v0.15.0

Correctly calculating ECDSA key fingerprint (Fixes #225)

README.adoc

@@ -1,7 +1,7 @@
 = sshj - SSHv2 library for Java
 Jeroen van Erp
 :sshj_groupid: com.hierynomus
-:sshj_version: 0.14.0
+:sshj_version: 0.15.0
 :source-highlighter: pygments
 
 image::https://travis-ci.org/hierynomus/sshj.svg?branch=master[]
@@ -59,14 +59,15 @@ In the `examples` directory, there is a separate Maven project that shows how th
 Implementations / adapters for the following algorithms are included:
 
 ciphers::
-  `aes{128,192,256}-{cbc,ctr}`, `blowfish-cbc`, `3des-cbc`
+  `aes{128,192,256}-{cbc,ctr}`, `blowfish-{cbc,ctr}`, `3des-{cbc,ctr}`, `twofish{128,192,256}-{cbc,ctr}`, `twofish-cbc`, `serpent{128,192,256}-{cbc,ctr}`, `idea-{cbc,ctr}`, `cast128-{cbc,ctr}`, `arcfour`, `arcfour{128,256}`
+  SSHJ also supports the following extended (non official) ciphers: `camellia{128,192,256}-{cbc,ctr}`, `camellia{128,192,256}-{cbc,ctr}@openssh.org`
 
 key exchange::
-  `diffie-hellman-group1-sha1`, `diffie-hellman-group14-sha1`, `diffie-hellman-group-exhange-sha1`, `diffie-hellman-group-exchange-sha256`,
+  `diffie-hellman-group1-sha1`, `diffie-hellman-group14-sha1`, `diffie-hellman-group-exchange-sha1`, `diffie-hellman-group-exchange-sha256`,
   `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`, `curve25519-sha256@libssh.org`
 
 signatures::
-  `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`
+  `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ssh-ed25519
 
 mac::
   `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`
@@ -79,6 +80,8 @@ private key files::
 
 If you need something that is not included, it shouldn't be too hard to add (do contribute it!)
 
+== Comparing to other implementations
+http://ssh-comparison.quendi.de/comparison.html[SSH Implementation Comparison]
 
 == Dependencies
 Java 6+. http://www.slf4j.org/download.html[slf4j] is required. http://www.bouncycastle.org/java.html[bouncycastle] is highly recommended and required for using some of the crypto algorithms. http://www.jcraft.com/jzlib/[jzlib] is required for using zlib compression.
@@ -93,10 +96,15 @@ Google Group: http://groups.google.com/group/sshj-users
 Fork away!
 
 == Release history
+SSHJ 0.15.0 (2015-11-20)::
+* Fixed https://github.com/hierynomus/sshj/issues/220[#220]: Added support for `ssh-ed25519` host keys
+* Fixed https://github.com/hierynomus/sshj/issues/225[#225]: Fixed bug in ECDSA fingerprint calculation that sometimes produced an incorrect fingerprint
+* Added `arcfour` Stream Ciphers from RFC4253 and RFC4345
+* Added all Block Ciphers from RFC4344 and RFC4253
 SSHJ 0.14.0 (2015-11-04)::
 * Fixed https://github.com/hierynomus/sshj/issues/171[#171]: Added support for `curve25519-sha256@libssh.org` key exchange algorithm
 * Added support for `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384` and  `ecdh-sha2-nistp521` key exchange algorithms
-* Fixed https://github.com/hierynomus/sshj/issues/167[#167]: Added support for `diffie-hellman-group-exhange-sha1` and `diffie-hellman-group-exhange-sha256` key exchange methods
+* Fixed https://github.com/hierynomus/sshj/issues/167[#167]: Added support for `diffie-hellman-group-exchange-sha1` and `diffie-hellman-group-exchange-sha256` key exchange methods
 * Fixed https://github.com/hierynomus/sshj/issues/212[#212]: Configure path escaping to enable shell expansion to work correctly
 * Merged https://github.com/hierynomus/sshj/issues/210[#210]: RemoteFileInputStream.skip returns wrong value (Fixes https://github.com/hierynomus/sshj/issues/209[#209])
 * Merged https://github.com/hierynomus/sshj/issues/208[#208]: Added SCP bandwidth limitation support

build.gradle

@@ -4,7 +4,7 @@ apply plugin: "signing"
 apply plugin: "osgi"
 
 group = "com.hierynomus"
-version = "0.14.0"
+version = "0.15.0"
 
 repositories {
   mavenCentral()

examples/pom.xml

@@ -55,7 +55,7 @@
         <dependency>
             <groupId>com.hierynomus</groupId>
             <artifactId>sshj</artifactId>
-            <version>0.13.0</version>
+            <version>0.15.0</version>
         </dependency>
     </dependencies>
 

src/main/java/com/hierynomus/sshj/secg/SecgUtils.java

@@ -1,4 +1,4 @@
-package net.schmizz.sshj.transport.kex;
+package com.hierynomus.sshj.secg;
 
 import net.schmizz.sshj.common.SSHRuntimeException;
 
@@ -7,11 +7,11 @@ import java.security.spec.ECPoint;
 import java.security.spec.EllipticCurve;
 import java.util.Arrays;
 
