Prepare release 0.38.0

* Fix #902.

* Add test.

.bettercodehub.yml

@@ -0,0 +1,8 @@
+exclude:
+- /build-publishing.gradle
+- /build.gradle
+- /settings.gradle
+component_depth: 1
+languages:
+- groovy
+- java

.gitattributes

@@ -0,0 +1,2 @@
+*.bat text eol=crlf
+src/itest/docker-image/** eol=lf

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+* @hierynomus
+

.github/workflows/gradle.yml

@@ -0,0 +1,44 @@
+# This workflow will build a Java project with Gradle
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
+
+name: Build SSHJ
+
+
+on:
+  push:
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  java12:
+    name: Build with Java 11
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Java 11
+      uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin'
+        java-version: 11
+    - name: Grant execute permission for gradlew
+      run: chmod +x gradlew
+    - name: Build with Gradle
+      run: ./gradlew check
+    - name: Codecov
+      uses: codecov/codecov-action@v2
+
+  integration:
+    name: Integration test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
+      - uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: 11
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+      - name: Build with Gradle
+        run: ./gradlew integrationTest
+

.github/workflows/release.yml

@@ -0,0 +1,49 @@
+name: SSHJ Release
+
+on:
+  push:
+    tags:
+      - '*'
+
+permissions:
+  contents: write
+
+jobs:
+  java12:
+    name: Build with Java 12
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up JDK 12
+        uses: actions/setup-java@v2
+        with:
+          distribution: 'zulu'
+          java-version: 12
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+      - name: Build with Gradle
+        run: ./gradlew check
+  release:
+    name: Release
+    needs: [java12]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-java@v2
+        with:
+          distribution: 'zulu'
+          java-version: 12
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+      - name: Release
+        run: ./gradlew clean publishToSonatype closeAndReleaseSonatypeStagingRepository
+        env:
+          ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNINGKEY }}
+          ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.SIGNINGKEYID }}
+          ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNINGPASSWORD }}
+          ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.OSSRH_USERNAME }}
+          ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.OSSRH_PASSWORD }}

.gitignore

@@ -0,0 +1,26 @@
+# IntelliJ IDEA
+.idea/
+*.iml
+*.ipr
+*.iws
+
+# Eclipe
+.project
+.classpath
+.settings/
+
+# Output dirs
+out/
+target/
+classes/
+bin/
+build/
+docs/
+.gradle/
+sshj.jar
+
+# MacOS X
+.DS_Store
+
+# VSCode
+.metals/

.java-version

@@ -0,0 +1 @@
+11.0

.vscode/settings.json

@@ -0,0 +1,7 @@
+{
+    "java.checkstyle.configuration": "${workspaceFolder}/gradle/config/checkstyle/checkstyle.xml",
+    "files.watcherExclude": {
+        "**/target": true
+    },
+    "java.configuration.updateBuildConfiguration": "automatic"
+}

CONTRIBUTORS

@@ -1,4 +1 @@
-Shikhar Bhushan <shikhar@schmizz.net>
-Cyril Ledru <cledru@keynectis.net>
-Incendium <incendium@gmail.com>
-Philip Langdale <philipl@cloudera.com>
+git log --format='%aN <%aE>' | awk '{arr[$0]++} END{for (i in arr){print arr[i], i;}}' | sort -rn | cut -d\  -f2-

LICENSE_HEADER

@@ -0,0 +1,13 @@
+Copyright (C)2009 - SSHJ Contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

NOTICE

@@ -1,5 +1,5 @@
 sshj - SSHv2 library for Java
-Copyright 2010-2011 sshj contributors
+Copyright 2010-2012 sshj contributors
 
 This product includes code derived from software developed at 
 The Apache Software Foundation (http://www.apache.org/):
@@ -15,7 +15,7 @@ The Apache Software Foundation (http://www.apache.org/):
    ==  in this case for the SSHD distribution.                            ==
    =========================================================================
 
-   This product contains software developped by JCraft,Inc. and subject to
+   This product contains software developed by JCraft,Inc. and subject to
    the following license:
 
 Copyright (c) 2002,2003,2004,2005,2006,2007,2008 Atsuhiko Yamanaka, JCraft,Inc.

