCdE+TdsgibyL9pdV+Oip06sFgPj7Lldoa8Mdrr6EAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDoAAAAAAAAAAAAAAAIAAAAeaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAu9U1TrUpxb5Iq1/3i5gvgiUk+Pr8ckCJ1X2v2g0wJF1iDRgt1ynL5o842Va0dND8r/tlYuXiXDY+nVK3P5e+Qdyq7ORbbibqDfJXpXN3WRCY4IjXzAWBUh2h8ywDTBgpbvBdcv0ITOF8V9w8LwCzFMqAEAf9ZvxqNA33qJjUXpP/XFwrkK81VJo4XNPXFf5NXRrUn7nDDU2QMyzfLYJwErNVV8iw/U/cef9ens1M15IX8yrMJxCQb7JQkvKeUPrs6ALa4lgvMISl1/jDEQ4nCw0YrXC9rWOTr71HS7SZrw3KLJQYyQNGBjqc4n4BqhPUYf9ac+w1trKBMtw0tFKjVEzsjg6dpYMr5cIon6Gm1N9GWV6pRcghkDoC3qbSUDbvqFWUOt9HAuiFUpye4BxP/W52PM63xVJhkOQ0DpQbCM2W7KWj6E/KjHlFeoTPzy3GmG3KBUrl1nQK5HSriuINyLZAq6Q8AUhekG8Td52rucU9WYfz1W6J7XrdEy73jsVT id_ecdsa_256_pem_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa

@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSg88EiIHWvzomLE8ahdjrqE0iZnrCZ
+5bBy1uZj/QiOvJcyWeV8G7nTmyGhDSzE2BVZNmK7tjK1h7QKCcn7gLZqAAAAwEc6tF1HOr
+RdAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsT
+xqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtm
+oAAAAhAN2usDXl6owiRjz99e5lTmsGwFY1qtPlDBP+G4d4pBbhAAAAJGlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9lY2RzYQECAw==
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgpwwYrqrCZSI5imMxVTHnzFZSDW3NvYfLaFMiKCvegaAAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmoAAAAAAAAAAAAAAAEAAAAkaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAACAAAAARzc2hqAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIQD7GTHsM19ZtnntVYvFz3dJZZh5ZyJz2OeNPbUTEtBTiQAAACA1Zanogf6uUgFnjNS1KwOhSUqzKwtQ+Db7c6DV2HFN8g== id_ecdsa_256_rfc4716_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmo= id_ecdsa_256_rfc4716_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg0cIXSpmbkGXAqBI2MfH9tpCITWA28bvcPogKDHk2+aUAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmoAAAAAAAAAAAAAAAIAAAAkaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAZQAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASgAAACEAm95yiB9YDmtQJR1Eqeg9Di5GAu0BmbIIVQXKqAmbNgkAAAAhAOCYC23uX7C1wSo4uHcDnIkN1fwjTkrmzryLbGQvI10R id_ecdsa_256_rfc4716_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519

@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSSlaBbx7IhGpFNz0AJjNS9ltz3Pt+7
+qI5PPwRJKq5qIdJiejYjE4G4/kHSacJXYj9AsmSIkWq8blhW099x+MmiAAAAwNnay43Z2s
+uNAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3P
+QAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4ya
+IAAAAhAIAiz2os7YuPnqIHiRnHhQjcnm2y/D8WJ35paiWs1RVGAAAAJmlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9lZDI1NTE5AQ==