-class SecgUtils {
+public class SecgUtils {
     /**
      * SECG 2.3.4 Octet String to ECPoint
      */
-    static ECPoint getDecoded(byte[] M, EllipticCurve curve) {
+    public static ECPoint getDecoded(byte[] M, EllipticCurve curve) {
         int elementSize = getElementSize(curve);
         if (M.length != 2 * elementSize + 1 || M[0] != 0x04) {
             throw new SSHRuntimeException("Invalid 'f' for Elliptic Curve " + curve.toString());
@@ -26,7 +26,7 @@ class SecgUtils {
     /**
      * SECG 2.3.3 ECPoint to Octet String
      */
-    static byte[] getEncoded(ECPoint point, EllipticCurve curve) {
+    public static byte[] getEncoded(ECPoint point, EllipticCurve curve) {
         int elementSize = getElementSize(curve);
         byte[] M = new byte[2 * elementSize + 1];
         M[0] = 0x04;

src/main/java/com/hierynomus/sshj/signature/Ed25519PublicKey.java

@@ -0,0 +1,40 @@
+package com.hierynomus.sshj.signature;
+
+import net.i2p.crypto.eddsa.EdDSAPublicKey;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
+import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+import net.schmizz.sshj.common.SSHRuntimeException;
+
+import java.util.Arrays;
+
+/**
+ * Our own extension of the EdDSAPublicKey that comes from ECC-25519, as that class does not implement equality.
+ * The code uses the equality of the keys as an indicator whether they're the same during host key verification.
+ */
+public class Ed25519PublicKey extends EdDSAPublicKey {
+
+    public Ed25519PublicKey(EdDSAPublicKeySpec spec) {
+        super(spec);
+
+        EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("ed25519-sha-512");
+        if (!spec.getParams().getCurve().equals(ed25519.getCurve())) {
+            throw new SSHRuntimeException("Cannot create Ed25519 Public Key from wrong spec");
+        }
+    }
+
+    @Override
+    public boolean equals(Object other) {
+        if (!(other instanceof Ed25519PublicKey)) {
+            return false;
+        }
+
+        Ed25519PublicKey otherKey = (Ed25519PublicKey) other;
+        return Arrays.equals(getAbyte(), otherKey.getAbyte());
+    }
+
+    @Override
+    public int hashCode() {
+        return getA().hashCode();
+    }
+}

src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java

@@ -0,0 +1,94 @@
+package com.hierynomus.sshj.signature;
+
+import net.i2p.crypto.eddsa.EdDSAEngine;
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.signature.Signature;
+
+import java.security.*;
+
+public class SignatureEdDSA implements Signature {
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Signature> {
+
+        @Override
+        public String getName() {
+            return KeyType.ED25519.toString();
+        }
+
+        @Override
+        public Signature create() {
+            return new SignatureEdDSA();
+        }
+    }
+
+    final EdDSAEngine engine;
+
+    protected SignatureEdDSA() {
+        try {
+            engine = new EdDSAEngine(MessageDigest.getInstance("SHA-512"));
+        } catch (NoSuchAlgorithmException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    @Override
+    public void init(PublicKey pubkey, PrivateKey prvkey) {
+        try {
+            if (pubkey != null) {
+                engine.initVerify(pubkey);
+            }
+
+            if (prvkey != null) {
+                engine.initSign(prvkey);
+            }
+        } catch (InvalidKeyException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    @Override
+    public void update(byte[] H) {
+        update(H, 0, H.length);
+    }
+
+    @Override
+    public void update(byte[] H, int off, int len) {
+        try {
+            engine.update(H, off, len);
+        } catch (SignatureException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    @Override
+    public byte[] sign() {
+        try {
+            return engine.sign();
+        } catch (SignatureException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    @Override
+    public byte[] encode(byte[] signature) {
+        return signature;
+    }
+
+    @Override
+    public boolean verify(byte[] sig) {
+        try {
+            Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(sig);
+            String algo = plainBuffer.readString();
+            if (!"ssh-ed25519".equals(algo)) {
+                throw new SSHRuntimeException("Expected 'ssh-ed25519' key algorithm, but was: " + algo);
+            }
+            byte[] bytes = plainBuffer.readBytes();
+            return engine.verify(bytes);
+        } catch (SignatureException e) {
+            throw new SSHRuntimeException(e);
+        } catch (Buffer.BufferException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+}