README.adoc

@@ -0,0 +1,322 @@
+= sshj - SSHv2 library for Java
+Jeroen van Erp
+:sshj_groupid: com.hierynomus
+:sshj_version: 0.38.0
+:source-highlighter: pygments
+
+image:https://github.com/hierynomus/sshj/actions/workflows/gradle.yml/badge.svg[link="https://github.com/hierynomus/sshj/actions/workflows/gradle.yml"]
+image:https://app.codacy.com/project/badge/Grade/2c8a5a67c6a54ed89c9a699fd6b27305["Codacy Grade", link="https://app.codacy.com/gh/hierynomus/sshj"]
+image:https://codecov.io/gh/hierynomus/sshj/branch/master/graph/badge.svg["codecov", link="https://codecov.io/gh/hierynomus/sshj"]
+image:http://www.javadoc.io/badge/com.hierynomus/sshj.svg?color=blue["JavaDocs", link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
+image:https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj/badge.svg["Maven Central",link="https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj"]
+
+WARNING: SSHJ versions up to and including 0.37.0 are vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2023-48795[CVE-2023-48795 - Terrapin]. Please upgrade to 0.38.0 or higher.
+
+To get started, have a look at one of the examples. Hopefully you will find the API pleasant to work with :)
+
+== Getting SSHJ
+
+To get SSHJ, you have two options:
+
+. Add a dependency to SSHJ to your project.
+. Build SSHJ yourself.
+
+And, if you want, you can also run the SSHJ examples.
+
+Binary releases of SSHJ are not provided here, but you can download it http://search.maven.org/#artifactdetails%7C{sshj_groupid}%7Csshj%7C{sshj_version}%7Cjar[straight from the Maven Central repository] if you want to.
+
+== Depending on SSHJ
+If you're building your project using Maven, you can add the following dependency to the `pom.xml`:
+
+[source,xml,subs="verbatim,attributes"]
+----
+<dependency>
+  <groupId>{sshj_groupid}</groupId>
+  <artifactId>sshj</artifactId>
+  <version>{sshj_version}</version>
+</dependency>
+----
+
+If your project is built using another build tool that uses the Maven Central repository, translate this dependency into the format used by your build tool.
+
+== Building SSHJ
+. Clone the SSHJ repository.
+. Ensure you have Java6 installed with the http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html[Unlimited strength Java Cryptography Extensions (JCE)].
+. Run the command `./gradlew clean build`.
+
+== Running the examples
+In the `examples` directory, there is a separate Maven project that shows how the library can be used in some sample cases. If you want to run them, follow these guidelines:
+
+. Install http://maven.apache.org/[Maven 2.2.1] or up.
+. Clone the SSHJ repository.
+. Go into the `examples` directory and run the command `mvn eclipse:eclipse`.
+. Import the `examples` project into Eclipse.
+. Change the login details in the example classes (address, username and password) and run them!
+
+== Features of the library include:
+
+* reading known_hosts files for host key verification
+* publickey, password and keyboard-interactive authentication
+* command, subsystem and shell channels
+* local and remote port forwarding
+* scp + complete sftp version 0-3 implementation
+
+== Supported algorithms
+Implementations / adapters for the following algorithms are included:
+
+ciphers::
+  `aes{128,192,256}-{cbc,ctr}`, `aes{128,256}-gcm@openssh.com`, `blowfish-{cbc,ctr}`, `chacha20-poly1305@openssh.com`, `3des-{cbc,ctr}`, `twofish{128,192,256}-{cbc,ctr}`, `twofish-cbc`, `serpent{128,192,256}-{cbc,ctr}`, `idea-{cbc,ctr}`, `cast128-{cbc,ctr}`, `arcfour`, `arcfour{128,256}`
