Retry authentication with all remaining auth methods after partial success

Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
Upgrade Gradle
2025-12-06 07:10:53 +03:00 · 2022-09-24 10:02:07 +02:00 · 2022-09-23 22:42:24 +02:00 · 2022-09-19 13:16:56 +02:00 · 2022-09-17 07:11:11 +02:00 · 2022-09-16 15:04:26 +02:00
369 changed files with 7846 additions and 2058 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1,2 @@
 *.bat text eol=crlf
+src/itest/docker-image/** eol=lf
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -24,19 +24,8 @@ jobs:
      run: chmod +x gradlew
    - name: Build with Gradle
      run: ./gradlew check
-  # java10:
-  #   name: Build with Java 10
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #   - uses: actions/checkout@v2
-  #   - name: Set up JDK 10
-  #     uses: actions/setup-java@v1
-  #     with:
-  #       java-version: 10
-  #   - name: Grant execute permission for gradlew
-  #     run: chmod +x gradlew
-  #   - name: Build with Gradle
-  #     run: ./gradlew check -xanimalsnifferMain -xanimalsnifferTest
+    - name: Codecov
+      uses: codecov/codecov-action@v2

  integration:
    name: Integration test
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -0,0 +1,49 @@
+name: SSHJ Release
+
+on:
+  push:
+    tags:
+      - '*'
+
+permissions:
+  contents: write
+
+jobs:
+  java12:
+    name: Build with Java 12
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up JDK 12
+        uses: actions/setup-java@v1
+        with:
+          java-version: 12
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+      - name: Build with Gradle
+        run: ./gradlew check
+  release:
+    name: Release
+    needs: [java12]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-java@v1
+        with:
+          java-version: 12
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+      - name: Release
+        run: ./gradlew release -Prelease.disableChecks -Prelease.pushTagsOnly -Prelease.customUsername=${{ github.actor }} -Prelease.customPassword=${{ github.token }}
+        env:
+          ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNINGKEY }}
+          ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.SIGNINGKEYID }}
+          ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNINGPASSWORD }}
+          ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.OSSRH_USERNAME }}
+          ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.OSSRH_PASSWORD }}
+
+
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,6 @@ sshj.jar

 # MacOS X
 .DS_Store
+
+# VSCode
+.metals/
--- a/.java-version
+++ b/.java-version
@@ -1 +1 @@
-9
+11.0
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -0,0 +1,7 @@
+{
+    "java.checkstyle.configuration": "${workspaceFolder}/gradle/config/checkstyle/checkstyle.xml",
+    "files.watcherExclude": {
+        "**/target": true
+    },
+    "java.configuration.updateBuildConfiguration": "automatic"
+}
--- a/README.adoc
+++ b/README.adoc
@@ -1,12 +1,11 @@
 = sshj - SSHv2 library for Java
 Jeroen van Erp
 :sshj_groupid: com.hierynomus
-:sshj_version: 0.29.0
+:sshj_version: 0.32.0
 :source-highlighter: pygments

-image:https://api.bintray.com/packages/hierynomus/maven/sshj/images/download.svg[link="https://bintray.com/hierynomus/maven/sshj/_latestVersion"]
-image:https://travis-ci.org/hierynomus/sshj.svg?branch=master[link="https://travis-ci.org/hierynomus/sshj"]
-image:https://api.codacy.com/project/badge/Grade/14a0a316bb9149739b5ea26dbfa8da8a["Codacy code quality", link="https://www.codacy.com/app/jeroen_2/sshj?utm_source=github.com&utm_medium=referral&utm_content=hierynomus/sshj&utm_campaign=Badge_Grade"]
+image:https://github.com/hierynomus/sshj/actions/workflows/gradle.yml/badge.svg[link="https://github.com/hierynomus/sshj/actions/workflows/gradle.yml"]
+image:https://app.codacy.com/project/badge/Grade/2c8a5a67c6a54ed89c9a699fd6b27305["Codacy Grade", link="https://app.codacy.com/gh/hierynomus/sshj"]
 image:https://codecov.io/gh/hierynomus/sshj/branch/master/graph/badge.svg["codecov", link="https://codecov.io/gh/hierynomus/sshj"]
 image:http://www.javadoc.io/badge/com.hierynomus/sshj.svg?color=blue["JavaDocs", link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
 image:https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj/badge.svg["Maven Central",link="https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj"]
@@ -64,7 +63,7 @@ In the `examples` directory, there is a separate Maven project that shows how th
 Implementations / adapters for the following algorithms are included:

 ciphers::
-  `aes{128,192,256}-{cbc,ctr}`, `blowfish-{cbc,ctr}`, `3des-{cbc,ctr}`, `twofish{128,192,256}-{cbc,ctr}`, `twofish-cbc`, `serpent{128,192,256}-{cbc,ctr}`, `idea-{cbc,ctr}`, `cast128-{cbc,ctr}`, `arcfour`, `arcfour{128,256}`
+  `aes{128,192,256}-{cbc,ctr}`, `aes{128,256}-gcm@openssh.com`, `blowfish-{cbc,ctr}`, `chacha20-poly1305@openssh.com`, `3des-{cbc,ctr}`, `twofish{128,192,256}-{cbc,ctr}`, `twofish-cbc`, `serpent{128,192,256}-{cbc,ctr}`, `idea-{cbc,ctr}`, `cast128-{cbc,ctr}`, `arcfour`, `arcfour{128,256}`
  SSHJ also supports the following extended (non official) ciphers: `camellia{128,192,256}-{cbc,ctr}`, `camellia{128,192,256}-{cbc,ctr}@openssh.org`

 key exchange::
@@ -78,7 +77,7 @@ key exchange::
  `diffie-hellman-group16-sha256`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`

 signatures::
-  `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519`
+  `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519`, `ssh-rsa2-256`, `ssh-rsa2-512`

 mac::
  `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`, `hmac-ripemd160`, `hmac-ripemd160@openssh.com`
@@ -105,6 +104,71 @@ Issue tracker: https://github.com/hierynomus/sshj/issues
 Fork away!

 == Release history
+SSHJ 0.34.0 (2022-08-10)::
+* Merged https://github.com/hierynomus/sshj/pull/743[#743]: Use default client credentials for AuthGssApiWithMic
+* Merged https://github.com/hierynomus/sshj/pull/801[#801]: Restore thread interrupt status after catching InterruptedException
+* Merged https://github.com/hierynomus/sshj/pull/793[#793]: Merge PKCS5 and PKCS8 classes
+* Upgraded dependencies SLF4J (1.7.36) and Logback (1.2.11)
+* Merged https://github.com/hierynomus/sshj/pull/791[#791]: Update KeepAlive examples
+* Merged https://github.com/hierynomus/sshj/pull/775[#775]: Add SFTP resume support
+SSHJ 0.33.0 (2022-04-22)::
+* Upgraded dependencies BouncyCastle (1.70)
+* Merged https://github.com/hierynomus/sshj/pull/687[#687]: Correctly close connection when remote closes connection.
+* Merged https://github.com/hierynomus/sshj/pull/741[#741]: Add support for testcontainers in test setup to test more scenarios
+* Merged https://github.com/hierynomus/sshj/pull/733[#733]: Send correct key proposal if client knows CA key
+* Merged https://github.com/hierynomus/sshj/pull/746[#746]: Fix bug in reading Putty private key file with passphrase
+* Merged https://github.com/hierynomus/sshj/pull/742[#742]: Use Config.keyAlgorithms to determine rsa-sha2 support
+* Merged https://github.com/hierynomus/sshj/pull/754[#754]: Use SFTP protocol version to set FXP rename flags conditionally
+* Merged https://github.com/hierynomus/sshj/pull/752[#752]: Correctly start and terminate KeepAlive thread
+* Merged https://github.com/hierynomus/sshj/pull/753[#753]: Provide better thread names
+* Merged https://github.com/hierynomus/sshj/pull/724[#724]: Add parameter to limit read ahead length
+* Merged https://github.com/hierynomus/sshj/pull/763[#763]: Try all public key algorithms for a specific key type
+* Merged https://github.com/hierynomus/sshj/pull/756[#756]: Remove deprecated proxy connect methods
+* Merged https://github.com/hierynomus/sshj/pull/770[#770]: Add support for `ed25519` `aes-128-cbc` keys
+* Merged https://github.com/hierynomus/sshj/pull/773[#773]: Fix NPE when reading empty OpenSSHKeyV1KeyFile
+* Merged https://github.com/hierynomus/sshj/pull/777[#777]: Don't request too many read-ahead packets
+
+SSHJ 0.32.0 (2021-10-12)::
+* Send EOF on channel close (Fixes https://github.com/hierynomus/sshj/issues/143[#143], https://github.com/hierynomus/sshj/issues/496[#496], https://github.com/hierynomus/sshj/issues/553[#553], https://github.com/hierynomus/sshj/issues/554[#554])
+* Merged https://github.com/hierynomus/sshj/pull/726[#726]: Parse OpenSSH v1 keys with full CRT information present
+* Merged https://github.com/hierynomus/sshj/pull/721[#721]: Prefer known host key algorithm for host key verification
+* Merged https://github.com/hierynomus/sshj/pull/716[#716], https://github.com/hierynomus/sshj/pull/729[#729] and https://github.com/hierynomus/sshj/pull/730[#730]: Add full support for PuTTY v3 key files.
+* Merged https://github.com/hierynomus/sshj/pull/708[#708] and https://github.com/hierynomus/sshj/pull/713[#71]: Add support for PKCS#8 private keys
+* Merged https://github.com/hierynomus/sshj/pull/703[#703]: Support host certificate keys
+* Upgraded dependencies BouncyCastle (1.69), SLF4j (1.7.32), Logback (1.2.6), asn-one (0.6.0)
+* Merged https://github.com/hierynomus/sshj/pull/702[#702]: Support Public key authentication using certificates
+* Merged https://github.com/hierynomus/sshj/pull/691[#691]: Fix for writing negative unsigned integers to Buffer
+* Merged https://github.com/hierynomus/sshj/pull/682[#682]: Support for chacha20-poly1305@openssh.com cipher
+* Merged https://github.com/hierynomus/sshj/pull/680[#680]: Configurable preserve mtimes for SCP transfers
+
+SSHJ 0.31.0 (2021-02-08)::
+* Bump dependencies (asn-one 0.5.0, BouncyCastle 1.68, slf4j-api 1.7.30)
+* Merged https://github.com/hierynomus/sshj/pull/660[#660]: Support ED25519 and ECDSA keys in PuTTY format
+* Merged https://github.com/hierynomus/sshj/pull/655[#655]: Bump BouncyCastle due to CVE
+* Merged https://github.com/hierynomus/sshj/pull/653[#653]: Make Parameters class useable as HashMap key
+* Merged https://github.com/hierynomus/sshj/pull/647[#647]: Reduce log level for identification parser
+* Merged https://github.com/hierynomus/sshj/pull/630[#630]: Add support for `aes128-gcm@openssh.com` and `aes256-gcm@openssh.com` ciphers
+* Merged https://github.com/hierynomus/sshj/pull/636[#636]: Improved Android compatibility
+* Merged https://github.com/hierynomus/sshj/pull/627[#627]: Prevent key leakage
+SSHJ 0.30.0 (2020-08-17)::
+* **BREAKING CHANGE**: Removed `setSignatureFactories` and `getSignatureFactories` from the Config and switched them for `getKeyAlgorithms` and `setKeyAlgorithms`
+* Fixed https://github.com/hierynomus/sshj/pull/588[#588]: Add support for `ssh-rsa2-256` and `ssh-rsa2-512` signatures
+* Merged https://github.com/hierynomus/sshj/pull/579[#579]: Fix NPE in OpenSSHKnownHosts
+* Merged https://github.com/hierynomus/sshj/pull/587[#587]: Add passwordfinder retry for OpenSSHKeyV1KeyFile
+* Merged https://github.com/hierynomus/sshj/pull/586[#586]: Make KeyType compatible with Android Store
+* Merged  https://github.com/hierynomus/sshj/pull/593[#593]: Change `UserAuth.getAllowedMethods()` to Collection return type
+* Merged  https://github.com/hierynomus/sshj/pull/595[#595]: Allow reading arbitrary length keys
+* Merged  https://github.com/hierynomus/sshj/pull/591[#591]: Allow to query SFTP extensions
+* Merged  https://github.com/hierynomus/sshj/pull/603[#603]: Add method to create Stateful SFTP client
+* Merged  https://github.com/hierynomus/sshj/pull/605[#605]: Use Daemon threads to avoid blocking JVM shutdown
+* Merged  https://github.com/hierynomus/sshj/pull/606[#606]: Always use the JCERandom RNG by default
+* Merged  https://github.com/hierynomus/sshj/pull/609[#609]: Clear passphrase after use to prevent security issues
+* Merged  https://github.com/hierynomus/sshj/pull/618[#618]: Fix localport of DirectConnection for use with OpenSSH > 8.0
+* Merged  https://github.com/hierynomus/sshj/pull/619[#619]: Upgraded BouncyCastle to 1.66
+* Merged  https://github.com/hierynomus/sshj/pull/622[#622]: Send 'ext-info-c' with KEX algorithms
+* Merged  https://github.com/hierynomus/sshj/pull/623[#623]: Fix transport encoding of `nistp521` signatures
+* Merged  https://github.com/hierynomus/sshj/pull/607[#607]: Fix mathing pubkeys to key algorithms
+* Merged  https://github.com/hierynomus/sshj/pull/602[#602]: Fix RSA certificate key determination
 SSHJ 0.27.0 (2019-01-24)::
 * Fixed https://github.com/hierynomus/sshj/issues/415[#415]: Fixed wrongly prefixed '/' to path in SFTPClient.mkdirs
 * Added support for ETM (Encrypt-then-Mac) MAC algorithms.
@@ -127,31 +191,31 @@ SSHJ 0.24.0 (2018-04-04)::
 * Fixed https://github.com/hierynomus/sshj/issues/187[#187]: Fixed length bug in Buffer.putString
 * Fixed https://github.com/hierynomus/sshj/issues/405[#405]: Continue host verification if first hostkey does not match.
 SSHJ 0.23.0 (2017-10-13)::
-* Merged https://github.com/hierynomus/sshj/pulls/372[#372]: Upgrade to 'net.i2p.crypto:eddsa:0.2.0'
+* Merged https://github.com/hierynomus/sshj/pull/372[#372]: Upgrade to 'net.i2p.crypto:eddsa:0.2.0'
 * Fixed https://github.com/hierynomus/sshj/issues/355[#355] and https://github.com/hierynomus/sshj/issues/354[#354]: Correctly decode signature bytes
 * Fixed https://github.com/hierynomus/sshj/issues/365[#365]: Added support for new-style OpenSSH fingerprints of server keys
 * Fixed https://github.com/hierynomus/sshj/issues/356[#356]: Fixed key type detection for ECDSA public keys
 * Made SSHJ Java9 compatible
 SSHJ 0.22.0 (2017-08-24)::
-* Fixed https://github.com/hierynomus/sshj/pulls/341[#341]: Fixed path walking during recursive copy
-* Merged https://github.com/hierynomus/sshj/pulls/338[#338]: Added ConsolePasswordFinder to read password from stdin
-* Merged https://github.com/hierynomus/sshj/pulls/336[#336]: Added support for ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 signatures
+* Fixed https://github.com/hierynomus/sshj/pull/341[#341]: Fixed path walking during recursive copy
+* Merged https://github.com/hierynomus/sshj/pull/338[#338]: Added ConsolePasswordFinder to read password from stdin
+* Merged https://github.com/hierynomus/sshj/pull/336[#336]: Added support for ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 signatures
 * Fixed https://github.com/hierynomus/sshj/issues/331[#331]: Added support for wildcards in known_hosts file
 SSHJ 0.21.1 (2017-04-25)::
-* Merged https://github.com/hierynomus/sshj/pulls/322[#322]: Fix regression from 40f956b (invalid length parameter on outputstream)
+* Merged https://github.com/hierynomus/sshj/pull/322[#322]: Fix regression from 40f956b (invalid length parameter on outputstream)
 SSHJ 0.21.0 (2017-04-14)::
-* Merged https://github.com/hierynomus/sshj/pulls/319[#319]: Added support for `ssh-rsa-cert-v01@openssh.com` and `ssh-dsa-cert-v01@openssh.com` certificate key files
+* Merged https://github.com/hierynomus/sshj/pull/319[#319]: Added support for `ssh-rsa-cert-v01@openssh.com` and `ssh-dsa-cert-v01@openssh.com` certificate key files
 * Upgraded Gradle to 3.4.1
-* Merged https://github.com/hierynomus/sshj/pulls/305[#305]: Added support for custom string encoding
+* Merged https://github.com/hierynomus/sshj/pull/305[#305]: Added support for custom string encoding
 * Fixed https://github.com/hierynomus/sshj/issues/312[#312]: Upgraded BouncyCastle to 1.56
 SSHJ 0.20.0 (2017-02-09)::
-* Merged https://github.com/hierynomus/sshj/pulls/294[#294]: Reference ED25519 by constant instead of name
-* Merged https://github.com/hierynomus/sshj/pulls/293[#293], https://github.com/hierynomus/sshj/pulls/295[#295] and https://github.com/hierynomus/sshj/pulls/301[#301]: Fixed OSGi packaging
+* Merged https://github.com/hierynomus/sshj/pull/294[#294]: Reference ED25519 by constant instead of name
+* Merged https://github.com/hierynomus/sshj/pull/293[#293], https://github.com/hierynomus/sshj/pull/295[#295] and https://github.com/hierynomus/sshj/pull/301[#301]: Fixed OSGi packaging
 * Added new Diffie Hellman groups 15-18 for stronger KeyExchange algorithms
 SSHJ 0.19.1 (2016-12-30)::
 * Enabled PKCS5 Key files in DefaultConfig
-* Merged https://github.com/hierynomus/sshj/pulls/291[#291]: Fixed sshj.properties loading and chained exception messages
-* Merged https://github.com/hierynomus/sshj/pulls/284[#284]: Correctly catch interrupt in keepalive thread
+* Merged https://github.com/hierynomus/sshj/pull/291[#291]: Fixed sshj.properties loading and chained exception messages
+* Merged https://github.com/hierynomus/sshj/pull/284[#284]: Correctly catch interrupt in keepalive thread
 * Fixed https://github.com/hierynomus/sshj/issues/292[#292]: Pass the configured RandomFactory to Diffie Hellman KEX
 * Fixed https://github.com/hierynomus/sshj/issues/256[#256]: SSHJ now builds if no git repository present
 * LocalPortForwarder now correctly interrupts its own thread on close()
@@ -161,11 +225,11 @@ SSHJ 0.19.0 (2016-11-25)::
 SSHJ 0.18.0 (2016-09-30)::
 * Fixed Android compatibility
 * Upgrade to Gradle 3.0
-* Merged https://github.com/hierynomus/sshj/pulls/271[#271]: Load known_hosts without requiring BouncyCastle
-* Merged https://github.com/hierynomus/sshj/pulls/269[#269]: Brought back Java6 support by popular demand
-* Merged https://github.com/hierynomus/sshj/pulls/267[#267]: Added support for per connection logging (Fixes https://github.com/hierynomus/sshj/issues/264[#264])
-* Merged https://github.com/hierynomus/sshj/pulls/262[#262], https://github.com/hierynomus/sshj/pulls/265[#265] and https://github.com/hierynomus/sshj/pulls/266[#266]: Added PKCS5 key file support
-* Fixed toString of sftp FileAttributes (Fixes https://github.com/hierynomus/sshj/pulls/258[#258])
+* Merged https://github.com/hierynomus/sshj/pull/271[#271]: Load known_hosts without requiring BouncyCastle
+* Merged https://github.com/hierynomus/sshj/pull/269[#269]: Brought back Java6 support by popular demand
+* Merged https://github.com/hierynomus/sshj/pull/267[#267]: Added support for per connection logging (Fixes https://github.com/hierynomus/sshj/issues/264[#264])
+* Merged https://github.com/hierynomus/sshj/pull/262[#262], https://github.com/hierynomus/sshj/pull/265[#265] and https://github.com/hierynomus/sshj/pull/266[#266]: Added PKCS5 key file support
+* Fixed toString of sftp FileAttributes (Fixes https://github.com/hierynomus/sshj/pull/258[#258])
 * Fixed https://github.com/hierynomus/sshj/issues/255[#255]: No longer depending on 'privately marked' classes in `net.i2p.crypto.eddsa.math` package, fixes OSGI dependencies
 SSHJ 0.17.2 (2016-07-07)::
 * Treating SSH Server identification line ending in '\n' instead of '\r\n' leniently.
@@ -175,7 +239,7 @@ SSHJ 0.17.0 (2016-07-05)::
 * *Introduced breaking change in SFTP copy behaviour*: Previously an SFTP copy operation would behave differently if both source and target were folders with different names.
  In this case instead of copying the contents of the source into the target directory, the directory itself was copied as a sub directory of the target directory.
  This behaviour has been removed in favour of the default behaviour which is to copy the contents of the source into the target. Bringing the behaviour in line with how SCP works.
-* Fixed https://github.com/hierynomus/sshj/issues/252[#252] (via: https://github.com/hierynomus/sshj/pulls/253[#253]): Same name subdirs are no longer merged by accident
+* Fixed https://github.com/hierynomus/sshj/issues/252[#252] (via: https://github.com/hierynomus/sshj/pull/253[#253]): Same name subdirs are no longer merged by accident
 SSHJ 0.16.0 (2016-04-11)::
 * Fixed https://github.com/hierynomus/sshj/issues/239[#239]: Remote port forwards did not work if you used the empty string as address, or a catch-all address.
 * Fixed https://github.com/hierynomus/sshj/issues/242[#242]: Added OSGI headers to sources jar manifest
--- a/build-publishing.gradle
+++ b/build-publishing.gradle
@@ -17,7 +17,7 @@ configurations {
  pom
 }