src/main/java/com/hierynomus/sshj/transport/cipher/BlockCiphers.java

@@ -0,0 +1,122 @@
+package com.hierynomus.sshj.transport.cipher;
+
+import net.schmizz.sshj.transport.cipher.BaseCipher;
+import net.schmizz.sshj.transport.cipher.BlockCipher;
+import net.schmizz.sshj.transport.cipher.Cipher;
+
+/**
+ * All BlockCiphers supported by SSH according to the following RFCs
+ *
+ * - https://tools.ietf.org/html/rfc4344#section-3.1
+ * - https://tools.ietf.org/html/rfc4253#section-6.3
+ *
+ * TODO: https://tools.ietf.org/html/rfc5647
+ *
+ * Some of the Ciphers are still implemented in net.schmizz.sshj.transport.cipher.*. These are scheduled to be migrated to here.
+ */
+public class BlockCiphers {
+
+    public static final String COUNTER_MODE = "CTR";
+    public static final String CIPHER_BLOCK_CHAINING_MODE = "CBC";
+
+    public static Factory BlowfishCTR() {
+        return new Factory(8, 256, "blowfish-ctr", "Blowfish", COUNTER_MODE);
+    }
+    public static Factory Twofish128CTR() {
+        return new Factory(16, 128, "twofish128-ctr", "Twofish", COUNTER_MODE);
+    }
+    public static Factory Twofish192CTR() {
+        return new Factory(16, 192, "twofish192-ctr", "Twofish", COUNTER_MODE);
+    }
+    public static Factory Twofish256CTR() {
+        return new Factory(16, 256, "twofish256-ctr", "Twofish", COUNTER_MODE);
+    }
+    public static Factory Twofish128CBC() {
+        return new Factory(16, 128, "twofish128-cbc", "Twofish", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Twofish192CBC() {
+        return new Factory(16, 192, "twofish192-cbc", "Twofish", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Twofish256CBC() {
+        return new Factory(16, 256, "twofish256-cbc", "Twofish", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory TwofishCBC() {
+        return new Factory(16, 256, "twofish-cbc", "Twofish", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Serpent128CTR() {
+        return new Factory(16, 128, "serpent128-ctr", "Serpent", COUNTER_MODE);
+    }
+    public static Factory Serpent192CTR() {
+        return new Factory(16, 192, "serpent192-ctr", "Serpent", COUNTER_MODE);
+    }
+    public static Factory Serpent256CTR() {
+        return new Factory(16, 256, "serpent256-ctr", "Serpent", COUNTER_MODE);
+    }
+    public static Factory Serpent128CBC() {
+        return new Factory(16, 128, "serpent128-cbc", "Serpent", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Serpent192CBC() {
+        return new Factory(16, 192, "serpent192-cbc", "Serpent", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Serpent256CBC() {
+        return new Factory(16, 256, "serpent256-cbc", "Serpent", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory IDEACTR() {
+        return new Factory(8, 128, "idea-ctr", "IDEA", COUNTER_MODE);
+    }
+    public static Factory IDEACBC() {
+        return new Factory(8, 128, "idea-cbc", "IDEA", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Cast128CTR() {
+        return new Factory(8, 128, "cast128-ctr", "CAST5", COUNTER_MODE);
+    }
+    public static Factory Cast128CBC() {
+        return new Factory(8, 128, "cast128-cbc", "CAST5", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory TripleDESCTR() {
+        return new Factory(8, 192, "3des-ctr", "DESede", COUNTER_MODE);
+    }
+
+    /** Named factory for BlockCipher */
+    public static class Factory
+            implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+
+        private int keysize;
+        private String cipher;
+        private String mode;
+        private String name;
+        private int ivsize;
+
+        /**
+         * @param ivsize
+         * @param keysize The keysize used in bits.
+         * @param name
+         * @param cipher
+         * @param mode
+         */
+        public Factory(int ivsize, int keysize, String name, String cipher, String mode) {
+            this.name = name;
+            this.keysize = keysize;
+            this.cipher = cipher;
+            this.mode = mode;
+            this.ivsize = ivsize;
+        }
+
+        @Override
+        public Cipher create() {
+            return new BlockCipher(ivsize, keysize / 8, cipher, cipher + "/" + mode + "/NoPadding");
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
+    }
+
+
+}

src/main/java/com/hierynomus/sshj/transport/cipher/ExtendedBlockCiphers.java

@@ -0,0 +1,52 @@
+package com.hierynomus.sshj.transport.cipher;
+
+import static com.hierynomus.sshj.transport.cipher.BlockCiphers.CIPHER_BLOCK_CHAINING_MODE;
+import static com.hierynomus.sshj.transport.cipher.BlockCiphers.COUNTER_MODE;
+
+/**
+ * Set of Block Ciphers that are (not yet) part of any of the official RFCs for SSH, but
+ * that are either supported by other SSH implementations, or are being pushed for to be
+ * included in a new RFC.
+ *
+ * - http://tools.ietf.org/id/draft-kanno-secsh-camellia-01.txt
+ */
+public class ExtendedBlockCiphers {
+    public static BlockCiphers.Factory Camellia128CTR() {
+        return new BlockCiphers.Factory(16, 128, "camellia128-ctr", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia128CTROpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 128, "camellia128-ctr@openssh.org", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia192CTR() {
+        return new BlockCiphers.Factory(16, 192, "camellia192-ctr", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia192CTROpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 192, "camellia192-ctr@openssh.org", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia256CTR() {
+        return new BlockCiphers.Factory(16, 256, "camellia256-ctr", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia256CTROpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 256, "camellia256-ctr@openssh.org", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia128CBC() {
+        return new BlockCiphers.Factory(16, 128, "camellia128-cbc", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static BlockCiphers.Factory Camellia128CBCOpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 128, "camellia128-cbc@openssh.org", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static BlockCiphers.Factory Camellia192CBC() {
+        return new BlockCiphers.Factory(16, 192, "camellia192-cbc", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static BlockCiphers.Factory Camellia192CBCOpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 192, "camellia192-cbc@openssh.org", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static BlockCiphers.Factory Camellia256CBC() {
+        return new BlockCiphers.Factory(16, 256, "camellia256-cbc", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static BlockCiphers.Factory Camellia256CBCOpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 256, "camellia256-cbc@openssh.org", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+
+
+}