+  SSHJ also supports the following extended (non official) ciphers: `camellia{128,192,256}-{cbc,ctr}`, `camellia{128,192,256}-{cbc,ctr}@openssh.org`
+
+key exchange::
+  `diffie-hellman-group1-sha1`, `diffie-hellman-group14-sha1`,
+  `diffie-hellman-group14-sha256`, `diffie-hellman-group15-sha512`, `diffie-hellman-group16-sha512`, `diffie-hellman-group17-sha512`, `diffie-hellman-group18-sha512`
+  `diffie-hellman-group-exchange-sha1`, `diffie-hellman-group-exchange-sha256`,
+  `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`, `curve25519-sha256@libssh.org`
+
+  SSHJ also supports the following extended (non official) key exchange algorithms:
+  `diffie-hellman-group14-sha256@ssh.com`, `diffie-hellman-group15-sha256`, `diffie-hellman-group15-sha256@ssh.com`, `diffie-hellman-group15-sha384@ssh.com`,
+  `diffie-hellman-group16-sha256`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`
+
+signatures::
+  `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519`, `ssh-rsa2-256`, `ssh-rsa2-512`
+
+mac::
+  `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`, `hmac-ripemd160`, `hmac-ripemd160@openssh.com`
+  `hmac-md5-etm@openssh.com`, `hmac-md5-96-etm@openssh.com`, `hmac-sha1-etm@openssh.com`, `hmac-sha1-96-etm@openssh.com`, `hmac-sha2-256-etm@openssh.com`, `hmac-sha2-512-etm@openssh.com`, `hmac-ripemd160-etm@openssh.com`
+
+compression::
+  `zlib` and `zlib@openssh.com` (delayed zlib)
+
+private key files::
+   `pkcs5`, `pkcs8`, `openssh-key-v1`, `ssh-rsa-cert-v01@openssh.com`, `ssh-dsa-cert-v01@openssh.com`
+
+If you need something that is not included, it shouldn't be too hard to add (do contribute it!)
+
+== Comparing to other implementations
+http://ssh-comparison.quendi.de/comparison.html[SSH Implementation Comparison]
+
+== Dependencies
+
+- Java 8 or higher
+- https://www.slf4j.org/[SLF4J 2.0.0]
+- https://www.bouncycastle.org[Bouncy Castle]
+
+
+== Reporting bugs
+Issue tracker: https://github.com/hierynomus/sshj/issues
+
+== Contributing
+Fork away!
+
+== Release history
+SSHJ 0.38.0 (2024-01-02)::
+* Mitigated CVE-2023-48795 - Terrapin
+  * Merged https://github.com/hierynomus/sshj/pull/917[#917]: Implement OpenSSH strict key exchange extension
+* Merged https://github.com/hierynomus/sshj/pull/903[#903]: Fix for writing known hosts key string
+* Merged https://github.com/hierynomus/sshj/pull/913[#913]: Prevent remote port forwarding buffers to grow without bounds
+* Moved tess to JUnit5
+* Merged https://github.com/hierynomus/sshj/pull/827[#827]: Fallback to posix-rename@openssh.com extension if available
+* Merged https://github.com/hierynomus/sshj/pull/904[#904]: Add ChaCha20-Poly1305 support for OpenSSH keys
+SSHJ 0.37.0 (2023-10-11)::
+* Merged https://github.com/hierynomus/sshj/pull/899[#899]: Add support for AES-GCM OpenSSH private keys
+* Merged https://github.com/hierynomus/sshj/pull/901[#901]: Fix ZLib compression bug
+* Merged https://github.com/hierynomus/sshj/pull/898[#898]: Improved malformed file handling for OpenSSH private keys
+SSHJ 0.36.0 (2023-09-04)::
+* Rewrote Integration tests to JUnit5
+* Merged https://github.com/hierynomus/sshj/pull/851[#851]: Fix race condition in key exchange causing intermittent SSH_MSG_UNIMPLEMENTED
+* Merged https://github.com/hierynomus/sshj/pull/861[#861]: Add DefaultSecurityProviderConfig with has BouncyCastle disabled
+* Merged https://github.com/hierynomus/sshj/pull/881[#881]: Rewrote test classes to JUnit Jupiter engine
+* Merged https://github.com/hierynomus/sshj/pull/880[#880]: Removed Java 7 backport Socket utilities