-def bouncycastleVersion = "1.50"
+def bouncycastleVersion = "1.67"

 dependencies {
  compile "org.slf4j:slf4j-api:1.7.7"
--- a/build.gradle
+++ b/build.gradle
@@ -1,23 +1,24 @@
-import java.text.SimpleDateFormat
-import com.bmuschko.gradle.docker.tasks.container.*
-import com.bmuschko.gradle.docker.tasks.image.*
-
 plugins {
  id "java"
  id "groovy"
  id "jacoco"
-  id "com.github.blindpirate.osgi" version '0.0.3'
+  id "com.github.blindpirate.osgi" version '0.0.6'
  id "maven-publish"
-  id 'pl.allegro.tech.build.axion-release' version '1.11.0'
-  id "com.bmuschko.docker-remote-api" version "6.4.0"
-  id "com.github.hierynomus.license" version "0.12.1"
-  id "com.jfrog.bintray" version "1.8.5"
-  id 'ru.vyarus.java-lib' version '1.0.5'
-  // id 'ru.vyarus.pom' version '1.0.3'
-  id 'ru.vyarus.github-info' version '1.1.0'
+  id "signing"
+  id 'pl.allegro.tech.build.axion-release' version '1.13.3'
+  id "com.bmuschko.docker-remote-api" version "7.1.0"
+  id "com.github.hierynomus.license" version "0.16.1"
+  id 'ru.vyarus.github-info' version '1.2.0'
+  id "io.github.gradle-nexus.publish-plugin" version "1.0.0"
+}
+
+repositories {
+  mavenCentral()
 }

 group = "com.hierynomus"
+defaultTasks ["build"]
+ext.moduleName = "${project.group}.${project.name}"

 scmVersion {
  tag {
@@ -32,35 +33,30 @@ scmVersion {

 project.version = scmVersion.version

-defaultTasks "build"
+configurations.implementation.transitive = false

-repositories {
-  mavenCentral()
-}
-
-configurations.compile.transitive = false
-
-def bouncycastleVersion = "1.65"
-def sshdVersion = "2.1.0"
+def bouncycastleVersion = "1.70"
+def sshdVersion = "2.8.0"

 dependencies {
-  implementation "org.slf4j:slf4j-api:1.7.7"
+  implementation "org.slf4j:slf4j-api:1.7.36"
  implementation "org.bouncycastle:bcprov-jdk15on:$bouncycastleVersion"
  implementation "org.bouncycastle:bcpkix-jdk15on:$bouncycastleVersion"
  implementation "com.jcraft:jzlib:1.1.3"
+  implementation "com.hierynomus:asn-one:0.6.0"

  implementation "net.i2p.crypto:eddsa:0.3.0"

-  testImplementation "junit:junit:4.12"
+  testImplementation "junit:junit:4.13.2"
  testImplementation 'org.spockframework:spock-core:1.3-groovy-2.4'
-  testImplementation "org.mockito:mockito-core:2.28.2"
+  testImplementation "org.mockito:mockito-core:4.2.0"
  testImplementation "org.apache.sshd:sshd-core:$sshdVersion"
  testImplementation "org.apache.sshd:sshd-sftp:$sshdVersion"
  testImplementation "org.apache.sshd:sshd-scp:$sshdVersion"
-  testRuntimeOnly "ch.qos.logback:logback-classic:1.2.3"
+  testImplementation "ch.qos.logback:logback-classic:1.2.11"
  testImplementation 'org.glassfish.grizzly:grizzly-http-server:2.4.4'
-  testImplementation 'org.apache.httpcomponents:httpclient:4.5.9'
-
+  testImplementation 'org.apache.httpcomponents:httpclient:4.5.13'
+  testImplementation 'org.testcontainers:testcontainers:1.16.2'
 }

 license {
@@ -69,7 +65,12 @@ license {
  mapping {
    java = 'SLASHSTAR_STYLE'
  }
-  excludes(['**/djb/Curve25519.java', '**/sshj/common/Base64.java', '**/org/mindrot/jbcrypt/*.java'])
+  excludes([
+    '**/djb/Curve25519.java',
+    '**/sshj/common/Base64.java',
+    '**/com/hierynomus/sshj/userauth/keyprovider/bcrypt/*.java',
+    '**/files/test_file_*.txt',
+  ])
 }

 if (!JavaVersion.current().isJava9Compatible()) {
@@ -83,7 +84,6 @@ if (JavaVersion.current().isJava8Compatible()) {
  }
 }

-
 compileJava {
  options.compilerArgs.addAll(['--release', '7'])
 }
@@ -99,7 +99,10 @@ task writeSshjVersionProperties {

 jar.dependsOn writeSshjVersionProperties
 jar {
+  inputs.property("moduleName", moduleName)
  manifest {
+    attributes 'Automatic-Module-Name': moduleName
+
    // please see http://bnd.bndtools.org/chapters/390-wrapping.html
    instruction "Bundle-Description", "SSHv2 library for Java"
    instruction "Bundle-License", "http://www.apache.org/licenses/LICENSE-2.0.txt"
@@ -118,6 +121,12 @@ jar {
  }
 }

+
+java {
+	withJavadocJar()
+	withSourcesJar()
+}
+
 sourcesJar {
  manifest {
    attributes(
@@ -183,71 +192,82 @@ github {
  license 'Apache'
 }

-pom {
-  description "SSHv2 library for Java"
-  url "https://github.com/hierynomus/sshj"
-  inceptionYear "2009"
-  developers {
-    developer {
-      id "hierynomus"
-      name "Jeroen van Erp"
-      email "jeroen@javadude.nl"
-      roles {
-        role "Lead developer"
-      }
-    }
-    developer {
-      id "shikhar"
-      name "Shikhar Bhushan"
-      email "shikhar@schmizz.net"
-      url "http://schmizz.net"
-      roles {
-        role "Previous lead developer"
-      }
-    }
-    developer {
-      id "iterate"
-      name "David Kocher"
-      email "dkocher@iterate.ch"
-      organization "iterage GmbH"
-      organizationUrl "https://iterate.ch"
-      roles {
-        role "Developer"
-      }
-    }
-  }
+publishing {
+	publications {
+		maven(MavenPublication) {
+			from(components.java)
+		}
+	}
 }

-if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey")) {
-  bintray {
-    user = project.property("bintrayUsername")
-    key = project.property("bintrayApiKey")
-    publish = true
-    publications = ["maven"]
-    pkg {
-      repo = "maven"
-      name = "${project.name}"
-      licenses = ["Apache-2.0"]
-      vcsUrl = "https://github.com/hierynomus/sshj.git"
-      labels = ["ssh", "sftp", "secure-shell", "network", "file-transfer"]
-      githubRepo = "hierynomus/sshj"
-      version {
-        name = "${project.version}"
-        vcsTag = "v${project.version}"
-        released = new SimpleDateFormat('yyyy-MM-dd\'T\'HH:mm:ss.SSSZZ').format(new Date())
-        gpg {
-          sign = true
-          passphrase = project.property("signing.password")
-        }
-        mavenCentralSync {
-          sync = true
-          user = project.property("sonatypeUsername")
-          password = project.property("sonatypePassword")
-          close = 1
+project.signing {
+  required { project.gradle.taskGraph.hasTask("release") }
+	sign publishing.publications.maven
+
+  if (project.hasProperty("signingKeyId") || project.hasProperty("signingKey")) {
+		def signingKeyId = project.findProperty("signingKeyId")
+		def signingKey = project.findProperty("signingKey")
+		def signingPassword = project.findProperty("signingPassword")
+		if (signingKeyId) {
+			useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword)
+		} else if (signingKey) {
+			useInMemoryPgpKeys(signingKey, signingPassword)
+		}
+	}
+}
+
+project.plugins.withType(MavenPublishPlugin).all {
+	PublishingExtension publishing = project.extensions.getByType(PublishingExtension)
+	publishing.publications.withType(MavenPublication).all { mavenPublication ->
+		mavenPublication.pom {
+			name = "${project.name}"
+      description = 'SSHv2 library for Java'
+      inceptionYear = '2009'
+      url = "https://github.com/hierynomus/${project.name}"
+			licenses {
+				license {
+					name = "The Apache License, Version 2.0"
+					url = "https://www.apache.org/licenses/LICENSE-2.0"
+				}
+			}
+			developers {
+				developer {
+					id = "hierynomus"
+					name = "Jeroen van Erp"
+					email = "jeroen@hierynomus.com"
+				}
+				developer {
+					id = "shikhar"
+					name = "Shikhar Bhushan"
+					email = "shikhar@schmizz.net"
+          url = "http://schmizz.net"
+          roles = ["Previous Lead developer"]
+				}
+        developer {
+          id = "iterate"
+          name = "David Kocher"
+          email = "dkocher@iterate.ch"
+          organization = "iterate GmbH"
+          organizationUrl = "https://iterate.ch"
+          roles = ["Developer"]
        }
+			}
+      scm {
+        url = "https://github.com/hierynomus/${project.name}"
+        connection = "scm:git@github.com:hierynomus/${project.name}.git"
+        developerConnection = "scm:git@github.com:hierynomus/${project.name}.git"
      }
-    }
-  }
+		}
+	}
+}
+
+nexusPublishing {
+	repositories {
+		sonatype()    //sonatypeUsername and sonatypePassword properties are used automatically
+	}
+
+	connectTimeout = Duration.ofMinutes(3)
+	clientTimeout = Duration.ofMinutes(3)
 }

 jacocoTestReport {
@@ -257,36 +277,11 @@ jacocoTestReport {
    }
 }

-
-task buildItestImage(type: DockerBuildImage) {
-    inputDir = file('src/itest/docker-image')
-    images.add('sshj/sshd-itest:latest')
-}
-
-task createItestContainer(type: DockerCreateContainer) {
-    dependsOn buildItestImage
-    targetImageId buildItestImage.getImageId()
-    hostConfig.portBindings = ['2222:22']
-    hostConfig.autoRemove = true
-}
-
-task startItestContainer(type: DockerStartContainer) {
-    dependsOn createItestContainer
-    targetContainerId createItestContainer.getContainerId()
-}
-
-task stopItestContainer(type: DockerStopContainer) {
-    targetContainerId createItestContainer.getContainerId()
-}
-
 task forkedUploadRelease(type: GradleBuild) {
  buildFile = project.buildFile
-  tasks = ["bintrayUpload"]
+  tasks = ["clean", "publishToSonatype", "closeAndReleaseSonatypeStagingRepository"]
 }

-project.tasks.integrationTest.dependsOn(startItestContainer)
-project.tasks.integrationTest.finalizedBy(stopItestContainer)
-
 project.tasks.release.dependsOn([project.tasks.integrationTest, project.tasks.build])
 project.tasks.release.finalizedBy(project.tasks.forkedUploadRelease)
 project.tasks.jacocoTestReport.dependsOn(project.tasks.test)
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -24,7 +24,7 @@
    <groupId>com.hierynomus</groupId>
    <artifactId>sshj-examples</artifactId>
    <packaging>jar</packaging>
-    <version>0.19.1</version>
+    <version>0.33.0</version>

    <name>sshj-examples</name>
    <description>Examples for SSHv2 library for Java</description>
@@ -55,7 +55,7 @@
        <dependency>
            <groupId>com.hierynomus</groupId>
            <artifactId>sshj</artifactId>
-            <version>0.24.0</version>
+            <version>0.33.0</version>
        </dependency>
    </dependencies>

--- a/examples/src/main/java/net/schmizz/sshj/examples/InMemoryKnownHosts.java
+++ b/examples/src/main/java/net/schmizz/sshj/examples/InMemoryKnownHosts.java
@@ -18,7 +18,7 @@ public class InMemoryKnownHosts {
    public static void main(String[] args) throws IOException {
        InputStream entry = new ByteArrayInputStream("localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmhSBtMctNa4hsZt8QGlsYSE5/gMkjeand69Vj4ir13".getBytes(Charset.defaultCharset()));
        SSHClient ssh = new SSHClient();
-        ssh.addHostKeyVerifier(new InMemoryHostKeyVerifier(entry, Charset.defaultCharset()));
+        ssh.addHostKeyVerifier(new OpenSSHKnownHosts(new InputStreamReader(entry, Charset.defaultCharset())));
        ssh.connect("localhost");
        try {
            ssh.authPublickey(System.getProperty("user.name"));
@@ -28,44 +28,4 @@ public class InMemoryKnownHosts {
        }
    }

-    public static class InMemoryHostKeyVerifier implements HostKeyVerifier {
-
-        private final List<OpenSSHKnownHosts.KnownHostEntry> entries = new ArrayList<OpenSSHKnownHosts.KnownHostEntry>();
-
-        public InMemoryHostKeyVerifier(InputStream inputStream, Charset charset) throws IOException {
-            final OpenSSHKnownHosts.EntryFactory entryFactory = new OpenSSHKnownHosts.EntryFactory();
-            BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream, charset));
-            while(reader.ready()) {
-                String line = reader.readLine();
-                try {
-                    OpenSSHKnownHosts.KnownHostEntry entry = entryFactory.parseEntry(line);
-                    if (entry != null) {
-                        entries.add(entry);
-                    }
-                } catch (Exception e) {
-                    //log error
-                }
-            }
-        }
-
-        @Override
-        public boolean verify(String hostname, int port, PublicKey key) {
-            final KeyType type = KeyType.fromKey(key);
-            if (type == KeyType.UNKNOWN) {
-                return false;
-            }
-
-            for (OpenSSHKnownHosts.KnownHostEntry e : entries) {
-                try {
-                    if (e.appliesTo(type, hostname) && e.verify(key)) {
-                        return true;
-                    }
-                } catch (IOException ioe) {
-                    //log error
-                }
-            }
-            return false;
-        }
-    }
-
 }
--- a/examples/src/main/java/net/schmizz/sshj/examples/KeepAlive.java
+++ b/examples/src/main/java/net/schmizz/sshj/examples/KeepAlive.java
@@ -19,8 +19,9 @@ public class KeepAlive {
        final SSHClient ssh = new SSHClient(defaultConfig);
        try {
            ssh.addHostKeyVerifier(new PromiscuousVerifier());
+            // Set interval to enable keep-alive before connecting
+            ssh.getConnection().getKeepAlive().setKeepAliveInterval(5);
            ssh.connect(args[0]);
-            ssh.getConnection().getKeepAlive().setKeepAliveInterval(5); //every 60sec
            ssh.authPassword(args[1], args[2]);
            Session session = ssh.startSession();
            session.allocateDefaultPTY();
--- a/examples/src/main/java/net/schmizz/sshj/examples/LocalPF.java
+++ b/examples/src/main/java/net/schmizz/sshj/examples/LocalPF.java
@@ -2,6 +2,7 @@ package net.schmizz.sshj.examples;