src/main/java/com/hierynomus/sshj/transport/cipher/StreamCipher.java

@@ -0,0 +1,19 @@
+package com.hierynomus.sshj.transport.cipher;
+
+import net.schmizz.sshj.transport.cipher.BaseCipher;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.SecureRandom;
+
+public class StreamCipher extends BaseCipher {
+
+    public StreamCipher(int bsize, String algorithm, String transformation) {
+        super(0, bsize, algorithm, transformation);
+    }
+
+    @Override
+    protected void initCipher(javax.crypto.Cipher cipher, Mode mode, byte[] key, byte[] iv) throws InvalidKeyException, InvalidAlgorithmParameterException {
+        cipher.init(getMode(mode), getKeySpec(key), new SecureRandom());
+    }
+}

src/main/java/com/hierynomus/sshj/transport/cipher/StreamCiphers.java

@@ -0,0 +1,61 @@
+package com.hierynomus.sshj.transport.cipher;
+
+import net.schmizz.sshj.transport.cipher.Cipher;
+
+/**
+ * Implementations of the Stream Ciphers that are defined in the RFCs
+ *
+ * - https://tools.ietf.org/html/rfc4253#section-6.3
+ * - https://tools.ietf.org/html/rfc4345
+ */
+public class StreamCiphers {
+
+    public static Factory Arcfour() {
+        return new Factory(128, "arcfour", "ARCFOUR", "ECB");
+    }
+    public static Factory Arcfour128() {
+        return new Factory(128, "arcfour128", "RC4", "ECB");
+    }
+    public static Factory Arcfour256() {
+        return new Factory(256, "arcfour256", "RC4", "ECB");
+    }
+
+    /** Named factory for BlockCipher */
+    public static class Factory
+            implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+
+        private int keysize;
+        private String cipher;
+        private String mode;
+        private String name;
+
+        /**
+         * @param keysize The keysize used in bits.
+         * @param name
+         * @param cipher
+         * @param mode
+         */
+        public Factory(int keysize, String name, String cipher, String mode) {
+            this.name = name;
+            this.keysize = keysize;
+            this.cipher = cipher;
+            this.mode = mode;
+        }
+
+        @Override
+        public Cipher create() {
+            return new StreamCipher(keysize / 8, cipher, cipher + "/" + mode + "/NoPadding");
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
+    }
+
+}

src/main/java/net/schmizz/sshj/DefaultConfig.java

@@ -15,6 +15,9 @@
  */
 package net.schmizz.sshj;
 
+import com.hierynomus.sshj.signature.SignatureEdDSA;
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+import com.hierynomus.sshj.transport.cipher.StreamCiphers;
 import net.schmizz.keepalive.KeepAliveProvider;
 import net.schmizz.sshj.common.Factory;
 import net.schmizz.sshj.common.SecurityUtils;
@@ -48,6 +51,7 @@ import net.schmizz.sshj.userauth.keyprovider.PuTTYKeyFile;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.awt.image.ByteLookupTable;
 import java.util.Arrays;
 import java.util.Iterator;
 import java.util.LinkedList;
@@ -130,7 +134,29 @@ public class DefaultConfig
                 new AES192CBC.Factory(),
                 new AES256CBC.Factory(),
                 new TripleDESCBC.Factory(),
-                new BlowfishCBC.Factory()));
+                new BlowfishCBC.Factory(),
+                BlockCiphers.BlowfishCTR(),
+                BlockCiphers.Cast128CBC(),
+                BlockCiphers.Cast128CTR(),
+                BlockCiphers.IDEACBC(),
+                BlockCiphers.IDEACTR(),
+                BlockCiphers.Serpent128CBC(),
+                BlockCiphers.Serpent128CTR(),
+                BlockCiphers.Serpent192CBC(),
+                BlockCiphers.Serpent192CTR(),
+                BlockCiphers.Serpent256CBC(),
+                BlockCiphers.Serpent256CTR(),
+                BlockCiphers.TripleDESCTR(),
+                BlockCiphers.Twofish128CBC(),
+                BlockCiphers.Twofish128CTR(),
+                BlockCiphers.Twofish192CBC(),
+                BlockCiphers.Twofish192CTR(),
+                BlockCiphers.Twofish256CBC(),
+                BlockCiphers.Twofish256CTR(),
+                BlockCiphers.TwofishCBC(),
+                StreamCiphers.Arcfour(),
+                StreamCiphers.Arcfour128(),
+                StreamCiphers.Arcfour256()));
 
         boolean warn = false;
         // Ref. https://issues.apache.org/jira/browse/SSHD-24
@@ -144,6 +170,7 @@ public class DefaultConfig
                 c.init(Cipher.Mode.Encrypt, key, iv);
             } catch (Exception e) {
                 warn = true;
+                log.warn(e.getCause().getMessage());
                 i.remove();
             }
         }
@@ -151,10 +178,11 @@ public class DefaultConfig
             log.warn("Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy");
 
         setCipherFactories(avail);
+        log.debug("Available cipher factories: {}", avail);
     }
 
     protected void initSignatureFactories() {
-        setSignatureFactories(new SignatureECDSA.Factory(), new SignatureRSA.Factory(), new SignatureDSA.Factory());
+        setSignatureFactories(new SignatureECDSA.Factory(), new SignatureRSA.Factory(), new SignatureDSA.Factory(), new SignatureEdDSA.Factory());
     }
 
     protected void initMACFactories() {

src/main/java/net/schmizz/sshj/common/KeyType.java

@@ -15,6 +15,14 @@
  */
 package net.schmizz.sshj.common;
 