+* Merged https://github.com/hierynomus/sshj/pull/879[#879]: Replaced custom Base64 with java.util.Base64
+* Merged https://github.com/hierynomus/sshj/pull/852[#852]: Removed unused bcrypt password hashing methods
+* Merged https://github.com/hierynomus/sshj/pull/874[#874]: Java 8 minimum version + dependency upgrades
+* Merged https://github.com/hierynomus/sshj/pull/876[#876]: Change `newStatefulSFTPClient` to return `StatefulSFTPClient`
+* Merged https://github.com/hierynomus/sshj/pull/860[#860]: Upgrade to Gradle 7.6.1
+* Merged https://github.com/hierynomus/sshj/pull/838[#838]: Replaced Curve25519 class with X25519 Key agreement
+* Merged https://github.com/hierynomus/sshj/pull/772[#772]: Remove dependency on jzlib
+SSHJ 0.35.0 (2023-01-30)::
+* Merged https://github.com/hierynomus/sshj/pull/835[#835]: TimeoutException message improved
+* Merged https://github.com/hierynomus/sshj/pull/815[#815]: Support authPassword on FreeBSD
+* Merged https://github.com/hierynomus/sshj/pull/813[#813]: Prevent `CHANNEL_CLOSE` between isOpen and write call.
+* Merged https://github.com/hierynomus/sshj/pull/811[#811]: Add `Transport.isKeyExchangeREquired` to prevent unnecessary KEXINIT
+SSHJ 0.34.0 (2022-08-10)::
+* Merged https://github.com/hierynomus/sshj/pull/743[#743]: Use default client credentials for AuthGssApiWithMic
+* Merged https://github.com/hierynomus/sshj/pull/801[#801]: Restore thread interrupt status after catching InterruptedException
+* Merged https://github.com/hierynomus/sshj/pull/793[#793]: Merge PKCS5 and PKCS8 classes
+* Upgraded dependencies SLF4J (1.7.36) and Logback (1.2.11)
+* Merged https://github.com/hierynomus/sshj/pull/791[#791]: Update KeepAlive examples
+* Merged https://github.com/hierynomus/sshj/pull/775[#775]: Add SFTP resume support
+SSHJ 0.33.0 (2022-04-22)::
+* Upgraded dependencies BouncyCastle (1.70)
+* Merged https://github.com/hierynomus/sshj/pull/687[#687]: Correctly close connection when remote closes connection.
+* Merged https://github.com/hierynomus/sshj/pull/741[#741]: Add support for testcontainers in test setup to test more scenarios
+* Merged https://github.com/hierynomus/sshj/pull/733[#733]: Send correct key proposal if client knows CA key
+* Merged https://github.com/hierynomus/sshj/pull/746[#746]: Fix bug in reading Putty private key file with passphrase
+* Merged https://github.com/hierynomus/sshj/pull/742[#742]: Use Config.keyAlgorithms to determine rsa-sha2 support
+* Merged https://github.com/hierynomus/sshj/pull/754[#754]: Use SFTP protocol version to set FXP rename flags conditionally
+* Merged https://github.com/hierynomus/sshj/pull/752[#752]: Correctly start and terminate KeepAlive thread
+* Merged https://github.com/hierynomus/sshj/pull/753[#753]: Provide better thread names
+* Merged https://github.com/hierynomus/sshj/pull/724[#724]: Add parameter to limit read ahead length
+* Merged https://github.com/hierynomus/sshj/pull/763[#763]: Try all public key algorithms for a specific key type
+* Merged https://github.com/hierynomus/sshj/pull/756[#756]: Remove deprecated proxy connect methods
+* Merged https://github.com/hierynomus/sshj/pull/770[#770]: Add support for `ed25519` `aes-128-cbc` keys
+* Merged https://github.com/hierynomus/sshj/pull/773[#773]: Fix NPE when reading empty OpenSSHKeyV1KeyFile
+* Merged https://github.com/hierynomus/sshj/pull/777[#777]: Don't request too many read-ahead packets
+
+SSHJ 0.32.0 (2021-10-12)::