 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.connection.channel.direct.LocalPortForwarder;
+import net.schmizz.sshj.connection.channel.direct.Parameters;

 import java.io.IOException;
 import java.net.InetSocketAddress;
@@ -28,8 +29,8 @@ public class LocalPF {
            * _We_ listen on localhost:8080 and forward all connections on to server, which then forwards it to
            * google.com:80
            */
-            final LocalPortForwarder.Parameters params
-                    = new LocalPortForwarder.Parameters("0.0.0.0", 8080, "google.com", 80);
+            final Parameters params
+                    = new Parameters("0.0.0.0", 8080, "google.com", 80);
            final ServerSocket ss = new ServerSocket();
            ss.setReuseAddress(true);
            ss.bind(new InetSocketAddress(params.getLocalHost(), params.getLocalPort()));
--- a/examples/src/main/java/net/schmizz/sshj/examples/RemotePF.java
+++ b/examples/src/main/java/net/schmizz/sshj/examples/RemotePF.java
@@ -19,6 +19,7 @@ public class RemotePF {
        client.loadKnownHosts();

        client.connect("localhost");
+        client.getConnection().getKeepAlive().setKeepAliveInterval(5);
        try {

            client.authPublickey(System.getProperty("user.name"));
@@ -33,8 +34,6 @@ public class RemotePF {
                    // what we do with incoming connections that are forwarded to us
                    new SocketForwardingConnectListener(new InetSocketAddress("google.com", 80)));

-            client.getTransport().setHeartbeatInterval(30);
-
            // Something to hang on to so that the forwarding stays
            client.getTransport().join();

--- a/gradle/wrapper/gradle-wrapper.jar
+++ b/gradle/wrapper/gradle-wrapper.jar
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.4-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
--- a/269
+++ b/269
@@ -1,7 +1,7 @@
-#!/usr/bin/env sh
+#!/bin/sh

 #
-# Copyright 2015 the original author or authors.
+# Copyright © 2015-2021 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,78 +17,113 @@
 #

 ##############################################################################
-##
-##  Gradle start up script for UN*X
-##
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
 ##############################################################################

 # Attempt to set APP_HOME
+
 # Resolve links: $0 may be a link
-PRG="$0"
-# Need this for relative symlinks.
-while [ -h "$PRG" ] ; do
-    ls=`ls -ld "$PRG"`
-    link=`expr "$ls" : '.*-> \(.*\)$'`
-    if expr "$link" : '/.*' > /dev/null; then
-        PRG="$link"
-    else
-        PRG=`dirname "$PRG"`"/$link"
-    fi
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
 done
-SAVED="`pwd`"
-cd "`dirname \"$PRG\"`/" >/dev/null
-APP_HOME="`pwd -P`"
-cd "$SAVED" >/dev/null
+
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit

 APP_NAME="Gradle"
-APP_BASE_NAME=`basename "$0"`
+APP_BASE_NAME=${0##*/}

 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'

 # Use the maximum available, or set MAX_FD != -1 to use that value.
-MAX_FD="maximum"
+MAX_FD=maximum

 warn () {
    echo "$*"
-}
+} >&2

 die () {
    echo
    echo "$*"
    echo
    exit 1
-}
+} >&2

 # OS specific support (must be 'true' or 'false').
 cygwin=false
 msys=false
 darwin=false
 nonstop=false
-case "`uname`" in
-  CYGWIN* )
-    cygwin=true
-    ;;
-  Darwin* )
-    darwin=true
-    ;;
-  MINGW* )
-    msys=true
-    ;;
-  NONSTOP* )
-    nonstop=true
-    ;;
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
 esac

 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar

+
 # Determine the Java command to use to start the JVM.
 if [ -n "$JAVA_HOME" ] ; then
    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
        # IBM's JDK on AIX uses strange locations for the executables
-        JAVACMD="$JAVA_HOME/jre/sh/java"
+        JAVACMD=$JAVA_HOME/jre/sh/java
    else
-        JAVACMD="$JAVA_HOME/bin/java"
+        JAVACMD=$JAVA_HOME/bin/java
    fi
    if [ ! -x "$JAVACMD" ] ; then
        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
@@ -97,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
    fi
 else
-    JAVACMD="java"
+    JAVACMD=java
    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.

 Please set the JAVA_HOME variable in your environment to match the
@@ -105,79 +140,95 @@ location of your Java installation."
 fi

 # Increase the maximum file descriptors if we can.
-if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
-    MAX_FD_LIMIT=`ulimit -H -n`
-    if [ $? -eq 0 ] ; then
-        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
-            MAX_FD="$MAX_FD_LIMIT"
-        fi
-        ulimit -n $MAX_FD
-        if [ $? -ne 0 ] ; then
-            warn "Could not set maximum file descriptor limit: $MAX_FD"
-        fi
-    else
-        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
-    fi
-fi
-
-# For Darwin, add options to specify how the application appears in the dock
-if $darwin; then
-    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
-fi
-
-# For Cygwin or MSYS, switch paths to Windows format before running java
-if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
-    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
-    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
-    JAVACMD=`cygpath --unix "$JAVACMD"`
-
-    # We build the pattern for arguments to be converted via cygpath
-    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
-    SEP=""
-    for dir in $ROOTDIRSRAW ; do
-        ROOTDIRS="$ROOTDIRS$SEP$dir"
-        SEP="|"
-    done
-    OURCYGPATTERN="(^($ROOTDIRS))"
-    # Add a user-defined pattern to the cygpath arguments
-    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
-        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
-    fi
-    # Now convert the arguments - kludge to limit ourselves to /bin/sh
-    i=0
-    for arg in "$@" ; do
-        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
-        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
-
-        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
-            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
-        else
-            eval `echo args$i`="\"$arg\""
-        fi
-        i=`expr $i + 1`
-    done
-    case $i in
-        0) set -- ;;
-        1) set -- "$args0" ;;
-        2) set -- "$args0" "$args1" ;;
-        3) set -- "$args0" "$args1" "$args2" ;;
-        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
-        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
-        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
-        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
-        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
-        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
    esac
 fi

-# Escape application args
-save () {
-    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
-    echo " "
-}
-APP_ARGS=`save "$@"`
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.

-# Collect all arguments for the java command, following the shell quoting and substitution rules
-eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
+fi
+
+# Collect all arguments for the java command;
+#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+#     shell script including quotes and variable substitutions, so put them in
+#     double quotes to make sure that they get re-expanded; and
+#   * put everything else in single quotes, so that it's not re-expanded.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'

 exec "$JAVACMD" "$@"
--- a/gradlew.bat
+++ b/gradlew.bat
@@ -40,7 +40,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome

 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto init
+if "%ERRORLEVEL%" == "0" goto execute

 echo.
 echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -54,7 +54,7 @@ goto fail
 set JAVA_HOME=%JAVA_HOME:"=%
 set JAVA_EXE=%JAVA_HOME%/bin/java.exe

-if exist "%JAVA_EXE%" goto init
+if exist "%JAVA_EXE%" goto execute

 echo.
 echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
@@ -64,28 +64,14 @@ echo location of your Java installation.

 goto fail

-:init
-@rem Get command-line arguments, handling Windows variants
-
-if not "%OS%" == "Windows_NT" goto win9xME_args
-
-:win9xME_args
-@rem Slurp the command line arguments.
-set CMD_LINE_ARGS=
-set _SKIP=2
-
-:win9xME_args_slurp
-if "x%~1" == "x" goto execute
-
-set CMD_LINE_ARGS=%*
-
 :execute
@rem Setup the command line