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg8EviOh4kJ/RDObpq9OJjY1v55378bby2aNotrPon6XsAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3PQAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4yaIAAAAAAAAAAAAAAAEAAAAmaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAAIAAAABHNzaGoAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQOlUU8WMaF/szvw9K79abfnTNCLr1k6QZyQnbZR8d1hW5+TlhI6020enha0TApG6zwLPuQ28LZstnpSpKehoYwo= id_ecdsa_256_rfc4716_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3PQAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4yaI= id_ecdsa_256_rfc4716_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgrJTOkSNe36/l/T13/eKF59eow8nik6PMBXKDJc52ODwAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3PQAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4yaIAAAAAAAAAAAAAAAIAAAAmaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuHAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECrlWp1E6MWq80NGW5i4gpWH/hKwEJlsoKMokLUi1GilQuMaS0FPrFl4XJR44fCZKKuugaoouL8zxUgficeVOYM id_ecdsa_256_rfc4716_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa

@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQR1fMdT7FYIpIo+4hhd5oOgHk6uW79B
+HVscKp83yPhFylnG4NtpF7anAWTcpl5aB9eJVWTCP5KVvlVLVkxUSRDwAAAAwITPM06Ezz
+NOAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7i
+GF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEP
+AAAAAhAP21AnkkpifUJgiBSYk7YhOfcwC4VfMB3n+BBln73VnmAAAAImlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9yc2EBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg1VzZYeBstzrnExtKXoHjWcKOPy0he5FfNQfyJop5fWoAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAEAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAAgAAAAEc3NoagAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGABeiDaBt62xlJ7H5/ek8KPwqfhhyKV1+w9PLSchd8Y5KyK25iTtYO/SNAeuiJuSCZGk4NgJ+FzEHmvbpYtF57kvHUddQ3+0jJIvjQev1RDwLDkuCiDtzYCgtSGW2K7KXPpap4PrShDfmlt/VUN5Dt2ELi2f0hekSS638et3NnaF8SGpLhdU5IiV5jXbYH/7sdUDT4hxIwb7FnZzL8Zt1TtMRz8NtSlIhTDVA6BRNiVunkHYkvqIpA1Rd4/zD2udWV8CZTyW+TL3ULJU94pk8Bm19X9JGNbSA/7VvVOQiBqk+eIgc4kXl7Gyp6IbtNODkJ8yN3CrwiO5k0nCTVC0STHKcPexVulqWWlwQgLD8GppNHzyW0mvdjx5oLdpMH9octCUIXfdF/lW1wH1FgEIa9NUQXX3C+FkhFD46IgOK+mmk6YR9np1a0QqXnGcQnjjjxeVtEiG91ywz9i09MvYRAsslkpB8+ce8xylq+dkie8ppkkeGqChu5jF4mYDq1iGzS id_ecdsa_256_rfc4716_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPA= id_ecdsa_256_rfc4716_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQgbM6lYD+Yx1aendIKHYuKthkIN0WhvPdMA0DbC/QmEAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgAOa69XTj4yOPjKtN5Few84Y2qj4p/4RK9yiAjWWxbMQv+dlLzEH/wtj6p1SeDJozFssVfyH2ODFGY9Dct3K4SbLA1b8LfM6vaf1bUxdQz7njsQ40KpcJu662hMOkj9AKTQgpVUVgJJOQuLrIbyfjKClaqt2W6ziH2eLn7wPsZ6HGhQMALQVmebzgFepnwCve9wgX1HNOfuAYYVQwFXddi/xQ4BIVmsH6E3DcUUzjtZZaG063CddPYOW2Ea1efWqHu20FRWqsMnwbL6Hr9JkjKv/Iub8mgLMP1bhbMEblb+tQ+y9RRvPwjT89tKljc7hXvBxpHA4c4ZlnTidsjqPHVeARCt5LV4lES7HWEZ+kFIkGndNLYXOUnxgk6iSLLHVVZUCZPbUiZbSJdoj7r7LGiz4KA7mnqQQGU2jWxSI2drD5T6SW0TFspzjX4dPnJyzFpe02Fl+NvblUUHsnPTHdsRexHRNfqkQhKIO4i8AM8U02nU/uBmXFPb9ANbLcq+Npw== id_ecdsa_256_rfc4716_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa

@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDDnWxfGM8iNcn6VgKlVmVdrMm6KbhlGYnH0G2XNpwJhQsvnDsoL4N8M
+ojKTfWH1U7ugBwYFK4EEACKhZANiAASrxIDF2kzXSeiwRWVA9sEJf8/SB05JFK+g