+* Send EOF on channel close (Fixes https://github.com/hierynomus/sshj/issues/143[#143], https://github.com/hierynomus/sshj/issues/496[#496], https://github.com/hierynomus/sshj/issues/553[#553], https://github.com/hierynomus/sshj/issues/554[#554])
+* Merged https://github.com/hierynomus/sshj/pull/726[#726]: Parse OpenSSH v1 keys with full CRT information present
+* Merged https://github.com/hierynomus/sshj/pull/721[#721]: Prefer known host key algorithm for host key verification
+* Merged https://github.com/hierynomus/sshj/pull/716[#716], https://github.com/hierynomus/sshj/pull/729[#729] and https://github.com/hierynomus/sshj/pull/730[#730]: Add full support for PuTTY v3 key files.
+* Merged https://github.com/hierynomus/sshj/pull/708[#708] and https://github.com/hierynomus/sshj/pull/713[#71]: Add support for PKCS#8 private keys
+* Merged https://github.com/hierynomus/sshj/pull/703[#703]: Support host certificate keys
+* Upgraded dependencies BouncyCastle (1.69), SLF4j (1.7.32), Logback (1.2.6), asn-one (0.6.0)
+* Merged https://github.com/hierynomus/sshj/pull/702[#702]: Support Public key authentication using certificates
+* Merged https://github.com/hierynomus/sshj/pull/691[#691]: Fix for writing negative unsigned integers to Buffer
+* Merged https://github.com/hierynomus/sshj/pull/682[#682]: Support for chacha20-poly1305@openssh.com cipher
+* Merged https://github.com/hierynomus/sshj/pull/680[#680]: Configurable preserve mtimes for SCP transfers
+
+SSHJ 0.31.0 (2021-02-08)::
+* Bump dependencies (asn-one 0.5.0, BouncyCastle 1.68, slf4j-api 1.7.30)
+* Merged https://github.com/hierynomus/sshj/pull/660[#660]: Support ED25519 and ECDSA keys in PuTTY format
+* Merged https://github.com/hierynomus/sshj/pull/655[#655]: Bump BouncyCastle due to CVE
+* Merged https://github.com/hierynomus/sshj/pull/653[#653]: Make Parameters class useable as HashMap key
+* Merged https://github.com/hierynomus/sshj/pull/647[#647]: Reduce log level for identification parser
+* Merged https://github.com/hierynomus/sshj/pull/630[#630]: Add support for `aes128-gcm@openssh.com` and `aes256-gcm@openssh.com` ciphers
+* Merged https://github.com/hierynomus/sshj/pull/636[#636]: Improved Android compatibility
+* Merged https://github.com/hierynomus/sshj/pull/627[#627]: Prevent key leakage
+SSHJ 0.30.0 (2020-08-17)::
+* **BREAKING CHANGE**: Removed `setSignatureFactories` and `getSignatureFactories` from the Config and switched them for `getKeyAlgorithms` and `setKeyAlgorithms`
+* Fixed https://github.com/hierynomus/sshj/pull/588[#588]: Add support for `ssh-rsa2-256` and `ssh-rsa2-512` signatures
+* Merged https://github.com/hierynomus/sshj/pull/579[#579]: Fix NPE in OpenSSHKnownHosts
+* Merged https://github.com/hierynomus/sshj/pull/587[#587]: Add passwordfinder retry for OpenSSHKeyV1KeyFile
+* Merged https://github.com/hierynomus/sshj/pull/586[#586]: Make KeyType compatible with Android Store
+* Merged  https://github.com/hierynomus/sshj/pull/593[#593]: Change `UserAuth.getAllowedMethods()` to Collection return type
+* Merged  https://github.com/hierynomus/sshj/pull/595[#595]: Allow reading arbitrary length keys
+* Merged  https://github.com/hierynomus/sshj/pull/591[#591]: Allow to query SFTP extensions
+* Merged  https://github.com/hierynomus/sshj/pull/603[#603]: Add method to create Stateful SFTP client
+* Merged  https://github.com/hierynomus/sshj/pull/605[#605]: Use Daemon threads to avoid blocking JVM shutdown
+* Merged  https://github.com/hierynomus/sshj/pull/606[#606]: Always use the JCERandom RNG by default
+* Merged  https://github.com/hierynomus/sshj/pull/609[#609]: Clear passphrase after use to prevent security issues