 set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar

+
@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*

 :end
@rem End local scope for the variables with windows NT shell
--- a/src/itest/docker-image/Dockerfile
+++ b/src/itest/docker-image/Dockerfile
@@ -1,23 +0,0 @@
-FROM sickp/alpine-sshd:7.5-r2
-
-ADD authorized_keys /home/sshj/.ssh/authorized_keys
-
-ADD test-container/ssh_host_ecdsa_key     /etc/ssh/ssh_host_ecdsa_key
-ADD test-container/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
-ADD test-container/ssh_host_ed25519_key   /etc/ssh/ssh_host_ed25519_key
-ADD test-container/ssh_host_ed25519_key.pub   /etc/ssh/ssh_host_ed25519_key.pub
-ADD test-container/sshd_config /etc/ssh/sshd_config
-
-RUN apk add --no-cache tini
-RUN \
-  echo "root:smile" | chpasswd && \
-  adduser -D -s /bin/ash sshj && \
-  passwd -u sshj && \
-  chmod 600 /home/sshj/.ssh/authorized_keys && \
-  chmod 600 /etc/ssh/ssh_host_ecdsa_key && \
-  chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub && \
-  chmod 600 /etc/ssh/ssh_host_ed25519_key && \
-  chmod 644 /etc/ssh/ssh_host_ed25519_key.pub && \
-  chown -R sshj:sshj /home/sshj
-
-ENTRYPOINT ["/sbin/tini", "/entrypoint.sh"]
--- a/src/itest/docker-image/authorized_keys
+++ b/src/itest/docker-image/authorized_keys
@@ -3,5 +3,8 @@ ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHQiZm0w
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAdJiRkkBM8yC8seTEoAn2PfwbLKrkcahZ0xxPoWICJ root@sshj
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8ww4hJG/gHJYdkjTTBDF1GNz+228nuWprPV+NbQauA ajvanerp@Heimdall.local
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaWrwt3drIOjeBq2LSHRavxAT7ja2f+5soOUJl/zKSI ajvanerp@Heimdall.xebialabs.com
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYfPGSYFOHuSzTJ67H0ynvKJDfgDmwPOj7iJaLGbIBi sshjtest@TranceLove
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoZ9l6Tkm2aL1tSBy2yw4xU5s8BE9MfqS/4J7DzvsYJxF6oQmTIjmStuhH/CT7UjuDtKXdXZUsIhKtafiizxGO8kHSzKDeitpth2RSr8ddMzZKyD6RNs7MfsgjA3UTtrrSrCXEY6O43S2cnuJrWzkPxtwxaQ3zOvDbS2tiulzyq0VzYmuhA/a4CyuQtJBuu+P2oqmu6pU/VB6IzONpvBvYbNPsH1WDmP7zko5wHPihXPCliztspKxS4DRtOZ7BGXyvg44UmIy0Kf4jOkaBV/eCCA4qH7ZHz71/5ceMOpszPcNOEmLGGYhwI+P3OuGMpkrSAv1f8IY6R8spZNncP6UaQ== no-passphrase
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDKRyZAtOJJfAhPU6xE6ZXY564vwErAI3n3Yn4lTHL9bxev9Ily6eCqPLcV0WbSV04pztngFn9MjT7yb8mcXheHpIaWEH569sMpmpOtyfn4p68SceuXBGyyPGMIcfOTknkASd1JYSD4EPkd9rZmCzcx3vEnLu8ChnA/G221xSVQ5VC/jD/c/CgNUayhQ+xbn57qHKKtZwfTa21QmwIabGYJNwlVjlKTCdddeVnZfKqKrG7cxHQApsxd21rhM9IT/C/f4Y/Tx3WUUVeam0iZ265oiPHoPALqJIWSQIUheRYAxYAQqJwSQ0Or9MM8XXun2Iy3RUSGk6eIvrCsFbNURsHNs7Pu0UnpYv6FZ3vCkFep/1pAT6fQvY7pDOOWDHKXArD4watc9gIWaQBH73wDW/KgBcnMRSoGWgQjsYqIamP4oV1+HqUI3lRAsXZaX+eiBGt3+3A5KebP27UJ1YUwhwlzs7wzTKaCu0OaL+hOsP1F2AxAa995bgFksMd23645ux3YCJKXG4sGpJ1Z/Hs49K72gv+QjLZVxXqY623c8+3OUhlixqoEFd4iG7UMc5a552ch/VA+jaspmLZoFhPz99aBRVb1oCSPxSwLw+Q/wxv6pZmT+14rqTzY2farjU53hM+CsUPh7dnWXhGG7RuA5wCdeOXOYjuksfzAoHIZhPqTgQ== ajvanerp@Heimdall.local
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMvfRYSe44VQGwxexOMibcM3+fWeUP1jrBofOxFDRRrzRF8dK/vll2svqTPXMRnITnT1UoemEcB5OHtvH4hzfh/HFeDxJ5S7UncYxoClTSa8MeMFG2Zj9CoUZs1SHbwSGg== root@sshj
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHquUYgkU9wJrcxDWVtdqtfqf6SBDdPDRxwDl7OCohV2UNu2KdjJwSj8j0fsPeMdHjSiv9OCnHYrVilQ+W5WW5q5wGXwk10oIcV0JJscohLA0nS7mKinBrxUwVHnNZbPExFciicnEArcYRb1BuT7HF8hfjuSSpWS0rob6kloSSi/jV7ZA== root@sshj
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQR1fMdT7FYIpIo+4hhd5oOgHk6uW79B
+HVscKp83yPhFylnG4NtpF7anAWTcpl5aB9eJVWTCP5KVvlVLVkxUSRDwAAAAwITPM06Ezz
+NOAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7i
+GF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEP
+AAAAAhAP21AnkkpifUJgiBSYk7YhOfcwC4VfMB3n+BBln73VnmAAAAImlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9yc2EBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key-cert.pub
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQgbM6lYD+Yx1aendIKHYuKthkIN0WhvPdMA0DbC/QmEAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgAOa69XTj4yOPjKtN5Few84Y2qj4p/4RK9yiAjWWxbMQv+dlLzEH/wtj6p1SeDJozFssVfyH2ODFGY9Dct3K4SbLA1b8LfM6vaf1bUxdQz7njsQ40KpcJu662hMOkj9AKTQgpVUVgJJOQuLrIbyfjKClaqt2W6ziH2eLn7wPsZ6HGhQMALQVmebzgFepnwCve9wgX1HNOfuAYYVQwFXddi/xQ4BIVmsH6E3DcUUzjtZZaG063CddPYOW2Ea1efWqHu20FRWqsMnwbL6Hr9JkjKv/Iub8mgLMP1bhbMEblb+tQ+y9RRvPwjT89tKljc7hXvBxpHA4c4ZlnTidsjqPHVeARCt5LV4lES7HWEZ+kFIkGndNLYXOUnxgk6iSLLHVVZUCZPbUiZbSJdoj7r7LGiz4KA7mnqQQGU2jWxSI2drD5T6SW0TFspzjX4dPnJyzFpe02Fl+NvblUUHsnPTHdsRexHRNfqkQhKIO4i8AM8U02nU/uBmXFPb9ANbLcq+Npw== id_ecdsa_256_rfc4716_signed_by_rsa
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key.pub
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPA= id_ecdsa_256_rfc4716_signed_by_rsa
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key
@@ -0,0 +1,11 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
+1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQQ00XynBzgyJLB+1SDf2elIDYt7Lz6g
+Y3dzdqKmYe5L6jzUShmV1UjiE9gCl7i47aRWHSZ3VwiZ0jsT2ekL+ctScSn+NGgw/6BgFr
+c3zIkJoYWYzpg2D3mKUkNDMnJWgisAAADw6GCqcuhgqnIAAAATZWNkc2Etc2hhMi1uaXN0
+cDM4NAAAAAhuaXN0cDM4NAAAAGEENNF8pwc4MiSwftUg39npSA2Ley8+oGN3c3aipmHuS+
+o81EoZldVI4hPYApe4uO2kVh0md1cImdI7E9npC/nLUnEp/jRoMP+gYBa3N8yJCaGFmM6Y
+Ng95ilJDQzJyVoIrAAAAMQDwyD4C4DbK9DVDOovHqCt/f2TKaho1F4wouIIa4ZTph+9cSp
+PUhlSNXKDRD7pOUdIAAAAiaWRfZWNkc2FfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQEC
+AwQF
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key-cert.pub
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2byoaIudWiOZaNJMfyOHNw5tOy8lWAADbp/rNkJ7krwAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKwAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAV3uUrbSScu722FmIUG1FEtd7X+y58XlZyBZMDkI2G8RL0bZtALg8kfAUqRs17XS8MEIsG2STDGvDoKpPlGrupTGAwjnpTrDsgr/WaXUn/21Tyv6h4npcPxX5h5OU24UdZRXUGMRqwRXn4d6c44I6lAXkFGEHV20da+2sKR02QOIEfYik7kYgUzkVE5QPr0YN2hWCNxPNahgPow2RvPDHKL0PBS2CASeIo9pZ6OECdsCX92+BXN+e8oPO+BTp2mwzaepFPiSO6pIdTOnhFHwiY7mG7Y+Xw3nCYJl9cILzeuuUeEw3elRMYtnIoUye/IZaZw6GNBObb59seFOaf8Hm7NV6F7L/RNUG7aESB2n6KKggbPci8xuCulfgi/XBxjsXd/affASOUcn3X6IIUwJDqwMBkhmagvYVoLX1gMoHBW0aLZDQEXigV0WW8v1oMsEp6Sl9Y0kRs9vPBr/8LX9vDaPKmNxOBV8uOnicDb9HZicyLkVQyPFobHOvYt/gfEUM id_ecdsa_384_rfc4716_signed_by_rsa
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key.pub
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKw== id_ecdsa_384_rfc4716_signed_by_rsa
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key
@@ -0,0 +1,12 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS
+1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBkA3IU8ml4HuqnsOYb2H89fRKo0Wx
+nFnke8J5olJ0eyaoAv/0fSZDiOeF5j/K6VGeCa45edqJZCNCwda0vzQaZH8AYUnwojVGH1
+pchzLm1U9C3WlF0wP/c141GiNVmkKAQDN7J4KKxchhByMKVPLUzHv181OvItrLR3ECuhGT
+a8xpJRYAAAEgetmfwXrZn8EAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ
+AAAIUEAZANyFPJpeB7qp7DmG9h/PX0SqNFsZxZ5HvCeaJSdHsmqAL/9H0mQ4jnheY/yulR
+ngmuOXnaiWQjQsHWtL80GmR/AGFJ8KI1Rh9aXIcy5tVPQt1pRdMD/3NeNRojVZpCgEAzey
+eCisXIYQcjClTy1Mx79fNTryLay0dxAroRk2vMaSUWAAAAQWe6t//lZtwKOHz9KOFcSfpO
+DPQTu+PyzryWrwG99r6IoEqXahhK6FjTJ7U0/Ep9zVeeiLpRVlKe15pcN6U3dp9uAAAAIm
+lkX2VjZHNhXzUyMV9yZmM0NzE2X3NpZ25lZF9ieV9yc2EB
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key-cert.pub
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAghRVKHO1c4TGUTQt6NcV1mXd4HCBJLlkJZtPmVp0EQjUAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFgAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAmpwzeo95ahCTQuLfdsHSlWhNlBVUsEze9ogzqhnh1unL0uDztGbEwZ3+2vAQI9wRlIBJhg+FFIOc6KW6Hi9zHZaU/ipmrtDwoMfaRrL6ZgP+COvCxPMiTuJPt8Er2OsRnarc7iM1RnhFz3jVTGhkTG8W9yvN6Pr7SeJ9DokrRMfuDBosLE7i22pLWWBeDmSHz0dh6VGUhTnEK/9RzRnPQmByRQJ+Xfv4He7QE1IWIufG6zYKi42XiCpC2DKCxI0yapKvqVWkR1snc/0ykMUESsAgyzZoYqzxUCSmTzfT/DCb1WRswFVlLb+uccpo6ioi62CCNvC88WDsXhSO4VYsUno33KL9MopvbO1Gg5IncJP+a2wbP3fFQpefx0D828DovGKNSDxGmzXE2HoEQSsW9EsrBOEBZffHRIgLx+yuR9Er67RrIzUZclUlGZaLf/PWf2JSNwuIhxCShwPu1d3I2VYx5Lcn5MXk/IpHP8xLXH/g8/Mm+NhO4blVFAOwYaox id_ecdsa_521_rfc4716_signed_by_rsa
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key.pub
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFg== id_ecdsa_521_rfc4716_signed_by_rsa
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAz/M/Awfg01fL5pK7PsOmk8sdM98WFXv/7ycMEsMu8EgAAAKilREz2pURM
+9gAAAAtzc2gtZWQyNTUxOQAAACAz/M/Awfg01fL5pK7PsOmk8sdM98WFXv/7ycMEsMu8Eg
+AAAEB9mj+1Z9CnxalesmwJiPa7051sjjnXKR00aQ59jCX0GTP8z8DB+DTV8vmkrs+w6aTy
+x0z3xYVe//vJwwSwy7wSAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3
+JzYQE=
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key-cert.pub
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key-cert.pub
@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJPdoRzLgA3gyn+/e94rnl7IvN7PxvEeV0JTITLah2ipAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJob5TylOxmfFX5qH3iE53+zgXp3JbuxcRG9aYx/5GFiWx2yCku1/2lN/KgW2AOb31iS22LXlhCUtZBmbHiYI9aftZAyBcHGYcHvMCDHH66q+bVLlmRlNW+JjWLM46ythgRT+1dKGWAarZSwAC8hYxlV07pvt7EXFmzy4Kv0C/FL8d78P3nrRsmDTYBwrhQy1s5gwOeZlLyomPtSL7kfdxBXum8v4lG+ddtcL82iGdp2gNyonrjyaDZcdXD1FoBDlqM+lvWGO1n4ikts7JG3jcgK3QRdYOVmPnsCzEHaiTm9APuhf72+B5RXybbQcyHTA49+TptavkoxVaMqzdvIunfEYVf1S5zCHgysOkqGLOEVyMSxZk3pORajr2kdyc02Q4Plrb8B6G0rbixJRCJouS6I8J4W/Orypa2ge/un3U1JYaBeA18va7hwHoG/0zsdswETyIB+nrj59YM6Zm4zzC7Sm0SBNXFN0m2f6SDj6CDTnmj13aejQLUzED4e2Bm6Qw== id_ed25519_384_rfc4716_signed_by_rsa
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key.pub
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wS id_ed25519_384_rfc4716_signed_by_rsa
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key
@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEA1iHGJi0EhM4vSCe40N3670OWx6tsA28P7Rpqgl9VdYtorneByT6U
+3o7nSIK7MCGXD9XFCPDbQPnCpjIOQaq9f7wzaj7vEzN3iPEsUohfGIhBnZUZqtHdPSMhqE
+JwxuIqRAlSjy8XnBNK6EjgpZGyXL5NijjR9dp/jYgOCMMmJB585BWhYQt7P5qceFjz6AqH
+WKnBbajorFjiJQR9LVhi9nBCC1I02e8aWqS05JR51J8J1+lECJEiKBbzD0dhAd0CPsGlux
+BtwVGZF13+xzc9/NZLUUb4wJxWM0R8flmIochK+yqPgCmr7rjA3yyEPXtQrvTQ46Jjt/u6
+uKyLbdiZ2QAAA9i320dZt9tHWQAAAAdzc2gtcnNhAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5
+bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8T
+M3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA
+4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnU
+nwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko
+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAwEAAQAAAQEAkd0x4GF8GYdmV+2P
+DOCZhhDxjhQsoO4v2CDNev+79DVB2s7XnyG9QRnxXMiJAJFxGL1S2fNQN6OrP5ELexn2ui
+OWloJGUzsU6zj2K0ZwGQMAR3sAoAcTgQkEbVzM+/2mMvByx8yZdZ0CwtaaCM8Fw/1yTnzE
+MYhkqSGMBdYBjknjZ8pPMYNVucncmdYibPU5VRRhWSSXlee6oZRgWrcW8VGlFtQU/RHt1a
+LUPrSk/3e1Iqk75AWaFVVwnTnz8pPBpQXboiN22gZ8fvPYO9wphPmuXPapGFUt5NHBgMOv
+Yr2+uzeSYg79VKhRv6YEM3aeW8kkjdZ7r4uP8EFnimUDAQAAAIEAsIsTx8nO65tEJbCEmM
+/bFXHRmMSnVyQWQgyPXTvbWyI1Uk0YyaFOnsFCuXwfM/3fupvFyKTC4rdeJYl9HiVbZAm3
+puI+GIRPOdKMWdh+e802KdeGXPsc+LU0tw5zwaRKH46QtmKEu1UICmUEsDFQxYfSlL8zhc
+/OrNwPUZTRtrYAAACBAOsPC4PtdyItaHVYbSlgp++foTm4adby3lYQOh4VDanY4H95ct/P
+4Qa9BklZmkN5HoaPBnOCV66+RzW42qSbincRSdsYXP6t5fnnQwp9+tqCQaPuHVIGuW9MI9
+qO1hwOl1HnvYFvOEvdvA+Os3as5DyZO5AP5Eta6cwjMwKDTB/hAAAAgQDpNXQL3vJvsUgP
+yZjhxodGGoT7HvLVClrICEuVrJj/10t5AabWjh5G3FILZyTU+zNTGLn+emocuKf+sbrlAe
+6sImXPfKKx/kgSR7knPlUi0TEOow4XbIif0cfGxqkamANe1Sv7xReR2rIqkWqEZsDNhtZR
+oQQY9bNehpqAweCY+QAAACFpZF9yc2FfMjA0OF9yZmM0NzE2X3NpZ25lZF9ieV9yc2E=
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key-cert.pub
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key-cert.pub
@@ -0,0 +1 @@
+ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgKsWt/s6Kl/ti8EuWBhg0TdS/kEUWRzsogWz5M1CVjtoAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAAAAAAAAAAACAAAAIWlkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJSHsEN9ccb4C/wrw0Lq22tZ/tLdjXxHKa1xBZZf81z7POZy8njEDN9bXHQalpLzgR12HDnkbBhk0tBrH8JDEmddOiMZrjD5GUzsK5Y3X6H/MTZrPYSqeO7ikmffxRI4A0BjYBmGk5ClntKzs3VhbhnlwBzTbvl+lwGVnP2EJmmP6/xjB0V3udYOQMbRd9Q2ORIZWF0VSexhjVVSdEwDlDdHWubFJwpHGDXKWeijGxSYXbZGwCGhqU04DYIx7HEIm0sulIX9GxjAm16y8QvrSjKCmfOkvg6T/TVVStYGkU2BGGhXyCfCA3gecdxI8mijuLsuBnkr0rVlDg00FLOAduLzsQq7gSC0/xit4OlJO7MoNUSnC9NjNSLjPy7DzW0bwfkmvfuTpKhDmO0lNbr+6if3+Q8pXZV+q1bRFMO9AsSO52gXA/IXGZC3u5JCL56hqb03sQPn/K9ZWmiRzwJYWTpgIgycGwR1ZIYFvtqKJqtVoGaZfCIQD/I4i01qqHxVAg== id_rsa_2048_rfc4716_signed_by_rsa
--- a/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key.pub
+++ b/src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZ id_rsa_2048_rfc4716_signed_by_rsa
--- a/src/itest/docker-image/test-container/sshd_config
+++ b/src/itest/docker-image/test-container/sshd_config
@@ -1,132 +0,0 @@
-#	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
-
-# This is the sshd server system-wide configuration file.  See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented.  Uncommented options override the
-# default value.
-
-#Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-PermitRootLogin yes
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-#PubkeyAuthentication yes
-
-# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile	.ssh/authorized_keys
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
-#PermitEmptyPasswords no
-
-# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-#UsePAM no
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-#X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-#PrintMotd yes
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# override default of no subsystems
-Subsystem	sftp	/usr/lib/ssh/sftp-server
-
-# the following are HPN related configuration options
-# tcp receive buffer polling. disable in non autotuning kernels
-#TcpRcvBufPoll yes
-
-# disable hpn performance boosts
-#HPNDisabled no
-
-# buffer size for hpn to non-hpn connections
-#HPNBufferSize 2048
-
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-#	X11Forwarding no
-#	AllowTcpForwarding no
-#	PermitTTY no
-#	ForceCommand cvs server
-
-KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
-macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com
--- a/src/itest/docker-image/test-container/trusted_ca_keys
+++ b/src/itest/docker-image/test-container/trusted_ca_keys
@@ -0,0 +1,4 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN70b/cYHZQMD1YW0mlncXqC2l++sEWrVYlIUCzNxNhRYjI4UmEVEq3ru1h6K3ZVAJi1DcZuf5ne1ZXtwJ1Uw1JA4wGdKw+9TwAb5Gubn+VEowgt62kLAPeChiPucTXD0FDDhIUOBv3KxytdrJIYAtzZT27STsBiDF1+7Ld3wk/1Dg9NAaI6q40PmuicTEACQRHn5snI1t9+LgZTd3/PPE5pjJM0ow9+r6mlUUM5oHCk5sZ8DBuRR1Ram4sxp/LFQM+9feMmW3ZM2C5AN0JG4A7NXnlwiTKmNVrGI0iFucBBKhjxN1qdgBF11/42cCrerC9UW1auTTi9mqwEIqBGL30VOPy+dCPQQViP+C09CBgyr3wpZciPKP1mvmcOkC5FDzKg9e3v1JBq0fqZgwt+PPG8cGnxRCGEQ+ZMLDuAixkQUEwDWeMskHLkbjUEiVZydViCPSzFczGtKatQiQVZA5Zx0Gn2sUaQjykhWzqKNL8oIbolEdkH9ubOZWNi0brzU= root@sshj
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFI= CA_ecdsa.pem
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0= CA_rsa.pem
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuH CA_ed25519.pem
--- a/src/itest/docker-image/test-container/users_rsa_ca.pub
+++ b/src/itest/docker-image/test-container/users_rsa_ca.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN70b/cYHZQMD1YW0mlncXqC2l++sEWrVYlIUCzNxNhRYjI4UmEVEq3ru1h6K3ZVAJi1DcZuf5ne1ZXtwJ1Uw1JA4wGdKw+9TwAb5Gubn+VEowgt62kLAPeChiPucTXD0FDDhIUOBv3KxytdrJIYAtzZT27STsBiDF1+7Ld3wk/1Dg9NAaI6q40PmuicTEACQRHn5snI1t9+LgZTd3/PPE5pjJM0ow9+r6mlUUM5oHCk5sZ8DBuRR1Ram4sxp/LFQM+9feMmW3ZM2C5AN0JG4A7NXnlwiTKmNVrGI0iFucBBKhjxN1qdgBF11/42cCrerC9UW1auTTi9mqwEIqBGL30VOPy+dCPQQViP+C09CBgyr3wpZciPKP1mvmcOkC5FDzKg9e3v1JBq0fqZgwt+PPG8cGnxRCGEQ+ZMLDuAixkQUEwDWeMskHLkbjUEiVZydViCPSzFczGtKatQiQVZA5Zx0Gn2sUaQjykhWzqKNL8oIbolEdkH9ubOZWNi0brzU= root@sshj
--- a/src/itest/generate.sh
+++ b/src/itest/generate.sh
@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+# This script is intended for generating SSH keys required for unit and integration tests. If you intend to add a new
+# key to the tests, please write its generation command there.
+#
+# All generation commands should generate only files that does not exist. If some key is already generated, the script
+# should not overwrite the key.
+
+set -e -o pipefail
+cd "${BASH_SOURCES[0]}"
+
+function generate() {
+  local destination="$1"
+  if [[ ! -f "$destination" ]]; then
+    echo "Generating $destination" 1>&2
+    shift
+    mkdir -p "$(dirname "$destination")"
+    ssh-keygen -q -f "$destination" "${@}"
+  fi
+}
+
+function generate_cert() {
+  local private_key
+  local suffix
+  local cert
+  private_key="$1"
+  suffix="$2"
+  shift 2
+  cert="$private_key$suffix-cert.pub"
+  if [[ ! -f "$cert" ]]; then
+    cp "$private_key" "$private_key$suffix"
+    cp "$private_key.pub" "$private_key$suffix.pub"
+    generate "$cert" "$@" "$private_key$suffix.pub"
+    rm -f "$private_key$suffix" "$private_key$suffix.pub"
+  fi
+}
+
+generate resources/users_rsa_ca -t rsa -N ''
+if [[ -f resources/users_rsa_ca.pub ]]; then
+  mv resources/users_rsa_ca.pub docker-image/test-container
+fi
+generate resources/keyfiles/id_rsa2 -t rsa -m pem -N ''
+generate resources/keyfiles/id_rsa2-cert.pub -s resources/users_rsa_ca -I my_key_id -n sshj resources/keyfiles/id_rsa2.pub
+
+cat docker-image/test-container/users_rsa_ca.pub >docker-image/test-container/trusted_ca_keys
+
+key_algo_pairs=(ecdsa_256 ecdsa_384 ecdsa_521 rsa_2048 ed25519_384)
+
+for ca_algo in ecdsa rsa ed25519; do
+  generate "resources/keyfiles/certificates/CA_${ca_algo}.pem" -N "" -t "$ca_algo" -C "CA_${ca_algo}.pem"
+  cat "resources/keyfiles/certificates/CA_${ca_algo}.pem.pub" >>docker-image/test-container/trusted_ca_keys
+
+  for key_algo_pair in "${key_algo_pairs[@]}"; do
+    key_algo="${key_algo_pair/_*/}"
+    bits="${key_algo_pair/*_/}"
+
+    for format in pem rfc4716; do
+      if [[ "$key_algo" == 'pem' && "$format" == 'ed25519' ]]; then
+        # Ed25519 keys are always generated in RFC4716 format.
+        continue
+      fi
+
+      user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_${ca_algo}"
+      generate "$user_key" -N '' -t "$key_algo" -b "$bits" -m "$format" -C "$(basename "$user_key")"
+      generate "${user_key}-cert.pub" -s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -n sshj "${user_key}.pub"
+
+      # These certificates are to be used as host certificates of sshd.
+      generate_cert "$user_key" _host \
+        -s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -h -n 127.0.0.1
+    done
+  done
+done
+
+mkdir -p docker-image/test-container/host_keys
+
+for key_algo_pair in "${key_algo_pairs[@]}"; do
+  key_algo="${key_algo_pair/_*/}"
+  bits="${key_algo_pair/*_/}"
+
+  user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_rsa"
+  host_key="docker-image/test-container/host_keys/ssh_host_${key_algo_pair}_key"
+  if [[ ! -f "$host_key" ]]; then
+    cp -p "$user_key" "$host_key"
+    cp -p "${user_key}.pub" "${host_key}.pub"
+    cp -p "${user_key}_host-cert.pub" "${host_key}-cert.pub"
+  fi
+done
+
+(
+  cd resources/keyfiles/certificates
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_valid_before_past \
+    -s "CA_rsa.pem" -I valid_before_past -h -n 127.0.0.1 -V 'always:20210101000000'
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_valid_after_future \
+    -s "CA_rsa.pem" -I valid_after_future -h -n 127.0.0.1 -V '20990101000000:forever'
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_no_principal \
+    -s "CA_rsa.pem" -I no_principal -h
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_principal_wildcard_example_com \
+    -s "CA_rsa.pem" -I principal_wildcard_example_com -h -n '*.example.com'
+)
--- a/src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy
@@ -1,42 +0,0 @@
-/*
- * Copyright (C)2009 - SSHJ Contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.hierynomus.sshj
-
-import net.schmizz.sshj.Config
-import net.schmizz.sshj.DefaultConfig
-import net.schmizz.sshj.SSHClient
-import net.schmizz.sshj.transport.verification.PromiscuousVerifier
-import spock.lang.Specification
-
-class IntegrationBaseSpec extends Specification {
-    protected static final int DOCKER_PORT = 2222
-    protected static final String USERNAME = "sshj"
-    protected static final String KEYFILE = "src/itest/resources/keyfiles/id_rsa"
-    protected final static String SERVER_IP = System.getProperty("serverIP", "127.0.0.1")
-
-    protected static SSHClient getConnectedClient(Config config) {
-        SSHClient sshClient = new SSHClient(config)
-        sshClient.addHostKeyVerifier(new PromiscuousVerifier())
-        sshClient.connect(SERVER_IP, DOCKER_PORT)
-
-        return sshClient
-    }
-
-    protected static SSHClient getConnectedClient() throws IOException {
-        return getConnectedClient(new DefaultConfig())
-    }
-
-}
--- a/src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy
@@ -15,32 +15,37 @@
 */
 package com.hierynomus.sshj