+import com.hierynomus.sshj.secg.SecgUtils;
+import com.hierynomus.sshj.signature.Ed25519PublicKey;
+import net.i2p.crypto.eddsa.*;
+import net.i2p.crypto.eddsa.math.GroupElement;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
+import net.i2p.crypto.eddsa.spec.EdDSAParameterSpec;
+import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.jce.spec.ECParameterSpec;
@@ -25,6 +33,7 @@ import org.slf4j.LoggerFactory;
 
 import java.math.BigInteger;
 import java.security.*;
+import java.security.KeyFactory;
 import java.security.interfaces.*;
 import java.security.spec.DSAPublicKeySpec;
 import java.security.spec.RSAPublicKeySpec;
@@ -151,35 +160,54 @@ public enum KeyType {
         @Override
         public void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf) {
             final ECPublicKey ecdsa = (ECPublicKey) pk;
-            final java.security.spec.ECPoint point = ecdsa.getW();
-            final byte[] x = trimStartingZeros(point.getAffineX().toByteArray());
-            final byte[] y = trimStartingZeros(point.getAffineY().toByteArray());
+            byte[] encoded = SecgUtils.getEncoded(ecdsa.getW(), ecdsa.getParams().getCurve());
 
             buf.putString(sType)
                 .putString(NISTP_CURVE)
-                .putUInt32(1 + x.length + y.length)
-                .putRawBytes(new byte[] { (byte) 0x04 })
-                .putRawBytes(x)
-                .putRawBytes(y)
-            ;
+                .putBytes(encoded);
         }
 
         @Override
         protected boolean isMyType(Key key) {
             return ("ECDSA".equals(key.getAlgorithm()));
         }
+    },
 
-        private byte[] trimStartingZeros(byte[] in) {
-
-            int i = 0;
-            for (; i < in.length; i++) {
-                if (in[i] != 0) {
-                    break;
+    ED25519("ssh-ed25519") {
+        private final Logger logger = LoggerFactory.getLogger(KeyType.class);
+        @Override
+        public PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf) throws GeneralSecurityException {
+            try {
+                final int keyLen = buf.readUInt32AsInt();
+                final byte[] p = new byte[keyLen];
+                buf.readRawBytes(p);
+                if (logger.isDebugEnabled()) {
+                    logger.debug(String.format("Key algo: %s, Key curve: 25519, Key Len: %s\np: %s",
+                            type,
+                            keyLen,
+                            Arrays.toString(p))
+                    );
                 }
+
+                EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("ed25519-sha-512");
+                GroupElement point = ed25519.getCurve().createPoint(p, true);
+                EdDSAPublicKeySpec publicSpec = new EdDSAPublicKeySpec(point, ed25519);
+                return new Ed25519PublicKey(publicSpec);
+
+            } catch (Buffer.BufferException be) {
+                throw new SSHRuntimeException(be);
             }
-            final byte[] out = new byte[in.length - i];
-            System.arraycopy(in, i, out, 0, out.length);
-            return out;
+        }
+
+        @Override
+        public void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf) {
+            EdDSAPublicKey key = (EdDSAPublicKey) pk;
+            buf.putString(sType).putBytes(key.getAbyte());
+        }
+
+        @Override
+        protected boolean isMyType(Key key) {
+            return "EdDSA".equals(key.getAlgorithm());
         }
     },
 

src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java

@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;
 
 /** {@code aes128-cbc} cipher */
 public class AES128CBC
-        extends BaseCipher {
+        extends BlockCipher {
 
     /** Named factory for AES128CBC Cipher */
     public static class Factory

src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java

@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;
 
 /** {@code aes128-ctr} cipher */
 public class AES128CTR
-        extends BaseCipher {
+        extends BlockCipher {
 
     /** Named factory for AES128CBC Cipher */
     public static class Factory

src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java

@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;
 
 /** {@code aes192-cbc} cipher */
 public class AES192CBC
-        extends BaseCipher {
+        extends BlockCipher {
 
     /** Named factory for AES192CBC Cipher */
     public static class Factory

src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java

@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;
 
 /** {@code aes192-ctr} cipher */
 public class AES192CTR
-        extends BaseCipher {
+        extends BlockCipher {
 
     /** Named factory for AES192CTR Cipher */
     public static class Factory

src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java

@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;
 
 /** {@code aes256-ctr} cipher */
 public class AES256CBC
-        extends BaseCipher {
+        extends BlockCipher {
 
     /** Named factory for AES256CBC Cipher */
     public static class Factory

src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java

@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;
 
 /** {@code aes256-ctr} cipher */
 public class AES256CTR
-        extends BaseCipher {
+        extends BlockCipher {
 