+e6KBOr/tvv6EISb8wVMmkAGUb5oLL6EgaZ9d1q6w3pThW2dC4bQyP7B1W4TaKZCR
+wF8EH+zvOP6QROzxFbXzCAiCjcvbcB0=
+-----END EC PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgr2RJOHA5xgXoG2b1eRDnXKgzD+BsxXrqiWI8GxlHMGMAAAAIbmlzdHAzODQAAABhBKvEgMXaTNdJ6LBFZUD2wQl/z9IHTkkUr6B7ooE6v+2+/oQhJvzBUyaQAZRvmgsvoSBpn13WrrDelOFbZ0LhtDI/sHVbhNopkJHAXwQf7O84/pBE7PEVtfMICIKNy9twHQAAAAAAAAAAAAAAAQAAACBpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lY2RzYQAAAAgAAAAEc3NoagAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAZAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASQAAACEAvkclDQy9KSmNbS/jteikatmEbSfmO7/FaXcS5+in8wIAAAAgdcjFIdh7/xAVIN52V77vzWrgKNwVEa2Vbtjnkg1KUr8= id_ecdsa_384_pem_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKvEgMXaTNdJ6LBFZUD2wQl/z9IHTkkUr6B7ooE6v+2+/oQhJvzBUyaQAZRvmgsvoSBpn13WrrDelOFbZ0LhtDI/sHVbhNopkJHAXwQf7O84/pBE7PEVtfMICIKNy9twHQ== id_ecdsa_384_pem_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgY2OzNmZOc/vZIZBQFWEORqvMf/oHPrX+yxHKqhAZ28cAAAAIbmlzdHAzODQAAABhBKvEgMXaTNdJ6LBFZUD2wQl/z9IHTkkUr6B7ooE6v+2+/oQhJvzBUyaQAZRvmgsvoSBpn13WrrDelOFbZ0LhtDI/sHVbhNopkJHAXwQf7O84/pBE7PEVtfMICIKNy9twHQAAAAAAAAAAAAAAAgAAACBpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lY2RzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAgMqxtjTDkl14nj/EpXUdqoheSYN6nNsH6J4ZedLti6AcAAAAhAIkJoGGFMb0sTPfmWEa7Dd0GIZYz6jhV+P34XT5krXcB id_ecdsa_384_pem_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519

@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDDZCyYToDyuqStWrDnO7bb4vaydvcGaMM69jQGMhpH38ygRQW9fE9E4
+/dlQ0u3IizGgBwYFK4EEACKhZANiAATiQceFLd2USzUJ4HB1NmleM2hJQBJ3lnur
+w+LrGKHR2xwl8wZePhtvVpCVndf0GLmbeTTciDSA2oAaIL63AzwgnGWuSCmQdTyV
+IzYbfw6eCPi4hGc8cKS8ZHQS2OK8avE=
+-----END EC PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb8WjV0yI6r7nIUsMSdoXVEd6NTlrRo+EFYMY4Wc8YyYAAAAIbmlzdHAzODQAAABhBOJBx4Ut3ZRLNQngcHU2aV4zaElAEneWe6vD4usYodHbHCXzBl4+G29WkJWd1/QYuZt5NNyINIDagBogvrcDPCCcZa5IKZB1PJUjNht/Dp4I+LiEZzxwpLxkdBLY4rxq8QAAAAAAAAAAAAAAAQAAACJpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lZDI1NTE5AAAACAAAAARzc2hqAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuHAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEC87hSbGcEMRKetxHJrJ71A9U1CHBh6TyizBbnJWzVm3va+R0ohO4TW5tZn83Cw+B2qL+GTGJ6j8tm1U3Cu0MMK id_ecdsa_384_pem_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOJBx4Ut3ZRLNQngcHU2aV4zaElAEneWe6vD4usYodHbHCXzBl4+G29WkJWd1/QYuZt5NNyINIDagBogvrcDPCCcZa5IKZB1PJUjNht/Dp4I+LiEZzxwpLxkdBLY4rxq8Q== id_ecdsa_384_pem_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgGZiVJml5jUGLWIzSqiJPuIHQlllgL0ACSFDfHcI/KyQAAAAIbmlzdHAzODQAAABhBOJBx4Ut3ZRLNQngcHU2aV4zaElAEneWe6vD4usYodHbHCXzBl4+G29WkJWd1/QYuZt5NNyINIDagBogvrcDPCCcZa5IKZB1PJUjNht/Dp4I+LiEZzxwpLxkdBLY4rxq8QAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lZDI1NTE5AAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAFMAAAALc3NoLWVkMjU1MTkAAABAHyGchTk5zw6vfu+SdHdSz7p2Nb0gTnp2/DJ8I9oN1l4PQT2xnPOvPo0EiopxTFhu9gLmaBFBtb0Ld1KjseKADA== id_ecdsa_384_pem_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa

@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDAdedfKcsWfF/5F1gzur96bZm46418quWRbxqxL1C9V0xNfwsHgy1C/
+IqAul+nXkKugBwYFK4EEACKhZANiAAQ9VkGx/6Q2kYz3OECqYLThHFvy7ErXl1Pc
+yIxCFZAqXf1mj3656pdc7vxtDXMeWC9mHyhA7c18YbJGnPDgEeQq+8DIOgmIdTbj
+garD0mxCwrX9Rdki2xhFhuHex6JmzdQ=
+-----END EC PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAghcwzqH5DN9fwc2z3PUGDVRBWNz8R/m07fxTWMCdVoKsAAAAIbmlzdHAzODQAAABhBD1WQbH/pDaRjPc4QKpgtOEcW/LsSteXU9zIjEIVkCpd/WaPfrnql1zu/G0Ncx5YL2YfKEDtzXxhskac8OAR5Cr7wMg6CYh1NuOBqsPSbELCtf1F2SLbGEWG4d7HombN1AAAAAAAAAAAAAAAAQAAAB5pZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9yc2EAAAAIAAAABHNzaGoAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgIMLYvfexE8s6eMYNOgqKOceG0uAKDUWT7aHXVA2q4jkTvMCQLck7k+hc1np8Gwwfaehn7zesLjOx9GzeN8MlFt1l07wRhqqDdpJNpcc4L7JAajJeaXn71dHkTqPuEeclyPE1LUZyanX0Y2fg8WnNt7+giZr3T9n3PahVA7dannqPwhKg/bFBMjF16WixLXOXuJFGkiKeha/9JS9t6ihVritTOOui09xJKIBCB8apx7TgAKlCGynVxwxZi02/dPRoZruBZ4wpw66UQvX/HYtz/cI7kU6lMpRAJdBFnHhgEgGGS6Y91JBXxde3VGuHKxe8+TwAWhD++WWukQPSfGp9YYuyFNqqQXNmpgpnuCxiBjSBpGYo76N7+HRKG7R4xS4fnD4ZDspY/JapHVTng0hYS7fa2Nw3hnz+mbFHDfkw8L2S+8VWxbXh2LqJo1+KmQN4O9SFUzwbLqxJ3DOnYAZe8I43WAjyxcafBeUGWI5Q2FdMVPm/2/L3B+M6cDL2RBiow== id_ecdsa_384_pem_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBD1WQbH/pDaRjPc4QKpgtOEcW/LsSteXU9zIjEIVkCpd/WaPfrnql1zu/G0Ncx5YL2YfKEDtzXxhskac8OAR5Cr7wMg6CYh1NuOBqsPSbELCtf1F2SLbGEWG4d7HombN1A== id_ecdsa_384_pem_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgjKDNUKzzdplM18CnnurEHP8+6IXdamkGh9Ph41DBJTgAAAAIbmlzdHAzODQAAABhBD1WQbH/pDaRjPc4QKpgtOEcW/LsSteXU9zIjEIVkCpd/WaPfrnql1zu/G0Ncx5YL2YfKEDtzXxhskac8OAR5Cr7wMg6CYh1NuOBqsPSbELCtf1F2SLbGEWG4d7HombN1AAAAAAAAAAAAAAAAgAAAB5pZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9yc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYBXT6blHmMNsbfVmpgXmtpqadS7GZAaGoI5QGuKBS6RheUfvDsMUGnyR87wsfZ2NP6AsFYMDMksqYR4VTiPiUUdA/owXUnOMlyUIYJ2viQaa7b4PPFtfLV5w8UicYzmASITd0OF4vXRjk6CMKjtABfU9pVuStHseTV6vYU2QVsQDWqTlkjYSNitkMY/bIBGihaUNi/6vh8sdfZYpRURx93lHJYPNwJ4NJCG7UZ+bzIoPw2RuF1RgZ+ttD7h7W5nb2sGkDTUqny3oLHBW9ojMhYl8Y3GKRdBpmnaWRsOF5a6ieH3WlICyHh2q8JPc0cJXKbUmkkiqt034nHbdM5Vb+qQekhTLK4FW0tgkrv2THGQF5WXxOHCXQwBQrYgYR/tBPkR7R6rqJOGnlBKGW7Sl1CZ4Steb88apE6P7Y4n1BDmNzNCfJcPHn/aAgCRoofoXS97i2H9o0Umo/CKPbaj4yRl4rJMhmlY+FKNOwPufG0B+fz8v6iPQc7CzbSVsM4JOF4= id_ecdsa_384_pem_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa

@@ -0,0 +1,11 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
+1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQS7JvG0Vr/U8brHqHOQe4l9gBdazldM
+8ZppTyH0EGjtUgKatub3vcr/rpukinfh9fnL7Ph3YZKfFRdw8OJCnJo+EJTIJu+h8FxAWC
+eqUGMin8LXt3yL0Zpif5PHcissX+0AAADwtCIqsLQiKrAAAAATZWNkc2Etc2hhMi1uaXN0
+cDM4NAAAAAhuaXN0cDM4NAAAAGEEuybxtFa/1PG6x6hzkHuJfYAXWs5XTPGaaU8h9BBo7V