-import com.hierynomus.sshj.signature.SignatureEdDSA
+import com.hierynomus.sshj.key.KeyAlgorithms
 import net.schmizz.sshj.DefaultConfig
 import net.schmizz.sshj.SSHClient
-import net.schmizz.sshj.signature.SignatureECDSA
 import net.schmizz.sshj.transport.TransportException
 import net.schmizz.sshj.userauth.UserAuthException
+import org.junit.ClassRule
+import spock.lang.Shared
+import spock.lang.Specification
 import spock.lang.Unroll

-class IntegrationSpec extends IntegrationBaseSpec {
+class IntegrationSpec extends Specification {
+    @Shared
+    @ClassRule
+    SshdContainer sshd

    @Unroll
    def "should accept correct key for #signatureName"() {
        given:
        def config = new DefaultConfig()
-        config.setSignatureFactories(signatureFactory)
+        config.setKeyAlgorithms(Collections.singletonList(signatureFactory))
        SSHClient sshClient = new SSHClient(config)
        sshClient.addHostKeyVerifier(fingerprint) // test-containers/ssh_host_ecdsa_key's fingerprint

        when:
-        sshClient.connect(SERVER_IP, DOCKER_PORT)
+        sshClient.connect(sshd.containerIpAddress, sshd.firstMappedPort)

        then:
        sshClient.isConnected()

        where:
-        signatureFactory << [new SignatureECDSA.Factory256(), new SignatureEdDSA.Factory()]
+        signatureFactory << [KeyAlgorithms.ECDSASHANistp256(), KeyAlgorithms.EdDSA25519()]
        fingerprint << ["d3:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3", "dc:68:38:ce:fc:6f:2c:d6:6d:6b:34:eb:5c:f0:41:6a"]
        signatureName = signatureFactory.getName()
    }
@@ -51,7 +56,7 @@ class IntegrationSpec extends IntegrationBaseSpec {
        sshClient.addHostKeyVerifier("d4:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3")

        when:
-        sshClient.connect(SERVER_IP, DOCKER_PORT)
+        sshClient.connect(sshd.containerIpAddress, sshd.firstMappedPort)

        then:
        thrown(TransportException.class)
@@ -60,11 +65,11 @@ class IntegrationSpec extends IntegrationBaseSpec {
    @Unroll
    def "should authenticate with key #key"() {
        given:
-        SSHClient client = getConnectedClient()
+        SSHClient client = sshd.getConnectedClient()

        when:
        def keyProvider = passphrase != null ? client.loadKeys("src/itest/resources/keyfiles/$key", passphrase) : client.loadKeys("src/itest/resources/keyfiles/$key")
-        client.authPublickey(USERNAME, keyProvider)
+        client.authPublickey(IntegrationTestUtil.USERNAME, keyProvider)

        then:
        client.isAuthenticated()
@@ -75,14 +80,17 @@ class IntegrationSpec extends IntegrationBaseSpec {
        "id_ecdsa_opensshv1" | null
        "id_ed25519_opensshv1" | null
        "id_ed25519_opensshv1_aes256cbc.pem" | "foobar"
+        "id_ed25519_opensshv1_aes128cbc.pem" | "sshjtest"
        "id_ed25519_opensshv1_protected" | "sshjtest"
        "id_rsa" | null
        "id_rsa_opensshv1" | null
+        "id_ecdsa_nistp384_opensshv1" | null
+        "id_ecdsa_nistp521_opensshv1" | null
    }

   def "should not authenticate with wrong key"() {
        given:
-        SSHClient client = getConnectedClient()
+        SSHClient client = sshd.getConnectedClient()

        when:
        client.authPublickey("sshj", "src/itest/resources/keyfiles/id_unknown_key")
--- a/src/itest/groovy/com/hierynomus/sshj/IntegrationTestUtil.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/IntegrationTestUtil.groovy
@@ -0,0 +1,21 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj
+
+class IntegrationTestUtil {
+    static final String USERNAME = "sshj"
+    static final String KEYFILE = "src/itest/resources/keyfiles/id_rsa"
+}
--- a/src/itest/groovy/com/hierynomus/sshj/ManyChannelsSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/ManyChannelsSpec.groovy
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj
+
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.common.IOUtils
+import net.schmizz.sshj.connection.channel.direct.Session
+import spock.lang.Specification
+
+import java.util.concurrent.*
+
+import static org.codehaus.groovy.runtime.IOGroovyMethods.withCloseable
+
+class ManyChannelsSpec extends Specification {
+
+    def "should work with many channels without nonexistent channel error (GH issue #805)"() {
+        given:
+        SshdContainer sshd = new SshdContainer.Builder()
+                .withSshdConfig("""${SshdContainer.Builder.DEFAULT_SSHD_CONFIG}
+                MaxSessions 200
+                """.stripMargin())
+                .build()
+        sshd.start()
+        SSHClient client = sshd.getConnectedClient()
+        client.authPublickey("sshj", "src/test/resources/id_rsa")
+
+        when:
+        List<Future<Exception>> futures = []
+        ExecutorService executorService = Executors.newCachedThreadPool()
+
+        for (int i in 0..20) {
+            futures.add(executorService.submit((Callable<Exception>) {
+                return execute(client)
+            }))
+        }
+        executorService.shutdown()
+        executorService.awaitTermination(1, TimeUnit.DAYS)
+
+        then:
+        futures*.get().findAll { it != null }.empty
+
+        cleanup:
+        client.close()
+    }
+
+
+    private static Exception execute(SSHClient sshClient) {
+        try {
+            for (def i in 0..100) {
+                withCloseable (sshClient.startSession()) {sshSession ->
+                    Session.Command sshCommand = sshSession.exec("ls -la")
+                    IOUtils.readFully(sshCommand.getInputStream()).toString()
+                    sshCommand.close()
+                }
+            }
+        } catch (Exception e) {
+            return e
+        }
+        return null
+    }
+}
--- a/src/itest/groovy/com/hierynomus/sshj/RsaShaKeySignatureTest.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/RsaShaKeySignatureTest.groovy
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj
+
+import com.hierynomus.sshj.key.KeyAlgorithms
+import net.schmizz.sshj.Config
+import net.schmizz.sshj.DefaultConfig
+import org.testcontainers.images.builder.dockerfile.DockerfileBuilder
+import spock.lang.Specification
+import spock.lang.Unroll
+
+import java.nio.file.Paths
+
+/**
+ * Checks that SSHJ is able to work with OpenSSH 8.8, which removed ssh-rsa signature from the default setup.
+ */
+class RsaShaKeySignatureTest extends Specification {
+    private static final Map<String, KeyAlgorithms.Factory> SSH_HOST_KEYS_AND_FACTORIES = [
+        'ssh_host_ecdsa_256_key': KeyAlgorithms.ECDSASHANistp256(),
+        'ssh_host_ecdsa_384_key': KeyAlgorithms.ECDSASHANistp384(),
+        'ssh_host_ecdsa_521_key': KeyAlgorithms.ECDSASHANistp521(),
+        'ssh_host_ed25519_384_key': KeyAlgorithms.EdDSA25519(),
+        'ssh_host_rsa_2048_key': KeyAlgorithms.RSASHA512(),
+    ]
+
+    private static void dockerfileBuilder(DockerfileBuilder it, String hostKey, String pubkeyAcceptedAlgorithms) {
+        it.from("archlinux:base")
+        it.run('yes | pacman -Sy core/openssh' +
+                ' && (' +
+                '  V=$(echo $(/usr/sbin/sshd -h 2>&1) | grep -o \'OpenSSH_[0-9][0-9]*[.][0-9][0-9]*p[0-9]\');' +
+                '  if [[ "$V" < OpenSSH_8.8p1 ]]; then' +
+                '    echo $V is too old 1>&2;' +
+                '    exit 1;' +
+                '   fi' +
+                ')' +
+                ' && set -o pipefail ' +
+                ' && useradd --create-home sshj' +
+                ' && echo \"sshj:ultrapassword\" | chpasswd')
+        it.add("authorized_keys", "/home/sshj/.ssh/")
+        it.add(hostKey, '/etc/ssh/')
+        it.run('chmod go-rwx /etc/ssh/ssh_host_*' +
+                ' && chown -R sshj /home/sshj/.ssh' +
+                ' && chmod -R go-rwx /home/sshj/.ssh')
+        it.expose(22)
+
+        def cmd = [
+                '/usr/sbin/sshd',
+                '-D',
+                '-e',
+                '-f', '/dev/null',
+                '-o', 'LogLevel=DEBUG2',
+                '-o', "HostKey=/etc/ssh/$hostKey",
+        ]
+        if (pubkeyAcceptedAlgorithms != null) {
+            cmd += ['-o', "PubkeyAcceptedAlgorithms=$pubkeyAcceptedAlgorithms"]
+        }
+        it.cmd(cmd as String[])
+    }
+
+    private static SshdContainer makeSshdContainer(String hostKey, String pubkeyAcceptedAlgorithms) {
+        return new SshdContainer(new SshdContainer.DebugLoggingImageFromDockerfile()
+                .withFileFromPath("authorized_keys", Paths.get("src/itest/docker-image/authorized_keys"))
+                .withFileFromPath(hostKey, Paths.get("src/itest/docker-image/test-container/host_keys/$hostKey"))
+                .withDockerfileFromBuilder {
+                    dockerfileBuilder(it, hostKey, pubkeyAcceptedAlgorithms)
+                })
+    }
+
+    @Unroll
+    def "connect to a server with host key #hostKey that does not support ssh-rsa"() {
+        given:
+        SshdContainer sshd = makeSshdContainer(hostKey, "rsa-sha2-512,rsa-sha2-256,ssh-ed25519")
+        sshd.start()
+
+        and:
+        Config config = new DefaultConfig()
+        config.keyAlgorithms = [
+                KeyAlgorithms.RSASHA512(),
+                KeyAlgorithms.RSASHA256(),
+                SSH_HOST_KEYS_AND_FACTORIES[hostKey],
+        ]
+
+        when:
+        def sshClient = sshd.getConnectedClient(config)
+        sshClient.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1")
+
+        then:
+        sshClient.isAuthenticated()
+
+        cleanup:
+        sshClient?.disconnect()
+        sshd.stop()
+
+        where:
+        hostKey << SSH_HOST_KEYS_AND_FACTORIES.keySet()
+    }
+
+    @Unroll
+    def "connect to a default server with host key #hostKey using a default config"() {
+        given:
+        SshdContainer sshd = makeSshdContainer(hostKey, null)
+        sshd.start()
+
+        when:
+        def sshClient = sshd.getConnectedClient()
+        sshClient.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1")
+
+        then:
+        sshClient.isAuthenticated()
+
+        cleanup:
+        sshClient?.disconnect()
+        sshd.stop()
+
+        where:
+        hostKey << SSH_HOST_KEYS_AND_FACTORIES.keySet()
+    }
+
+    @Unroll
+    def "connect to a server with host key #hostkey that supports only ssh-rsa"() {
+        given:
+        SshdContainer sshd = makeSshdContainer(hostKey, "ssh-rsa,ssh-ed25519")
+        sshd.start()
+
+        and:
+        Config config = new DefaultConfig()
+        config.keyAlgorithms = [
+                KeyAlgorithms.SSHRSA(),
+                SSH_HOST_KEYS_AND_FACTORIES[hostKey],
+        ]
+
+        when:
+        def sshClient = sshd.getConnectedClient(config)
+        sshClient.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1")
+
+        then:
+        sshClient.isAuthenticated()
+
+        cleanup:
+        sshClient.disconnect()
+        sshd.stop()
+
+        where:
+        hostKey << SSH_HOST_KEYS_AND_FACTORIES.keySet()
+    }
+}
--- a/src/itest/groovy/com/hierynomus/sshj/SshServerWaitStrategy.java
+++ b/src/itest/groovy/com/hierynomus/sshj/SshServerWaitStrategy.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj;
+
+import org.testcontainers.containers.wait.strategy.WaitStrategy;
+import org.testcontainers.containers.wait.strategy.WaitStrategyTarget;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.nio.charset.StandardCharsets;
+import java.time.Duration;
+import java.util.Arrays;
+
+/**
+ * A wait strategy designed for {@link SshdContainer} to wait until the SSH server is ready, to avoid races when a test
+ * tries to connect to a server before the server has started.
+ */
+public class SshServerWaitStrategy implements WaitStrategy {
+    private Duration startupTimeout = Duration.ofMinutes(1);
+
+    @Override
+    public void waitUntilReady(WaitStrategyTarget waitStrategyTarget) {
+        long expectedEnd = System.nanoTime() + startupTimeout.toNanos();
+        while (waitStrategyTarget.isRunning()) {
+            long attemptStart = System.nanoTime();
+            IOException error = null;
+            byte[] buffer = new byte[7];
+            try (Socket socket = new Socket()) {
+                socket.setSoTimeout(500);
+                socket.connect(new InetSocketAddress(
+                        waitStrategyTarget.getHost(), waitStrategyTarget.getFirstMappedPort()));
+                // Haven't seen any SSH server that sends the version in two or more packets.
+                //noinspection ResultOfMethodCallIgnored
+                socket.getInputStream().read(buffer);
+                if (!Arrays.equals(buffer, "SSH-2.0".getBytes(StandardCharsets.UTF_8))) {
+                    error = new IOException("The version message doesn't look like an SSH server version");
+                }
+            } catch (IOException err) {
+                error = err;
+            }
+
+            if (error == null) {
+                break;
+            } else if (System.nanoTime() >= expectedEnd) {
+                throw new RuntimeException(error);
+            }
+
+            try {
+                //noinspection BusyWait
+                Thread.sleep(Math.max(0L, 500L - (System.nanoTime() - attemptStart) / 1_000_000));
+            } catch (InterruptedException e) {
+                Thread.currentThread().interrupt();
+                break;
+            }
+        }
+    }
+
+    @Override
+    public WaitStrategy withStartupTimeout(Duration startupTimeout) {
+        this.startupTimeout = startupTimeout;
+        return this;
+    }
+}
--- a/src/itest/groovy/com/hierynomus/sshj/SshdContainer.java
+++ b/src/itest/groovy/com/hierynomus/sshj/SshdContainer.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj;
+
+import ch.qos.logback.classic.Level;
+import ch.qos.logback.classic.Logger;
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.transport.verification.PromiscuousVerifier;
+import org.jetbrains.annotations.NotNull;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.images.builder.ImageFromDockerfile;
+import org.testcontainers.images.builder.dockerfile.DockerfileBuilder;
+import org.testcontainers.utility.DockerLoggerFactory;
+
+import java.io.IOException;
+import java.nio.file.Paths;
+import java.util.concurrent.Future;
+
+/**
+ * A JUnit4 rule for launching a generic SSH server container.
+ */
+public class SshdContainer extends GenericContainer<SshdContainer> {
+    /**
+     * A workaround for strange logger names of testcontainers. They contain no dots, but contain slashes,
+     * square brackets, and even emoji. It's uneasy to set the logging level via the XML file of logback, the
+     * result would be less readable than the code below.
+     */
+    public static class DebugLoggingImageFromDockerfile extends ImageFromDockerfile {
+        public DebugLoggingImageFromDockerfile() {
+            super();
+            Logger logger = (Logger) LoggerFactory.getILoggerFactory()
+                    .getLogger(DockerLoggerFactory.getLogger(getDockerImageName()).getName());
+            logger.setLevel(Level.DEBUG);
+        }
+    }
+
+    public static class Builder {
+        public static final String DEFAULT_SSHD_CONFIG = "" +
+                "PermitRootLogin yes\n" +
+                "AuthorizedKeysFile .ssh/authorized_keys\n" +
+                "Subsystem sftp /usr/lib/ssh/sftp-server\n" +
+                "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1\n" +
+                "macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com\n" +
+                "TrustedUserCAKeys /etc/ssh/trusted_ca_keys\n" +
+                "Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com\n" +
+                "HostKey /etc/ssh/ssh_host_rsa_key\n" +
+                "HostKey /etc/ssh/ssh_host_dsa_key\n" +
+                "HostKey /etc/ssh/ssh_host_ecdsa_key\n" +
+                "HostKey /etc/ssh/ssh_host_ed25519_key\n" +
+                "HostKey /etc/ssh/ssh_host_ecdsa_256_key\n" +
+                "HostCertificate /etc/ssh/ssh_host_ecdsa_256_key-cert.pub\n" +
+                "HostKey /etc/ssh/ssh_host_ecdsa_384_key\n" +
+                "HostCertificate /etc/ssh/ssh_host_ecdsa_384_key-cert.pub\n" +
+                "HostKey /etc/ssh/ssh_host_ecdsa_521_key\n" +
+                "HostCertificate /etc/ssh/ssh_host_ecdsa_521_key-cert.pub\n" +
+                "HostKey /etc/ssh/ssh_host_ed25519_384_key\n" +
+                "HostCertificate /etc/ssh/ssh_host_ed25519_384_key-cert.pub\n" +
+                "HostKey /etc/ssh/ssh_host_rsa_2048_key\n" +
+                "HostCertificate /etc/ssh/ssh_host_rsa_2048_key-cert.pub\n" +
+                "LogLevel DEBUG2\n";
+
+        public static void defaultDockerfileBuilder(@NotNull DockerfileBuilder builder) {
+            builder.from("sickp/alpine-sshd:7.5-r2");
+
+            builder.add("authorized_keys", "/home/sshj/.ssh/authorized_keys");
+
+            builder.add("test-container/ssh_host_ecdsa_key", "/etc/ssh/ssh_host_ecdsa_key");
+            builder.add("test-container/ssh_host_ecdsa_key.pub", "/etc/ssh/ssh_host_ecdsa_key.pub");
+            builder.add("test-container/ssh_host_ed25519_key", "/etc/ssh/ssh_host_ed25519_key");
+            builder.add("test-container/ssh_host_ed25519_key.pub", "/etc/ssh/ssh_host_ed25519_key.pub");
+            builder.copy("test-container/trusted_ca_keys", "/etc/ssh/trusted_ca_keys");
+            builder.copy("test-container/host_keys/*", "/etc/ssh/");
+
+            builder.run("apk add --no-cache tini"
+                    + " && echo \"root:smile\" | chpasswd"
+                    + " && adduser -D -s /bin/ash sshj"
+                    + " && passwd -u sshj"
+                    + " && echo \"sshj:ultrapassword\" | chpasswd"
+                    + " && chmod 600 /home/sshj/.ssh/authorized_keys"
+                    + " && chmod 600 /etc/ssh/ssh_host_*_key"
+                    + " && chmod 644 /etc/ssh/*.pub"
+                    + " && chown -R sshj:sshj /home/sshj");
+            builder.entryPoint("/sbin/tini", "/entrypoint.sh", "-o", "LogLevel=DEBUG2");
+
+            builder.add("sshd_config", "/etc/ssh/sshd_config");
+        }
+
+        private @NotNull String sshdConfig = DEFAULT_SSHD_CONFIG;
+
+        public @NotNull Builder withSshdConfig(@NotNull String sshdConfig) {
+            this.sshdConfig = sshdConfig;
+            return this;
+        }
+
+        public @NotNull SshdContainer build() {
+            return new SshdContainer(buildInner());
+        }
+
+        private @NotNull Future<String> buildInner() {
+            return new DebugLoggingImageFromDockerfile()
+                    .withDockerfileFromBuilder(Builder::defaultDockerfileBuilder)
+                    .withFileFromPath(".", Paths.get("src/itest/docker-image"))
+                    .withFileFromString("sshd_config", sshdConfig);
+        }
+    }
+
+    @SuppressWarnings("unused")  // Used dynamically by Spock
+    public SshdContainer() {
+        this(new SshdContainer.Builder().buildInner());
+    }
+
+    public SshdContainer(@NotNull Future<String> future) {
+        super(future);
+        withExposedPorts(22);
+        setWaitStrategy(new SshServerWaitStrategy());
+        withLogConsumer(outputFrame -> {
+            switch (outputFrame.getType()) {
+                case STDOUT:
+                    logger().info("sshd stdout: {}", outputFrame.getUtf8String().stripTrailing());
+                    break;
+                case STDERR:
+                    logger().info("sshd stderr: {}", outputFrame.getUtf8String().stripTrailing());
+                    break;
+            }
+        });
+    }
+
+    public SSHClient getConnectedClient(Config config) throws IOException {
+        SSHClient sshClient = new SSHClient(config);
+        sshClient.addHostKeyVerifier(new PromiscuousVerifier());
+        sshClient.connect("127.0.0.1", getFirstMappedPort());
+
+        return sshClient;
+    }
+
+    public SSHClient getConnectedClient() throws IOException {
+        return getConnectedClient(new DefaultConfig());
+    }
+}
--- a/src/itest/groovy/com/hierynomus/sshj/sftp/FileWriteSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/sftp/FileWriteSpec.groovy
@@ -15,21 +15,28 @@
 */
 package com.hierynomus.sshj.sftp