     /** Named factory for AES256CBC Cipher */
     public static class Factory

src/main/java/net/schmizz/sshj/transport/cipher/BaseCipher.java

@@ -22,9 +22,11 @@ import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
 
 /** Base class for all Cipher implementations delegating to the JCE provider. */
-public class BaseCipher
+public abstract class BaseCipher
         implements Cipher {
 
     private static byte[] resize(byte[] data, int size) {
@@ -66,14 +68,22 @@ public class BaseCipher
         iv = BaseCipher.resize(iv, ivsize);
         try {
             cipher = SecurityUtils.getCipher(transformation);
-            cipher.init((mode == Mode.Encrypt ? javax.crypto.Cipher.ENCRYPT_MODE : javax.crypto.Cipher.DECRYPT_MODE),
-                        new SecretKeySpec(key, algorithm), new IvParameterSpec(iv));
+            initCipher(cipher, mode, key, iv);
         } catch (GeneralSecurityException e) {
             cipher = null;
             throw new SSHRuntimeException(e);
         }
     }
 
+    protected abstract void initCipher(javax.crypto.Cipher cipher, Mode mode, byte[] key, byte[] iv) throws InvalidKeyException, InvalidAlgorithmParameterException;
+    protected SecretKeySpec getKeySpec(byte[] key) {
+        return new SecretKeySpec(key, algorithm);
+    }
+
+    protected int getMode(Mode mode) {
+        return mode == Mode.Encrypt ? javax.crypto.Cipher.ENCRYPT_MODE : javax.crypto.Cipher.DECRYPT_MODE;
+    }
+
     @Override
     public void update(byte[] input, int inputOffset, int inputLen) {
         try {

src/main/java/net/schmizz/sshj/transport/cipher/BlockCipher.java

@@ -0,0 +1,17 @@
+package net.schmizz.sshj.transport.cipher;
+
+import javax.crypto.spec.IvParameterSpec;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+
+public class BlockCipher extends BaseCipher {
+    public BlockCipher(int ivsize, int bsize, String algorithm, String transformation) {
+        super(ivsize, bsize, algorithm, transformation);
+    }
+
+    protected void initCipher(javax.crypto.Cipher cipher, Mode mode, byte[] key, byte[] iv) throws InvalidKeyException, InvalidAlgorithmParameterException {
+        cipher.init(getMode(mode),
+                getKeySpec(key), new IvParameterSpec(iv));
+    }
+
+}

src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java

@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;
 
 /** {@code blowfish-ctr} cipher */
 public class BlowfishCBC
-        extends BaseCipher {
+        extends BlockCipher {
 
     /** Named factory for BlowfishCBC Cipher */
     public static class Factory

src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java

@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;
 
 /** {@code 3des-cbc} cipher */
 public class TripleDESCBC
-        extends BaseCipher {
+        extends BlockCipher {
 
     /** Named factory for TripleDESCBC Cipher */
     public static class Factory

src/main/java/net/schmizz/sshj/transport/kex/ECDH.java

@@ -1,6 +1,5 @@
 package net.schmizz.sshj.transport.kex;
 
-import net.schmizz.sshj.common.SSHRuntimeException;
 import net.schmizz.sshj.common.SecurityUtils;
 
 import java.math.BigInteger;
@@ -10,10 +9,9 @@ import java.security.KeyPair;
 import java.security.PublicKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.spec.*;
-import java.util.Arrays;
 
-import static net.schmizz.sshj.transport.kex.SecgUtils.getDecoded;
-import static net.schmizz.sshj.transport.kex.SecgUtils.getEncoded;
+import static com.hierynomus.sshj.secg.SecgUtils.getDecoded;
+import static com.hierynomus.sshj.secg.SecgUtils.getEncoded;
 
 public class ECDH extends DHBase {
 

src/main/java/net/schmizz/sshj/userauth/keyprovider/OpenSSHKeyFile.java

@@ -92,7 +92,7 @@ public class OpenSSHKeyFile
             try {
                 final String keydata = br.readLine();
                 if (keydata != null) {
-                    String[] parts = keydata.split(" ");
+                    String[] parts = keydata.trim().split(" ");
                     assert parts.length >= 2;
                     type = KeyType.fromString(parts[0]);
                     pubKey = new Buffer.PlainBuffer(Base64.decode(parts[1])).readPublicKey();

src/test/java/com/hierynomus/sshj/IntegrationTest.java

@@ -0,0 +1,23 @@
+package com.hierynomus.sshj;
+
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+
+public class IntegrationTest {
+
+    @Test
+    public void shouldConnect() throws IOException {
+        SSHClient sshClient = new SSHClient(new DefaultConfig());
+        sshClient.addHostKeyVerifier(new OpenSSHKnownHosts(new File("/Users/ajvanerp/.ssh/known_hosts")));
+        sshClient.connect("172.16.37.129");
+        sshClient.authPassword("jeroen", "jeroen");
+        assertThat("Is connected", sshClient.isAuthenticated());
+    }
+}