+ICmrbm973K/66bpIp34fX5y+z4d2GSnxUXcPDiQpyaPhCUyCbvofBcQFgnqlBjIp/C17d8
+i9GaYn+Tx3IrLF/tAAAAMDwGOEg1iXgSGS864iNun6n5wkMbfT8LZ5EaZd8XeWPkjy45PR
+7Hc4S8fTCw+GTyEwAAACRpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWNkc2EB
+AgME
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgssI6EKmd7wvszzF8rlFY9ebU3MofrsEyuYBgD+MHDJsAAAAIbmlzdHAzODQAAABhBLsm8bRWv9Txuseoc5B7iX2AF1rOV0zxmmlPIfQQaO1SApq25ve9yv+um6SKd+H1+cvs+Hdhkp8VF3Dw4kKcmj4QlMgm76HwXEBYJ6pQYyKfwte3fIvRmmJ/k8dyKyxf7QAAAAAAAAAAAAAAAQAAACRpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWNkc2EAAAAIAAAABHNzaGoAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAgF+DGUfUifzZ1QBAJQ4Llw+kvJoARXhFBJjMqorNkDCkAAAAhAKZeVbDSSKp1sQ/StAgRcITPrZUWpHnRJCHjv5ZloSx3 id_ecdsa_384_rfc4716_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLsm8bRWv9Txuseoc5B7iX2AF1rOV0zxmmlPIfQQaO1SApq25ve9yv+um6SKd+H1+cvs+Hdhkp8VF3Dw4kKcmj4QlMgm76HwXEBYJ6pQYyKfwte3fIvRmmJ/k8dyKyxf7Q== id_ecdsa_384_rfc4716_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgIH2g9NXosXkqoj6f7eNLPk98Uh6MUmUhZ19LCxlzWa8AAAAIbmlzdHAzODQAAABhBLsm8bRWv9Txuseoc5B7iX2AF1rOV0zxmmlPIfQQaO1SApq25ve9yv+um6SKd+H1+cvs+Hdhkp8VF3Dw4kKcmj4QlMgm76HwXEBYJ6pQYyKfwte3fIvRmmJ/k8dyKyxf7QAAAAAAAAAAAAAAAgAAACRpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIAZvilKjdWVhv2A5epyRnl+SCniqMwsMCuOLLyMs1a6ZAAAAIQCZOSTiBbGXkOpfKAGMbwI/CuhzAJ7mEck2tUGy4Q1H/w== id_ecdsa_384_rfc4716_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ed25519

@@ -0,0 +1,11 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
+1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQR+NU+JUc7LuUUMXRsTTJy55ZfwFqi9
+v31KZJwklOFk2I2O838/jd2AsO+j/WWecHUaqDBUsNUMt4fJWHqNx1W8GlCgdBOfp4bjIj
+QuqOlGV7aMo13sDX/KJFHt0X+0hWYAAADwTX3uO0197jsAAAATZWNkc2Etc2hhMi1uaXN0
+cDM4NAAAAAhuaXN0cDM4NAAAAGEEfjVPiVHOy7lFDF0bE0ycueWX8Baovb99SmScJJThZN
+iNjvN/P43dgLDvo/1lnnB1GqgwVLDVDLeHyVh6jcdVvBpQoHQTn6eG4yI0LqjpRle2jKNd
+7A1/yiRR7dF/tIVmAAAAMQD57EjJEhWAGHI9Cf2HvW5aIocHbGj9Mj5s3XYNQa9mXL3Qc2
+OLT/pjo4Yiv2EXgX4AAAAmaWRfZWNkc2FfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1
+MTkB
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ed25519-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgtgzqjt7jwFEJqxqAXq8StvTw8vKcv4AV5Yq16Pjc5MwAAAAIbmlzdHAzODQAAABhBH41T4lRzsu5RQxdGxNMnLnll/AWqL2/fUpknCSU4WTYjY7zfz+N3YCw76P9ZZ5wdRqoMFSw1Qy3h8lYeo3HVbwaUKB0E5+nhuMiNC6o6UZXtoyjXewNf8okUe3Rf7SFZgAAAAAAAAAAAAAAAQAAACZpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWQyNTUxOQAAAAgAAAAEc3NoagAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAFMAAAALc3NoLWVkMjU1MTkAAABATYYqx/R805KghJD19cESlP8L8NVhU8t8nLOxDMNsa0QRv6fAMxmYyP18v7HW0Jb4ZRdJzIxzlJyB6ZAzGRBNAQ== id_ecdsa_384_rfc4716_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ed25519.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBH41T4lRzsu5RQxdGxNMnLnll/AWqL2/fUpknCSU4WTYjY7zfz+N3YCw76P9ZZ5wdRqoMFSw1Qy3h8lYeo3HVbwaUKB0E5+nhuMiNC6o6UZXtoyjXewNf8okUe3Rf7SFZg== id_ecdsa_384_rfc4716_signed_by_ed25519