-import com.hierynomus.sshj.IntegrationBaseSpec
+import com.hierynomus.sshj.IntegrationTestUtil
+import com.hierynomus.sshj.SshdContainer
 import net.schmizz.sshj.SSHClient
 import net.schmizz.sshj.sftp.OpenMode
 import net.schmizz.sshj.sftp.RemoteFile
 import net.schmizz.sshj.sftp.SFTPClient
+import org.junit.ClassRule
+import spock.lang.Shared
+import spock.lang.Specification

 import java.nio.charset.StandardCharsets

 import static org.codehaus.groovy.runtime.IOGroovyMethods.withCloseable

-class FileWriteSpec extends IntegrationBaseSpec {
+class FileWriteSpec extends Specification {
+    @Shared
+    @ClassRule
+    SshdContainer sshd

    def "should append to file (GH issue #390)"() {
        given:
-        SSHClient client = getConnectedClient()
+        SSHClient client = sshd.getConnectedClient()
        client.authPublickey("sshj", "src/test/resources/id_rsa")
        SFTPClient sftp = client.newSFTPClient()
        def file = "/home/sshj/test.txt"
--- a/src/itest/groovy/com/hierynomus/sshj/signature/HostKeyWithCertificateSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/signature/HostKeyWithCertificateSpec.groovy
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature
+
+import com.hierynomus.sshj.SshdContainer
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts
+import spock.lang.Specification
+import spock.lang.Unroll
+
+import java.nio.file.Files
+
+/**
+ * This is a brief test for verifying connection to a server using keys with certificates.
+ *
+ * Also, take a look at the unit test {@link net.schmizz.sshj.transport.verification.KeyWithCertificateUnitSpec}.
+ */
+class HostKeyWithCertificateSpec extends Specification {
+    @Unroll
+    def "accepting a signed host public key #hostKey"() {
+        given:
+        SshdContainer sshd = new SshdContainer.Builder()
+            .withSshdConfig("""
+                PasswordAuthentication yes
+                HostKey /etc/ssh/$hostKey
+                HostCertificate /etc/ssh/${hostKey}-cert.pub
+                """.stripMargin())
+            .build()
+        sshd.start()
+
+        and:
+        File knownHosts = Files.createTempFile("known_hosts", "").toFile()
+        knownHosts.deleteOnExit()
+
+        and:
+        File caPubKey = new File("src/itest/resources/keyfiles/certificates/CA_rsa.pem.pub")
+        def address = "127.0.0.1"
+        String knownHostsFileContents = "" +
+                "@cert-authority ${ address} ${caPubKey.text}" +
+                "\n@cert-authority [${address}]:${sshd.firstMappedPort} ${caPubKey.text}"
+        knownHosts.write(knownHostsFileContents)
+
+        and:
+        SSHClient sshClient = new SSHClient(new DefaultConfig())
+        sshClient.addHostKeyVerifier(new OpenSSHKnownHosts(knownHosts))
+        sshClient.connect(address, sshd.firstMappedPort)
+
+        when:
+        sshClient.authPassword("sshj", "ultrapassword")
+
+        then:
+        sshClient.authenticated
+
+        and:
+        knownHosts.getText() == knownHostsFileContents
+
+        cleanup:
+        sshd.stop()
+
+        where:
+        hostKey << [
+                "ssh_host_ecdsa_256_key",
+                "ssh_host_ecdsa_384_key",
+                "ssh_host_ecdsa_521_key",
+                "ssh_host_ed25519_384_key",
+                "ssh_host_rsa_2048_key",
+        ]
+    }
+}
--- a/src/itest/groovy/com/hierynomus/sshj/signature/PublicKeyAuthWithCertificateSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/signature/PublicKeyAuthWithCertificateSpec.groovy
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature
+
+import com.hierynomus.sshj.SshdContainer
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.transport.verification.PromiscuousVerifier
+import org.junit.ClassRule
+import spock.lang.Shared
+import spock.lang.Specification
+import spock.lang.Unroll
+
+/**
+ * This is a brief test for verifying connection to a server using keys with certificates.
+ *
+ * Also, take a look at the unit test {@link net.schmizz.sshj.transport.verification.KeyWithCertificateUnitSpec}.
+ */
+class PublicKeyAuthWithCertificateSpec extends Specification {
+    @Shared
+    @ClassRule
+    SshdContainer sshd
+
+    @Unroll
+    def "authorising with a signed public key #keyName"() {
+        given:
+        SSHClient client = new SSHClient(new DefaultConfig())
+        client.addHostKeyVerifier(new PromiscuousVerifier())
+        client.connect("127.0.0.1", sshd.firstMappedPort)
+
+        when:
+        client.authPublickey("sshj", "src/itest/resources/keyfiles/certificates/$keyName")
+
+        then:
+        client.authenticated
+
+        where:
+        keyName << [
+                "id_ecdsa_256_pem_signed_by_ecdsa",
+                "id_ecdsa_256_rfc4716_signed_by_ecdsa",
+                "id_ecdsa_256_pem_signed_by_ed25519",
+                "id_ecdsa_256_rfc4716_signed_by_ed25519",
+                "id_ecdsa_256_pem_signed_by_rsa",
+                "id_ecdsa_256_rfc4716_signed_by_rsa",
+                "id_ecdsa_384_pem_signed_by_ecdsa",
+                "id_ecdsa_384_rfc4716_signed_by_ecdsa",
+                "id_ecdsa_384_pem_signed_by_ed25519",
+                "id_ecdsa_384_rfc4716_signed_by_ed25519",
+                "id_ecdsa_384_pem_signed_by_rsa",
+                "id_ecdsa_384_rfc4716_signed_by_rsa",
+                "id_ecdsa_521_pem_signed_by_ecdsa",
+                "id_ecdsa_521_rfc4716_signed_by_ecdsa",
+                "id_ecdsa_521_pem_signed_by_ed25519",
+                "id_ecdsa_521_rfc4716_signed_by_ed25519",
+                "id_ecdsa_521_pem_signed_by_rsa",
+                "id_ecdsa_521_rfc4716_signed_by_rsa",
+                "id_rsa_2048_pem_signed_by_ecdsa",
+                "id_rsa_2048_rfc4716_signed_by_ecdsa",
+                "id_rsa_2048_pem_signed_by_ed25519",
+                "id_rsa_2048_rfc4716_signed_by_ed25519",
+                "id_rsa_2048_pem_signed_by_rsa",
+                "id_rsa_2048_rfc4716_signed_by_rsa",
+                "id_ed25519_384_rfc4716_signed_by_ecdsa",
+                "id_ed25519_384_rfc4716_signed_by_ed25519",
+                "id_ed25519_384_rfc4716_signed_by_rsa",
+        ]
+    }
+}
--- a/src/itest/groovy/com/hierynomus/sshj/signature/RsaSignatureClientKeySpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/signature/RsaSignatureClientKeySpec.groovy
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature
+
+import com.hierynomus.sshj.IntegrationTestUtil
+import com.hierynomus.sshj.SshdContainer
+import org.junit.ClassRule
+import spock.lang.Shared
+import spock.lang.Specification
+import spock.lang.Unroll
+
+class RsaSignatureClientKeySpec extends Specification {
+    @Shared
+    @ClassRule
+    SshdContainer sshd
+
+    @Unroll
+    def "should correctly connect using publickey auth with RSA key with signature"() {
+        given:
+        def client = sshd.getConnectedClient()
+
+        when:
+        client.authPublickey(IntegrationTestUtil.USERNAME, "src/itest/resources/keyfiles/id_rsa2")
+
+        then:
+        client.authenticated
+    }
+}
--- a/src/itest/groovy/com/hierynomus/sshj/signature/SignatureSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/signature/SignatureSpec.groovy
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature
+
+import com.hierynomus.sshj.IntegrationTestUtil
+import com.hierynomus.sshj.SshdContainer
+import com.hierynomus.sshj.key.KeyAlgorithms
+import net.schmizz.sshj.DefaultConfig
+import org.junit.ClassRule
+import spock.lang.Shared
+import spock.lang.Specification
+import spock.lang.Unroll
+
+class SignatureSpec extends Specification {
+    @Shared
+    @ClassRule
+    SshdContainer sshd
+
+    @Unroll
+    def "should correctly connect with #sig Signature"() {
+        given:
+        def cfg = new DefaultConfig()
+        cfg.setKeyAlgorithms(Collections.singletonList(sigFactory))
+        def client = sshd.getConnectedClient(cfg)
+
+        when:
+        client.authPublickey(IntegrationTestUtil.USERNAME, IntegrationTestUtil.KEYFILE)
+
+        then:
+        client.authenticated
+
+        where:
+        sigFactory << [KeyAlgorithms.SSHRSA(), KeyAlgorithms.RSASHA256(), KeyAlgorithms.RSASHA512()]
+        sig = sigFactory.name
+    }
+}
--- a/src/itest/groovy/com/hierynomus/sshj/transport/cipher/CipherSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/transport/cipher/CipherSpec.groovy
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.cipher
+
+import com.hierynomus.sshj.IntegrationTestUtil
+import com.hierynomus.sshj.SshdContainer
+import net.schmizz.sshj.DefaultConfig
+import org.junit.ClassRule
+import spock.lang.Shared
+import spock.lang.Specification
+import spock.lang.Unroll
+
+class CipherSpec extends Specification {
+    @Shared
+    @ClassRule
+    SshdContainer sshd
+
+    @Unroll
+    def "should correctly connect with #cipher Cipher"() {
+        given:
+        def cfg = new DefaultConfig()
+        cfg.setCipherFactories(cipherFactory)
+        def client = sshd.getConnectedClient(cfg)
+
+        when:
+        client.authPublickey(IntegrationTestUtil.USERNAME, IntegrationTestUtil.KEYFILE)
+
+        then:
+        client.authenticated
+
+        cleanup:
+        client.disconnect()
+
+        where:
+        cipherFactory << [BlockCiphers.TripleDESCBC(),
+                          BlockCiphers.BlowfishCBC(),
+                          BlockCiphers.AES128CBC(),
+                          BlockCiphers.AES128CTR(),
+                          BlockCiphers.AES192CBC(),
+                          BlockCiphers.AES192CTR(),
+                          BlockCiphers.AES256CBC(),
+                          BlockCiphers.AES256CTR(),
+                          GcmCiphers.AES128GCM(),
+                          GcmCiphers.AES256GCM(),
+                          ChachaPolyCiphers.CHACHA_POLY_OPENSSH()]
+        cipher = cipherFactory.name
+    }
+
+}
--- a/src/itest/groovy/com/hierynomus/sshj/transport/kex/KexSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/transport/kex/KexSpec.groovy
@@ -15,29 +15,32 @@
 */
 package com.hierynomus.sshj.transport.kex

-import com.hierynomus.sshj.IntegrationBaseSpec
-import com.hierynomus.sshj.transport.mac.Macs
+import com.hierynomus.sshj.IntegrationTestUtil
+import com.hierynomus.sshj.SshdContainer
 import net.schmizz.sshj.DefaultConfig
-import net.schmizz.sshj.transport.kex.Curve25519DH
 import net.schmizz.sshj.transport.kex.Curve25519SHA256
-import net.schmizz.sshj.transport.kex.DH
 import net.schmizz.sshj.transport.kex.DHGexSHA1
 import net.schmizz.sshj.transport.kex.DHGexSHA256
-import net.schmizz.sshj.transport.kex.ECDH
 import net.schmizz.sshj.transport.kex.ECDHNistP
+import org.junit.ClassRule
+import spock.lang.Shared
+import spock.lang.Specification
 import spock.lang.Unroll

-class KexSpec extends IntegrationBaseSpec {
+class KexSpec extends Specification {
+    @Shared
+    @ClassRule
+    SshdContainer sshd

    @Unroll
    def "should correctly connect with #kex Key Exchange"() {
        given:
        def cfg = new DefaultConfig()
        cfg.setKeyExchangeFactories(kexFactory)
-        def client = getConnectedClient(cfg)
+        def client = sshd.getConnectedClient(cfg)

        when:
-        client.authPublickey(USERNAME, KEYFILE)
+        client.authPublickey(IntegrationTestUtil.USERNAME, IntegrationTestUtil.KEYFILE)

        then:
        client.authenticated
--- a/src/itest/groovy/com/hierynomus/sshj/transport/mac/MacSpec.groovy
+++ b/src/itest/groovy/com/hierynomus/sshj/transport/mac/MacSpec.groovy
@@ -15,24 +15,28 @@
 */
 package com.hierynomus.sshj.transport.mac

-import com.hierynomus.sshj.IntegrationBaseSpec
+import com.hierynomus.sshj.IntegrationTestUtil
+import com.hierynomus.sshj.SshdContainer
 import net.schmizz.sshj.DefaultConfig
-import net.schmizz.sshj.transport.mac.HMACRIPEMD160
-import net.schmizz.sshj.transport.mac.HMACSHA2256
-import spock.lang.AutoCleanup
+import org.junit.ClassRule
+import spock.lang.Shared
+import spock.lang.Specification
 import spock.lang.Unroll

-class MacSpec extends IntegrationBaseSpec {
+class MacSpec extends Specification {
+    @Shared
+    @ClassRule
+    SshdContainer sshd