src/test/java/com/hierynomus/sshj/test/BaseAlgorithmTest.java

@@ -0,0 +1,54 @@
+package com.hierynomus.sshj.test;
+
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+import org.apache.sshd.server.SshServer;
+import org.junit.After;
+import org.junit.Rule;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+
+public abstract class BaseAlgorithmTest {
+    private final Logger logger = LoggerFactory.getLogger(this.getClass());
+
+    @Rule
+    public SshFixture fixture = new SshFixture(false);
+
+    @After
+    public void stopServer() {
+        fixture.stopServer();
+    }
+
+    @Test
+    public void shouldVerifyAlgorithm() throws IOException {
+        attempt(100);
+    }
+
+    private void attempt(int times) throws IOException {
+        for (int i = 0; i < times; i++) {
+            logger.info("--> Attempt {}", i);
+            verify();
+        }
+    }
+
+    private void verify() throws IOException {
+        configureServer(fixture.getServer());
+        fixture.start();
+        Config config = getClientConfig(new DefaultConfig());
+        SSHClient sshClient = fixture.connectClient(fixture.setupClient(config));
+        assertThat("should be connected", sshClient.isConnected());
+        sshClient.disconnect();
+//        fixture.stopServer();
+        fixture.stopClient();
+    }
+
+    protected abstract Config getClientConfig(DefaultConfig defaultConfig);
+
+    protected abstract void configureServer(SshServer server);
+}

src/test/java/com/hierynomus/sshj/transport/kex/KeyExchangeTest.java

@@ -1,93 +1,61 @@
 package com.hierynomus.sshj.transport.kex;
 
-import com.hierynomus.sshj.test.KnownFailingTests;
-import com.hierynomus.sshj.test.SshFixture;
+import com.hierynomus.sshj.test.BaseAlgorithmTest;
+import net.schmizz.sshj.Config;
 import net.schmizz.sshj.DefaultConfig;
-import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.common.Factory;
-import net.schmizz.sshj.transport.kex.Curve25519SHA256;
 import net.schmizz.sshj.transport.kex.DHGexSHA1;
 import net.schmizz.sshj.transport.kex.DHGexSHA256;
 import net.schmizz.sshj.transport.kex.ECDHNistP;
-import net.schmizz.sshj.transport.verification.PromiscuousVerifier;
 import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.kex.BuiltinDHFactories;
+import org.apache.sshd.common.kex.KeyExchange;
+import org.apache.sshd.server.SshServer;
 import org.apache.sshd.server.kex.DHGEXServer;
 import org.apache.sshd.server.kex.DHGServer;
-import org.junit.After;
 import org.junit.Ignore;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 
-public class KeyExchangeTest {
-    private static final Logger logger = LoggerFactory.getLogger(KeyExchangeTest.class);
+@RunWith(Parameterized.class)
+public class KeyExchangeTest extends BaseAlgorithmTest {
 
-    @Rule
-    public SshFixture fixture = new SshFixture(false);
-
-    @After
-    public void stopServer() {
-        fixture.stopServer();
+    @Parameterized.Parameters
+    public static Collection<Object[]> getParameters() {
+        return Arrays.asList(new Object[][]{
+                {DHGEXServer.newFactory(BuiltinDHFactories.dhgex), new DHGexSHA1.Factory()},
+                {DHGEXServer.newFactory(BuiltinDHFactories.dhgex256), new DHGexSHA256.Factory()},
+                {DHGServer.newFactory(BuiltinDHFactories.ecdhp256), new ECDHNistP.Factory256()},
+                {DHGServer.newFactory(BuiltinDHFactories.ecdhp384), new ECDHNistP.Factory384()},
+                {DHGServer.newFactory(BuiltinDHFactories.ecdhp521), new ECDHNistP.Factory521()}
+                // Not supported yet by MINA {null, new Curve25519SHA256.Factory()}
+        });
     }
 
-    @Test
-    public void shouldKexWithDiffieHellmanGroupExchangeSha1() throws IOException {
-        setupAndCheckKex(DHGEXServer.newFactory(BuiltinDHFactories.dhgex), new DHGexSHA1.Factory());
+    private Factory.Named<net.schmizz.sshj.transport.kex.KeyExchange> clientFactory;
+    private NamedFactory<KeyExchange> serverFactory;
+
+    public KeyExchangeTest(NamedFactory<KeyExchange> serverFactory, Factory.Named<net.schmizz.sshj.transport.kex.KeyExchange> clientFactory) {
+        this.clientFactory = clientFactory;
+        this.serverFactory = serverFactory;
     }
 