    @Unroll
    def "should correctly connect with #mac MAC"() {
        given:
        def cfg = new DefaultConfig()
        cfg.setMACFactories(macFactory)
-        def client = getConnectedClient(cfg)
+        def client = sshd.getConnectedClient(cfg)

        when:
-        client.authPublickey(USERNAME, KEYFILE)
+        client.authPublickey(IntegrationTestUtil.USERNAME, IntegrationTestUtil.KEYFILE)

        then:
        client.authenticated
@@ -50,10 +54,10 @@ class MacSpec extends IntegrationBaseSpec {
        given:
        def cfg = new DefaultConfig()
        cfg.setMACFactories(macFactory)
-        def client = getConnectedClient(cfg)
+        def client = sshd.getConnectedClient(cfg)

        when:
-        client.authPublickey(USERNAME, KEYFILE)
+        client.authPublickey(IntegrationTestUtil.USERNAME, IntegrationTestUtil.KEYFILE)

        then:
        client.authenticated
--- a/src/itest/resources/keyfiles/certificates/CA_ecdsa.pem
+++ b/src/itest/resources/keyfiles/certificates/CA_ecdsa.pem
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurL
+m6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAqP36PXj9+j
+14AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9Lpyp
+MH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEF
+IAAAAhAJoGc1L5zMmeORPDxMFTzo47oot8ao0BziAm3NU5ExxOAAAADENBX2VjZHNhLnBl
+bQECAw==
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/CA_ecdsa.pem.pub
+++ b/src/itest/resources/keyfiles/certificates/CA_ecdsa.pem.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFI= CA_ecdsa.pem
--- a/src/itest/resources/keyfiles/certificates/CA_ed25519.pem
+++ b/src/itest/resources/keyfiles/certificates/CA_ed25519.pem
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAJhnCXFqZwlx
+agAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hw
+AAAEBHofpGRYy15jvyiJrPuijusTXmM6bQs6fgegqljUzqwjphrlRZfHI2xJ7IIqmoLji2
+Bh2j7ZP0jynCL0TnjTuHAAAADkNBX2VkMjU1MTkucGVtAQIDBAUGBw==
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/CA_ed25519.pem.pub
+++ b/src/itest/resources/keyfiles/certificates/CA_ed25519.pem.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuH CA_ed25519.pem
--- a/src/itest/resources/keyfiles/certificates/CA_rsa.pem
+++ b/src/itest/resources/keyfiles/certificates/CA_rsa.pem
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksN
+UKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUN
+WHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFH
+aLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPP
+GXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+
+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IF
+zLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuR
+TAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAAFgHGJKn5xiSp+AAAAB3NzaC1yc2
+EAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGC
+dqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK
+8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw
+1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWI
+LhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2r
+yUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYq
+DvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzp
+jI2xwC8ecQF9jeFGBcooa86OO65oPQAAAAMBAAEAAAGAc0imd8v9y4rW1ho/9Nd0fRXncS
+lbXpCioWH+KsVXS52FesKOLRvXGntT2SdqYCHXNqt2vZjh6H76AaKNbNt7nnHEw6ckVBeB
+4tbq2q4NOCDm0nDLWLRNzq6XuXfzPxYwiZTOlu4m7OxTBaokDhoR7EixBlMJ1Brv3pqjOf
+SmKsXOMUgZZGlRFTGNU9eY+UCZUC+Fmb6mJumFD2hM9QpkFT3H1PNHffGhpClVDni/axz5
+3nqZ9OlDS2B18DrdE1GoWhxvnX2nOpKZ+dSKAflyczQI9qOx0FczRuTmnjPz9jYLzTKPfi
+Pw9vkUxNiyJSkYgPMWODDwXCz0frv0n5ZUQvFrtQVjls+fHdoj3qnRYFAvgPgT8LLWE+SD
+SEvWXob6tldI9tTL4Ymx/9FsI5mvcGDhMQtK0YX1mwFBIUq3CRQD6CMd6oDcK1rpn7cQ2z
+AdI+MUdoTjDTr+sIr7ijcLvz1l/PHrFpmb5OCKr0HkVhfQHu8z1Est1ZL4ioQ1Y1ABAAAA
+wF07au4kjHZueAR+MSmD0uBzdZneq/2l5IXEtl4eC5gs2pNpkd4zoa1NhvimFqk2xgAN96
+k6sUXW/sJT+D/AC6heOC/DRUuemHcSyOpSosmGVf56WzC5eDXzrqNbyb6UEA/XshSW3lR5
+VZBO/gVMv0I5qWdTcvDbgAa6mi/gzRkZ6MqJ+zzaXyfz/W6wVD7v2PJAZB9GhNDTpA2UOC
+T3Z1Lk8i4hLX6r18AwYnh7f26LI5ZAMNv2kT98J5qZIV0ntwAAAMEA79Md+2SofgHcurgn
+O3xfH5EgLemF6X/KQTRojuVzlUiId2koMVk1iCv/a5wDqPwvU0kWJtd9RIzm+DeOzTlBwL
+49U3PSr0A4XFwU4Z6/9TlNFpqDbGIiPfFmnhwgi4iOtIHSUm/OdmX4ys0meDERDMCq1g0C
+rTLy9MtpUTv6oiAYLCk6N3lz7059R9394BQR2VoMoyvVmpbwReVqzx7HHb4i/YgdqiaSae
+NUyGv1/G5g0Lko+hFb+rZnCtTREHsdAAAAwQDX9p5+cXsLJygzppmK7yXalBmm0nWmnTnX
+faLp7qPOBxBsOCVno3Ud2BGNodcMkJPG9V8t1jnfFoEyAvq7eJxXCN3s1ACZDAXXp8dtWE
+1lUzZyX6uERljp2jXACpK2v3wBDNjoTr8GuQzJTi0U77YZ2iMs9HjDJFytAZjyl1dTZL5v
+jwTOZx17YQb0qfzAtkKQwxb8o54TK+p7yv8/vZb86WC+qtNsOrQAbhcyNhSeNBQz18oBwX
+tMsqKBf4Eo96EAAAAKQ0FfcnNhLnBlbQE=
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/CA_rsa.pem.pub
+++ b/src/itest/resources/keyfiles/certificates/CA_rsa.pem.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0= CA_rsa.pem
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIfJPrGJGZ7jWfxLWoA4DLK4UX8xeKPZBhpRW8Lf6+C3oAoGCCqGSM49
+AwEHoUQDQgAE5Hdnjy/w72a9P3sSQd57DJayX9m75p1N/W1mh3IDIrI6xIOVeu6g
+w0KbBSExvjsS6TrtJPgGo9XTFp2LcQBDkw==
+-----END EC PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgpQb0g0drrzK2coGjm7xOG0FeIl5pqEoNhbY9VbmEJzsAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5MAAAAAAAAAAAAAAAEAAAAgaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWNkc2EAAAAIAAAABHNzaGoAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAhAPdi7qLZdHYtpNiaQlzT+p//KduiWy3B4o3g+8qmTrywAAAAIGrPimSBL8JTI0YuRzS54Vg90r52aTkRmtOKBXkd7mbx id_ecdsa_256_pem_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5M= id_ecdsa_256_pem_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa_host-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa_host-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgl67ZVJD8No6A02obFMo6hs8Ldt14DeO6b58RWpAiPycAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5MAAAAAAAAAAAAAAAIAAAAgaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIFO6PcSIVKhcnYZRRLes2qPZMpq7P+UDW20vYQn9aQltAAAAIQC877vpE4EbsJuyymmw/T7NsjmVcQnH/U6WjwZCODxI1g== id_ecdsa_256_pem_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFEVp4a/QxSG2pwM8l2yK17tTC3f98FOd4NAUECN0jZcoAoGCCqGSM49
+AwEHoUQDQgAEfz2MGBoHybmWH1pCMKn0u7sLeyDiH5HedZGmQFniDZSUHJErbpaA
+pRhnoR12OHyNpblTd3UhpOJl76tp/2Ht+A==
+-----END EC PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgjgBeNTL1MzUsswy1BYjpiftZ9C9PEGvM6vngt6hJL/EAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fgAAAAAAAAAAAAAAAEAAAAiaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAAgAAAAEc3NoagAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAFMAAAALc3NoLWVkMjU1MTkAAABAfg65fi6me4HL37NLoLi+9NeAZFHPfS5PfNLbx5ZAvA/wOrV//NlFMiiJ6lAuTLQtQU8WMESDZbf7diSDQI34BQ== id_ecdsa_256_pem_signed_by_ed25519
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fg= id_ecdsa_256_pem_signed_by_ed25519
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519_host-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519_host-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgAfBLm5SO2/sG021RdO4S+q1AVpdahAz3jx3XIBMX/DcAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fgAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQD/r1H8JDNXac/XsQr5pxLKAa2EkBtitlyjQlAWX3UlBdm00r9NfcNa0qOhYEAITA2ipM0Kox43KzkSIB9N8yw4= id_ecdsa_256_pem_signed_by_ed25519
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOzGWqHfgD0W/1E3lozWoK0EGi/fh07uw1YR9K3y/EA/oAoGCCqGSM49
+AwEHoUQDQgAECRvqxweOpIpe/gX/0htrI+ZH0gqPT9YYxrIrGJKGJ4X3g24tqyI/
+VAJGyJ3e/bAE1Mnlm4EAN08cokWUOF+wOg==
+-----END EC PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb79Hsx9T9VAh4/hyezWkS4le/m0+YLq9sUXAme7QiRQAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDoAAAAAAAAAAAAAAAEAAAAeaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfcnNhAAAACAAAAARzc2hqAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYCLm55D5nwIJNNCPidXas09UpeBc7FO5SBNq2rzOWeFkLcqfEq6uYJvX5/Va/zq9TCW+m1lQrVsqZVa3Ks4lKz44IBzyqBBpWcfgqNcXOc7wltSW8tfIsmQvSMODMn+bKSQzMWPSt3gjgHFylL4iNbCVSpHmPL3UjhUJurJrtIhTyYtZD6AVZvRS7J07eOTWIl0dx2txJ2xn2fRSx9jkpPDPsuHVB/scE5lm2cqFT5UMe3TVo4jSy6yMqnp+iIThMydsTsq8dFzg8PMFQdCD6MK+zjOPTnKW9wYCuQkjN8/9Ln6imWcpkYNGQsBJiPb1qMUxPzrUnUYMXvjUpzjBiiFaugshmuLFSKxEDSWkjHw6TGAagylOH7vItcptULNmcBrq2gDbI/Pl71aFVFjooOnjeWSmLoAcEIT+2K2e8YMOcC1eBCltVo9hhnfzRLrnV0ss1NI0cP9m0uBri7O77+NPA+TrMMTybe4x3gMzHobEKDrZlyNwJfHUA+vdzCJNQ4= id_ecdsa_256_pem_signed_by_rsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDo= id_ecdsa_256_pem_signed_by_rsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa_host-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa_host-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg39MCdE+TdsgibyL9pdV+Oip06sFgPj7Lldoa8Mdrr6EAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDoAAAAAAAAAAAAAAAIAAAAeaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAu9U1TrUpxb5Iq1/3i5gvgiUk+Pr8ckCJ1X2v2g0wJF1iDRgt1ynL5o842Va0dND8r/tlYuXiXDY+nVK3P5e+Qdyq7ORbbibqDfJXpXN3WRCY4IjXzAWBUh2h8ywDTBgpbvBdcv0ITOF8V9w8LwCzFMqAEAf9ZvxqNA33qJjUXpP/XFwrkK81VJo4XNPXFf5NXRrUn7nDDU2QMyzfLYJwErNVV8iw/U/cef9ens1M15IX8yrMJxCQb7JQkvKeUPrs6ALa4lgvMISl1/jDEQ4nCw0YrXC9rWOTr71HS7SZrw3KLJQYyQNGBjqc4n4BqhPUYf9ac+w1trKBMtw0tFKjVEzsjg6dpYMr5cIon6Gm1N9GWV6pRcghkDoC3qbSUDbvqFWUOt9HAuiFUpye4BxP/W52PM63xVJhkOQ0DpQbCM2W7KWj6E/KjHlFeoTPzy3GmG3KBUrl1nQK5HSriuINyLZAq6Q8AUhekG8Td52rucU9WYfz1W6J7XrdEy73jsVT id_ecdsa_256_pem_signed_by_rsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSg88EiIHWvzomLE8ahdjrqE0iZnrCZ
+5bBy1uZj/QiOvJcyWeV8G7nTmyGhDSzE2BVZNmK7tjK1h7QKCcn7gLZqAAAAwEc6tF1HOr
+RdAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsT
+xqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtm
+oAAAAhAN2usDXl6owiRjz99e5lTmsGwFY1qtPlDBP+G4d4pBbhAAAAJGlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9lY2RzYQECAw==
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgpwwYrqrCZSI5imMxVTHnzFZSDW3NvYfLaFMiKCvegaAAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmoAAAAAAAAAAAAAAAEAAAAkaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAACAAAAARzc2hqAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIQD7GTHsM19ZtnntVYvFz3dJZZh5ZyJz2OeNPbUTEtBTiQAAACA1Zanogf6uUgFnjNS1KwOhSUqzKwtQ+Db7c6DV2HFN8g== id_ecdsa_256_rfc4716_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmo= id_ecdsa_256_rfc4716_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa_host-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa_host-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg0cIXSpmbkGXAqBI2MfH9tpCITWA28bvcPogKDHk2+aUAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmoAAAAAAAAAAAAAAAIAAAAkaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAZQAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASgAAACEAm95yiB9YDmtQJR1Eqeg9Di5GAu0BmbIIVQXKqAmbNgkAAAAhAOCYC23uX7C1wSo4uHcDnIkN1fwjTkrmzryLbGQvI10R id_ecdsa_256_rfc4716_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSSlaBbx7IhGpFNz0AJjNS9ltz3Pt+7
+qI5PPwRJKq5qIdJiejYjE4G4/kHSacJXYj9AsmSIkWq8blhW099x+MmiAAAAwNnay43Z2s
+uNAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3P
+QAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4ya
+IAAAAhAIAiz2os7YuPnqIHiRnHhQjcnm2y/D8WJ35paiWs1RVGAAAAJmlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9lZDI1NTE5AQ==
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg8EviOh4kJ/RDObpq9OJjY1v55378bby2aNotrPon6XsAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3PQAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4yaIAAAAAAAAAAAAAAAEAAAAmaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAAIAAAABHNzaGoAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQOlUU8WMaF/szvw9K79abfnTNCLr1k6QZyQnbZR8d1hW5+TlhI6020enha0TApG6zwLPuQ28LZstnpSpKehoYwo= id_ecdsa_256_rfc4716_signed_by_ed25519
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3PQAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4yaI= id_ecdsa_256_rfc4716_signed_by_ed25519
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519_host-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519_host-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgrJTOkSNe36/l/T13/eKF59eow8nik6PMBXKDJc52ODwAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3PQAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4yaIAAAAAAAAAAAAAAAIAAAAmaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuHAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECrlWp1E6MWq80NGW5i4gpWH/hKwEJlsoKMokLUi1GilQuMaS0FPrFl4XJR44fCZKKuugaoouL8zxUgficeVOYM id_ecdsa_256_rfc4716_signed_by_ed25519
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQR1fMdT7FYIpIo+4hhd5oOgHk6uW79B
+HVscKp83yPhFylnG4NtpF7anAWTcpl5aB9eJVWTCP5KVvlVLVkxUSRDwAAAAwITPM06Ezz
+NOAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7i
+GF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEP
+AAAAAhAP21AnkkpifUJgiBSYk7YhOfcwC4VfMB3n+BBln73VnmAAAAImlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9yc2EBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg1VzZYeBstzrnExtKXoHjWcKOPy0he5FfNQfyJop5fWoAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAEAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAAgAAAAEc3NoagAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGABeiDaBt62xlJ7H5/ek8KPwqfhhyKV1+w9PLSchd8Y5KyK25iTtYO/SNAeuiJuSCZGk4NgJ+FzEHmvbpYtF57kvHUddQ3+0jJIvjQev1RDwLDkuCiDtzYCgtSGW2K7KXPpap4PrShDfmlt/VUN5Dt2ELi2f0hekSS638et3NnaF8SGpLhdU5IiV5jXbYH/7sdUDT4hxIwb7FnZzL8Zt1TtMRz8NtSlIhTDVA6BRNiVunkHYkvqIpA1Rd4/zD2udWV8CZTyW+TL3ULJU94pk8Bm19X9JGNbSA/7VvVOQiBqk+eIgc4kXl7Gyp6IbtNODkJ8yN3CrwiO5k0nCTVC0STHKcPexVulqWWlwQgLD8GppNHzyW0mvdjx5oLdpMH9octCUIXfdF/lW1wH1FgEIa9NUQXX3C+FkhFD46IgOK+mmk6YR9np1a0QqXnGcQnjjjxeVtEiG91ywz9i09MvYRAsslkpB8+ce8xylq+dkie8ppkkeGqChu5jF4mYDq1iGzS id_ecdsa_256_rfc4716_signed_by_rsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPA= id_ecdsa_256_rfc4716_signed_by_rsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa_host-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_rsa_host-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQgbM6lYD+Yx1aendIKHYuKthkIN0WhvPdMA0DbC/QmEAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgAOa69XTj4yOPjKtN5Few84Y2qj4p/4RK9yiAjWWxbMQv+dlLzEH/wtj6p1SeDJozFssVfyH2ODFGY9Dct3K4SbLA1b8LfM6vaf1bUxdQz7njsQ40KpcJu662hMOkj9AKTQgpVUVgJJOQuLrIbyfjKClaqt2W6ziH2eLn7wPsZ6HGhQMALQVmebzgFepnwCve9wgX1HNOfuAYYVQwFXddi/xQ4BIVmsH6E3DcUUzjtZZaG063CddPYOW2Ea1efWqHu20FRWqsMnwbL6Hr9JkjKv/Iub8mgLMP1bhbMEblb+tQ+y9RRvPwjT89tKljc7hXvBxpHA4c4ZlnTidsjqPHVeARCt5LV4lES7HWEZ+kFIkGndNLYXOUnxgk6iSLLHVVZUCZPbUiZbSJdoj7r7LGiz4KA7mnqQQGU2jWxSI2drD5T6SW0TFspzjX4dPnJyzFpe02Fl+NvblUUHsnPTHdsRexHRNfqkQhKIO4i8AM8U02nU/uBmXFPb9ANbLcq+Npw== id_ecdsa_256_rfc4716_signed_by_rsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDDnWxfGM8iNcn6VgKlVmVdrMm6KbhlGYnH0G2XNpwJhQsvnDsoL4N8M
+ojKTfWH1U7ugBwYFK4EEACKhZANiAASrxIDF2kzXSeiwRWVA9sEJf8/SB05JFK+g
+e6KBOr/tvv6EISb8wVMmkAGUb5oLL6EgaZ9d1q6w3pThW2dC4bQyP7B1W4TaKZCR
+wF8EH+zvOP6QROzxFbXzCAiCjcvbcB0=
+-----END EC PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgr2RJOHA5xgXoG2b1eRDnXKgzD+BsxXrqiWI8GxlHMGMAAAAIbmlzdHAzODQAAABhBKvEgMXaTNdJ6LBFZUD2wQl/z9IHTkkUr6B7ooE6v+2+/oQhJvzBUyaQAZRvmgsvoSBpn13WrrDelOFbZ0LhtDI/sHVbhNopkJHAXwQf7O84/pBE7PEVtfMICIKNy9twHQAAAAAAAAAAAAAAAQAAACBpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lY2RzYQAAAAgAAAAEc3NoagAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAZAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASQAAACEAvkclDQy9KSmNbS/jteikatmEbSfmO7/FaXcS5+in8wIAAAAgdcjFIdh7/xAVIN52V77vzWrgKNwVEa2Vbtjnkg1KUr8= id_ecdsa_384_pem_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKvEgMXaTNdJ6LBFZUD2wQl/z9IHTkkUr6B7ooE6v+2+/oQhJvzBUyaQAZRvmgsvoSBpn13WrrDelOFbZ0LhtDI/sHVbhNopkJHAXwQf7O84/pBE7PEVtfMICIKNy9twHQ== id_ecdsa_384_pem_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa_host-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ecdsa_host-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgY2OzNmZOc/vZIZBQFWEORqvMf/oHPrX+yxHKqhAZ28cAAAAIbmlzdHAzODQAAABhBKvEgMXaTNdJ6LBFZUD2wQl/z9IHTkkUr6B7ooE6v+2+/oQhJvzBUyaQAZRvmgsvoSBpn13WrrDelOFbZ0LhtDI/sHVbhNopkJHAXwQf7O84/pBE7PEVtfMICIKNy9twHQAAAAAAAAAAAAAAAgAAACBpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lY2RzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAgMqxtjTDkl14nj/EpXUdqoheSYN6nNsH6J4ZedLti6AcAAAAhAIkJoGGFMb0sTPfmWEa7Dd0GIZYz6jhV+P34XT5krXcB id_ecdsa_384_pem_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDDZCyYToDyuqStWrDnO7bb4vaydvcGaMM69jQGMhpH38ygRQW9fE9E4
+/dlQ0u3IizGgBwYFK4EEACKhZANiAATiQceFLd2USzUJ4HB1NmleM2hJQBJ3lnur
+w+LrGKHR2xwl8wZePhtvVpCVndf0GLmbeTTciDSA2oAaIL63AzwgnGWuSCmQdTyV
+IzYbfw6eCPi4hGc8cKS8ZHQS2OK8avE=
+-----END EC PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb8WjV0yI6r7nIUsMSdoXVEd6NTlrRo+EFYMY4Wc8YyYAAAAIbmlzdHAzODQAAABhBOJBx4Ut3ZRLNQngcHU2aV4zaElAEneWe6vD4usYodHbHCXzBl4+G29WkJWd1/QYuZt5NNyINIDagBogvrcDPCCcZa5IKZB1PJUjNht/Dp4I+LiEZzxwpLxkdBLY4rxq8QAAAAAAAAAAAAAAAQAAACJpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lZDI1NTE5AAAACAAAAARzc2hqAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuHAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEC87hSbGcEMRKetxHJrJ71A9U1CHBh6TyizBbnJWzVm3va+R0ohO4TW5tZn83Cw+B2qL+GTGJ6j8tm1U3Cu0MMK id_ecdsa_384_pem_signed_by_ed25519
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOJBx4Ut3ZRLNQngcHU2aV4zaElAEneWe6vD4usYodHbHCXzBl4+G29WkJWd1/QYuZt5NNyINIDagBogvrcDPCCcZa5IKZB1PJUjNht/Dp4I+LiEZzxwpLxkdBLY4rxq8Q== id_ecdsa_384_pem_signed_by_ed25519
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519_host-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_ed25519_host-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgGZiVJml5jUGLWIzSqiJPuIHQlllgL0ACSFDfHcI/KyQAAAAIbmlzdHAzODQAAABhBOJBx4Ut3ZRLNQngcHU2aV4zaElAEneWe6vD4usYodHbHCXzBl4+G29WkJWd1/QYuZt5NNyINIDagBogvrcDPCCcZa5IKZB1PJUjNht/Dp4I+LiEZzxwpLxkdBLY4rxq8QAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9lZDI1NTE5AAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAFMAAAALc3NoLWVkMjU1MTkAAABAHyGchTk5zw6vfu+SdHdSz7p2Nb0gTnp2/DJ8I9oN1l4PQT2xnPOvPo0EiopxTFhu9gLmaBFBtb0Ld1KjseKADA== id_ecdsa_384_pem_signed_by_ed25519
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDAdedfKcsWfF/5F1gzur96bZm46418quWRbxqxL1C9V0xNfwsHgy1C/
+IqAul+nXkKugBwYFK4EEACKhZANiAAQ9VkGx/6Q2kYz3OECqYLThHFvy7ErXl1Pc
+yIxCFZAqXf1mj3656pdc7vxtDXMeWC9mHyhA7c18YbJGnPDgEeQq+8DIOgmIdTbj
+garD0mxCwrX9Rdki2xhFhuHex6JmzdQ=
+-----END EC PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAghcwzqH5DN9fwc2z3PUGDVRBWNz8R/m07fxTWMCdVoKsAAAAIbmlzdHAzODQAAABhBD1WQbH/pDaRjPc4QKpgtOEcW/LsSteXU9zIjEIVkCpd/WaPfrnql1zu/G0Ncx5YL2YfKEDtzXxhskac8OAR5Cr7wMg6CYh1NuOBqsPSbELCtf1F2SLbGEWG4d7HombN1AAAAAAAAAAAAAAAAQAAAB5pZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9yc2EAAAAIAAAABHNzaGoAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgIMLYvfexE8s6eMYNOgqKOceG0uAKDUWT7aHXVA2q4jkTvMCQLck7k+hc1np8Gwwfaehn7zesLjOx9GzeN8MlFt1l07wRhqqDdpJNpcc4L7JAajJeaXn71dHkTqPuEeclyPE1LUZyanX0Y2fg8WnNt7+giZr3T9n3PahVA7dannqPwhKg/bFBMjF16WixLXOXuJFGkiKeha/9JS9t6ihVritTOOui09xJKIBCB8apx7TgAKlCGynVxwxZi02/dPRoZruBZ4wpw66UQvX/HYtz/cI7kU6lMpRAJdBFnHhgEgGGS6Y91JBXxde3VGuHKxe8+TwAWhD++WWukQPSfGp9YYuyFNqqQXNmpgpnuCxiBjSBpGYo76N7+HRKG7R4xS4fnD4ZDspY/JapHVTng0hYS7fa2Nw3hnz+mbFHDfkw8L2S+8VWxbXh2LqJo1+KmQN4O9SFUzwbLqxJ3DOnYAZe8I43WAjyxcafBeUGWI5Q2FdMVPm/2/L3B+M6cDL2RBiow== id_ecdsa_384_pem_signed_by_rsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBD1WQbH/pDaRjPc4QKpgtOEcW/LsSteXU9zIjEIVkCpd/WaPfrnql1zu/G0Ncx5YL2YfKEDtzXxhskac8OAR5Cr7wMg6CYh1NuOBqsPSbELCtf1F2SLbGEWG4d7HombN1A== id_ecdsa_384_pem_signed_by_rsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa_host-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_pem_signed_by_rsa_host-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgjKDNUKzzdplM18CnnurEHP8+6IXdamkGh9Ph41DBJTgAAAAIbmlzdHAzODQAAABhBD1WQbH/pDaRjPc4QKpgtOEcW/LsSteXU9zIjEIVkCpd/WaPfrnql1zu/G0Ncx5YL2YfKEDtzXxhskac8OAR5Cr7wMg6CYh1NuOBqsPSbELCtf1F2SLbGEWG4d7HombN1AAAAAAAAAAAAAAAAgAAAB5pZF9lY2RzYV8zODRfcGVtX3NpZ25lZF9ieV9yc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYBXT6blHmMNsbfVmpgXmtpqadS7GZAaGoI5QGuKBS6RheUfvDsMUGnyR87wsfZ2NP6AsFYMDMksqYR4VTiPiUUdA/owXUnOMlyUIYJ2viQaa7b4PPFtfLV5w8UicYzmASITd0OF4vXRjk6CMKjtABfU9pVuStHseTV6vYU2QVsQDWqTlkjYSNitkMY/bIBGihaUNi/6vh8sdfZYpRURx93lHJYPNwJ4NJCG7UZ+bzIoPw2RuF1RgZ+ttD7h7W5nb2sGkDTUqny3oLHBW9ojMhYl8Y3GKRdBpmnaWRsOF5a6ieH3WlICyHh2q8JPc0cJXKbUmkkiqt034nHbdM5Vb+qQekhTLK4FW0tgkrv2THGQF5WXxOHCXQwBQrYgYR/tBPkR7R6rqJOGnlBKGW7Sl1CZ4Steb88apE6P7Y4n1BDmNzNCfJcPHn/aAgCRoofoXS97i2H9o0Umo/CKPbaj4yRl4rJMhmlY+FKNOwPufG0B+fz8v6iPQc7CzbSVsM4JOF4= id_ecdsa_384_pem_signed_by_rsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa
@@ -0,0 +1,11 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
+1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQS7JvG0Vr/U8brHqHOQe4l9gBdazldM
+8ZppTyH0EGjtUgKatub3vcr/rpukinfh9fnL7Ph3YZKfFRdw8OJCnJo+EJTIJu+h8FxAWC
+eqUGMin8LXt3yL0Zpif5PHcissX+0AAADwtCIqsLQiKrAAAAATZWNkc2Etc2hhMi1uaXN0
+cDM4NAAAAAhuaXN0cDM4NAAAAGEEuybxtFa/1PG6x6hzkHuJfYAXWs5XTPGaaU8h9BBo7V
+ICmrbm973K/66bpIp34fX5y+z4d2GSnxUXcPDiQpyaPhCUyCbvofBcQFgnqlBjIp/C17d8
+i9GaYn+Tx3IrLF/tAAAAMDwGOEg1iXgSGS864iNun6n5wkMbfT8LZ5EaZd8XeWPkjy45PR
+7Hc4S8fTCw+GTyEwAAACRpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWNkc2EB
+AgME
+-----END OPENSSH PRIVATE KEY-----
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgssI6EKmd7wvszzF8rlFY9ebU3MofrsEyuYBgD+MHDJsAAAAIbmlzdHAzODQAAABhBLsm8bRWv9Txuseoc5B7iX2AF1rOV0zxmmlPIfQQaO1SApq25ve9yv+um6SKd+H1+cvs+Hdhkp8VF3Dw4kKcmj4QlMgm76HwXEBYJ6pQYyKfwte3fIvRmmJ/k8dyKyxf7QAAAAAAAAAAAAAAAQAAACRpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWNkc2EAAAAIAAAABHNzaGoAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAgF+DGUfUifzZ1QBAJQ4Llw+kvJoARXhFBJjMqorNkDCkAAAAhAKZeVbDSSKp1sQ/StAgRcITPrZUWpHnRJCHjv5ZloSx3 id_ecdsa_384_rfc4716_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLsm8bRWv9Txuseoc5B7iX2AF1rOV0zxmmlPIfQQaO1SApq25ve9yv+um6SKd+H1+cvs+Hdhkp8VF3Dw4kKcmj4QlMgm76HwXEBYJ6pQYyKfwte3fIvRmmJ/k8dyKyxf7Q== id_ecdsa_384_rfc4716_signed_by_ecdsa
--- a/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa_host-cert.pub
+++ b/src/itest/resources/keyfiles/certificates/id_ecdsa_384_rfc4716_signed_by_ecdsa_host-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgIH2g9NXosXkqoj6f7eNLPk98Uh6MUmUhZ19LCxlzWa8AAAAIbmlzdHAzODQAAABhBLsm8bRWv9Txuseoc5B7iX2AF1rOV0zxmmlPIfQQaO1SApq25ve9yv+um6SKd+H1+cvs+Hdhkp8VF3Dw4kKcmj4QlMgm76HwXEBYJ6pQYyKfwte3fIvRmmJ/k8dyKyxf7QAAAAAAAAAAAAAAAgAAACRpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIAZvilKjdWVhv2A5epyRnl+SCniqMwsMCuOLLyMs1a6ZAAAAIQCZOSTiBbGXkOpfKAGMbwI/CuhzAJ7mEck2tUGy4Q1H/w== id_ecdsa_384_rfc4716_signed_by_ecdsa
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 
 .0
				`@@ -0,0 +1 @@`
				ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQgbM6lYD+Yx1aendIKHYuKthkIN0WhvPdMA0DbC/QmEAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgAOa69XTj4yOPjKtN5Few84Y2qj4p/4RK9yiAjWWxbMQv+dlLzEH/wtj6p1SeDJozFssVfyH2ODFGY9Dct3K4SbLA1b8LfM6vaf1bUxdQz7njsQ40KpcJu662hMOkj9AKTQgpVUVgJJOQuLrIbyfjKClaqt2W6ziH2eLn7wPsZ6HGhQMALQVmebzgFepnwCve9wgX1HNOfuAYYVQwFXddi/xQ4BIVmsH6E3DcUUzjtZZaG063CddPYOW2Ea1efWqHu20FRWqsMnwbL6Hr9JkjKv/Iub8mgLMP1bhbMEblb+tQ+y9RRvPwjT89tKljc7hXvBxpHA4c4ZlnTidsjqPHVeARCt5LV4lES7HWEZ+kFIkGndNLYXOUnxgk6iSLLHVVZUCZPbUiZbSJdoj7r7LGiz4KA7mnqQQGU2jWxSI2drD5T6SW0TFspzjX4dPnJyzFpe02Fl+NvblUUHsnPTHdsRexHRNfqkQhKIO4i8AM8U02nU/uBmXFPb9ANbLcq+Npw== id_ecdsa_256_rfc4716_signed_by_rsa
				`@@ -0,0 +1 @@`
				`ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPA= id_ecdsa_256_rfc4716_signed_by_rsa`
				`@@ -0,0 +1 @@`
				ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2byoaIudWiOZaNJMfyOHNw5tOy8lWAADbp/rNkJ7krwAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKwAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAV3uUrbSScu722FmIUG1FEtd7X+y58XlZyBZMDkI2G8RL0bZtALg8kfAUqRs17XS8MEIsG2STDGvDoKpPlGrupTGAwjnpTrDsgr/WaXUn/21Tyv6h4npcPxX5h5OU24UdZRXUGMRqwRXn4d6c44I6lAXkFGEHV20da+2sKR02QOIEfYik7kYgUzkVE5QPr0YN2hWCNxPNahgPow2RvPDHKL0PBS2CASeIo9pZ6OECdsCX92+BXN+e8oPO+BTp2mwzaepFPiSO6pIdTOnhFHwiY7mG7Y+Xw3nCYJl9cILzeuuUeEw3elRMYtnIoUye/IZaZw6GNBObb59seFOaf8Hm7NV6F7L/RNUG7aESB2n6KKggbPci8xuCulfgi/XBxjsXd/affASOUcn3X6IIUwJDqwMBkhmagvYVoLX1gMoHBW0aLZDQEXigV0WW8v1oMsEp6Sl9Y0kRs9vPBr/8LX9vDaPKmNxOBV8uOnicDb9HZicyLkVQyPFobHOvYt/gfEUM id_ecdsa_384_rfc4716_signed_by_rsa
				`@@ -0,0 +1 @@`
				`ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKw== id_ecdsa_384_rfc4716_signed_by_rsa`
				`@@ -0,0 +1 @@`
				ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAghRVKHO1c4TGUTQt6NcV1mXd4HCBJLlkJZtPmVp0EQjUAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFgAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAmpwzeo95ahCTQuLfdsHSlWhNlBVUsEze9ogzqhnh1unL0uDztGbEwZ3+2vAQI9wRlIBJhg+FFIOc6KW6Hi9zHZaU/ipmrtDwoMfaRrL6ZgP+COvCxPMiTuJPt8Er2OsRnarc7iM1RnhFz3jVTGhkTG8W9yvN6Pr7SeJ9DokrRMfuDBosLE7i22pLWWBeDmSHz0dh6VGUhTnEK/9RzRnPQmByRQJ+Xfv4He7QE1IWIufG6zYKi42XiCpC2DKCxI0yapKvqVWkR1snc/0ykMUESsAgyzZoYqzxUCSmTzfT/DCb1WRswFVlLb+uccpo6ioi62CCNvC88WDsXhSO4VYsUno33KL9MopvbO1Gg5IncJP+a2wbP3fFQpefx0D828DovGKNSDxGmzXE2HoEQSsW9EsrBOEBZffHRIgLx+yuR9Er67RrIzUZclUlGZaLf/PWf2JSNwuIhxCShwPu1d3I2VYx5Lcn5MXk/IpHP8xLXH/g8/Mm+NhO4blVFAOwYaox id_ecdsa_521_rfc4716_signed_by_rsa
				`@@ -0,0 +1 @@`
				`ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFg== id_ecdsa_521_rfc4716_signed_by_rsa`
				`@@ -0,0 +1 @@`
				ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJPdoRzLgA3gyn+/e94rnl7IvN7PxvEeV0JTITLah2ipAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJob5TylOxmfFX5qH3iE53+zgXp3JbuxcRG9aYx/5GFiWx2yCku1/2lN/KgW2AOb31iS22LXlhCUtZBmbHiYI9aftZAyBcHGYcHvMCDHH66q+bVLlmRlNW+JjWLM46ythgRT+1dKGWAarZSwAC8hYxlV07pvt7EXFmzy4Kv0C/FL8d78P3nrRsmDTYBwrhQy1s5gwOeZlLyomPtSL7kfdxBXum8v4lG+ddtcL82iGdp2gNyonrjyaDZcdXD1FoBDlqM+lvWGO1n4ikts7JG3jcgK3QRdYOVmPnsCzEHaiTm9APuhf72+B5RXybbQcyHTA49+TptavkoxVaMqzdvIunfEYVf1S5zCHgysOkqGLOEVyMSxZk3pORajr2kdyc02Q4Plrb8B6G0rbixJRCJouS6I8J4W/Orypa2ge/un3U1JYaBeA18va7hwHoG/0zsdswETyIB+nrj59YM6Zm4zzC7Sm0SBNXFN0m2f6SDj6CDTnmj13aejQLUzED4e2Bm6Qw== id_ed25519_384_rfc4716_signed_by_rsa
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wS id_ed25519_384_rfc4716_signed_by_rsa`
				`@@ -0,0 +1 @@`
				ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgKsWt/s6Kl/ti8EuWBhg0TdS/kEUWRzsogWz5M1CVjtoAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAAAAAAAAAAACAAAAIWlkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJSHsEN9ccb4C/wrw0Lq22tZ/tLdjXxHKa1xBZZf81z7POZy8njEDN9bXHQalpLzgR12HDnkbBhk0tBrH8JDEmddOiMZrjD5GUzsK5Y3X6H/MTZrPYSqeO7ikmffxRI4A0BjYBmGk5ClntKzs3VhbhnlwBzTbvl+lwGVnP2EJmmP6/xjB0V3udYOQMbRd9Q2ORIZWF0VSexhjVVSdEwDlDdHWubFJwpHGDXKWeijGxSYXbZGwCGhqU04DYIx7HEIm0sulIX9GxjAm16y8QvrSjKCmfOkvg6T/TVVStYGkU2BGGhXyCfCA3gecdxI8mijuLsuBnkr0rVlDg00FLOAduLzsQq7gSC0/xit4OlJO7MoNUSnC9NjNSLjPy7DzW0bwfkmvfuTpKhDmO0lNbr+6if3+Q8pXZV+q1bRFMO9AsSO52gXA/IXGZC3u5JCL56hqb03sQPn/K9ZWmiRzwJYWTpgIgycGwR1ZIYFvtqKJqtVoGaZfCIQD/I4i01qqHxVAg== id_rsa_2048_rfc4716_signed_by_rsa