-    @Test
-    public void shouldKexWithDiffieHellmanGroupExchangeSha256() throws IOException {
-        setupAndCheckKex(DHGEXServer.newFactory(BuiltinDHFactories.dhgex256), new DHGexSHA256.Factory());
-    }
-
-    @Test
-    public void shouldKexWithEllipticCurveDiffieHellmanNistP256() throws IOException {
-        attemptKex(100, DHGServer.newFactory(BuiltinDHFactories.ecdhp256), new ECDHNistP.Factory256());
-    }
-
-    @Test
-    public void shouldKexWithEllipticCurveDiffieHellmanNistP384() throws IOException {
-        attemptKex(100, DHGServer.newFactory(BuiltinDHFactories.ecdhp384), new ECDHNistP.Factory384());
-    }
-
-    @Test
-    public void shouldKexWithEllipticCurveDiffieHellmanNistP521() throws IOException {
-        attemptKex(100, DHGServer.newFactory(BuiltinDHFactories.ecdhp521), new ECDHNistP.Factory521());
-    }
-
-    @Test
-    @Ignore("Apache SSHD does (not yet) have Curve25519 support")
-    public void shouldKexWithCurve25519() throws IOException {
-        attemptKex(100, null, new Curve25519SHA256.Factory());
-    }
-
-
-    private void attemptKex(int times, NamedFactory<org.apache.sshd.common.kex.KeyExchange> serverFactory,
-                            Factory.Named<net.schmizz.sshj.transport.kex.KeyExchange> clientFactory) throws IOException {
-        for (int i = 0; i < times; i++) {
-            logger.info("--> Attempt {}", i);
-            setupAndCheckKex(serverFactory, clientFactory);
-        }
-    }
-
-    private void setupAndCheckKex(NamedFactory<org.apache.sshd.common.kex.KeyExchange> serverFactory,
-                                  Factory.Named<net.schmizz.sshj.transport.kex.KeyExchange> clientFactory) throws IOException {
-        fixture.getServer().setKeyExchangeFactories(Collections.singletonList(serverFactory));
-        fixture.start();
-        DefaultConfig config = new DefaultConfig();
+    @Override
+    protected Config getClientConfig(DefaultConfig config) {
         config.setKeyExchangeFactories(Collections.singletonList(clientFactory));
-        SSHClient sshClient = fixture.connectClient(fixture.setupClient(config));
-        assertThat("should be connected", sshClient.isConnected());
-        sshClient.disconnect();
-//        fixture.stopServer();
-        fixture.stopClient();
+        return config;
+    }
+
+    @Override
+    protected void configureServer(SshServer server) {
+        server.setKeyExchangeFactories(Collections.singletonList(serverFactory));
     }
 }

src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java

@@ -30,9 +30,12 @@ import java.io.File;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.security.GeneralSecurityException;
+import java.security.PublicKey;
 import java.util.Arrays;
 import java.util.Scanner;
 
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 
@@ -127,6 +130,26 @@ public class OpenSSHKeyFileTest {
         assertEquals(KeyUtil.newDSAPrivateKey(x, p, q, g), dsa.getPrivate());
     }
 
+    @Test
+    public void shouldHaveCorrectFingerprintForECDSA() throws IOException, GeneralSecurityException {
+        OpenSSHKeyFile keyFile = new OpenSSHKeyFile();
+        keyFile.init(new File("src/test/resources/keytypes/test_ecdsa_nistp256"));
+        String expected = "256 MD5:53:ae:db:ed:8f:2d:02:d4:d5:6c:24:bc:a4:66:88:79 root@itgcpkerberosstack-cbgateway-0-20151117031915 (ECDSA)\n";
+        PublicKey aPublic = keyFile.getPublic();
+        String sshjFingerprintSshjKey = net.schmizz.sshj.common.SecurityUtils.getFingerprint(aPublic);
+        assertThat(expected, containsString(sshjFingerprintSshjKey));
+    }
+
+    @Test
+    public void shouldHaveCorrectFingerprintForED25519() throws IOException {
+        OpenSSHKeyFile keyFile = new OpenSSHKeyFile();
+        keyFile.init(new File("src/test/resources/keytypes/test_ed25519"));
+        String expected = "256 MD5:d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32 root@sshj (ED25519)\n";
+        PublicKey aPublic = keyFile.getPublic();
+        String sshjFingerprintSshjKey = net.schmizz.sshj.common.SecurityUtils.getFingerprint(aPublic);
+        assertThat(expected, containsString(sshjFingerprintSshjKey));
+    }
+
     @Before
     public void setup()
             throws UnsupportedEncodingException, GeneralSecurityException {

src/test/resources/keytypes/test_ecdsa_nistp256

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJUMlsSlXqCZmCjlN4kV7hzP+p9pu0fwJ8r4m1qle58SoAoGCCqGSM49
+AwEHoUQDQgAE4RBy+jCJXeKB1E7uso+tmtqjWEJCucLi2CzGpIl1AJsAEj68et1s
+lF9Zk25KTjxoC0BEnMlWaSf+vrcQ8mCSHw==
+-----END EC PRIVATE KEY-----

src/test/resources/keytypes/test_ecdsa_nistp256.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOEQcvowiV3igdRO7rKPrZrao1hCQrnC4tgsxqSJdQCbABI+vHrdbJRfWZNuSk48aAtARJzJVmkn/r63EPJgkh8= root@itgcpkerberosstack-cbgateway-0-20151117031915

src/test/resources/keytypes/test_ed25519

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAwHSYkZJATPMgvLHkxKAJ9j38Gyyq5HGoWdMcT6FiAiQAAAJDimgR84poE
+fAAAAAtzc2gtZWQyNTUxOQAAACAwHSYkZJATPMgvLHkxKAJ9j38Gyyq5HGoWdMcT6FiAiQ
+AAAECmsckQycWnfGQK6XtQpaMGODbAkMQOdJNK6XJSipB7dDAdJiRkkBM8yC8seTEoAn2P
+fwbLKrkcahZ0xxPoWICJAAAACXJvb3RAc3NoagECAwQ=
+-----END OPENSSH PRIVATE KEY-----

src/test/resources/keytypes/test_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAdJiRkkBM8yC8seTEoAn2PfwbLKrkcahZ0xxPoWICJ root@sshj