+* Merged  https://github.com/hierynomus/sshj/pull/618[#618]: Fix localport of DirectConnection for use with OpenSSH > 8.0
+* Merged  https://github.com/hierynomus/sshj/pull/619[#619]: Upgraded BouncyCastle to 1.66
+* Merged  https://github.com/hierynomus/sshj/pull/622[#622]: Send 'ext-info-c' with KEX algorithms
+* Merged  https://github.com/hierynomus/sshj/pull/623[#623]: Fix transport encoding of `nistp521` signatures
+* Merged  https://github.com/hierynomus/sshj/pull/607[#607]: Fix mathing pubkeys to key algorithms
+* Merged  https://github.com/hierynomus/sshj/pull/602[#602]: Fix RSA certificate key determination
+SSHJ 0.27.0 (2019-01-24)::
+* Fixed https://github.com/hierynomus/sshj/issues/415[#415]: Fixed wrongly prefixed '/' to path in SFTPClient.mkdirs
+* Added support for ETM (Encrypt-then-Mac) MAC algorithms.
+* Fixed https://github.com/hierynomus/sshj/issues/454[#454]: Added missing capacity check for Buffer.putUint64
+* Fixed https://github.com/hierynomus/sshj/issues/466[#466]: Added lock timeout for remote action to prevent hanging
+* Fixed https://github.com/hierynomus/sshj/issues/470[#470]: Made EdDSA the default (first) signature factory
+* Fixed https://github.com/hierynomus/sshj/issues/467[#467]: Added AES256-CBC as cipher mode in openssh-key-v1 support
+* Fixed https://github.com/hierynomus/sshj/issues/464[#464]: Enabled curve25519-sha256@openssh.org in DefaultConfig
+* Fixed https://github.com/hierynomus/sshj/issues/472[#472]: Handle server initiated global requests
+* Fixed https://github.com/hierynomus/sshj/issues/485[#485]: Added support for all keytypes to openssh-key-v1 keyfiles.
+SSHJ 0.26.0 (2018-07-24)::
+* Fixed https://github.com/hierynomus/sshj/issues/413[#413]: Use UTF-8 for PrivateKeyFileResource
+* Fixed https://github.com/hierynomus/sshj/issues/427[#427]: Support encrypted ed25519 openssh-key-v1 files
+* Upgraded BouncyCastle to 1.60
+* Added support for hmac-ripemd160@openssh.com MAC
+SSHJ 0.24.0 (2018-04-04)::
+* Added support for hmac-ripemd160
+* Fixed https://github.com/hierynomus/sshj/issues/382[#382]: Fixed escaping in WildcardHostmatcher
+* Added integration testsuite using Docker against OpenSSH
+* Fixed https://github.com/hierynomus/sshj/issues/187[#187]: Fixed length bug in Buffer.putString
+* Fixed https://github.com/hierynomus/sshj/issues/405[#405]: Continue host verification if first hostkey does not match.
+SSHJ 0.23.0 (2017-10-13)::
+* Merged https://github.com/hierynomus/sshj/pull/372[#372]: Upgrade to 'net.i2p.crypto:eddsa:0.2.0'
+* Fixed https://github.com/hierynomus/sshj/issues/355[#355] and https://github.com/hierynomus/sshj/issues/354[#354]: Correctly decode signature bytes
+* Fixed https://github.com/hierynomus/sshj/issues/365[#365]: Added support for new-style OpenSSH fingerprints of server keys
+* Fixed https://github.com/hierynomus/sshj/issues/356[#356]: Fixed key type detection for ECDSA public keys
+* Made SSHJ Java9 compatible
+SSHJ 0.22.0 (2017-08-24)::
+* Fixed https://github.com/hierynomus/sshj/pull/341[#341]: Fixed path walking during recursive copy
+* Merged https://github.com/hierynomus/sshj/pull/338[#338]: Added ConsolePasswordFinder to read password from stdin
+* Merged https://github.com/hierynomus/sshj/pull/336[#336]: Added support for ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 signatures
+* Fixed https://github.com/hierynomus/sshj/issues/331[#331]: Added support for wildcards in known_hosts file
+SSHJ 0.21.1 (2017-04-25)::
+* Merged https://github.com/hierynomus/sshj/pull/322[#322]: Fix regression from 40f956b (invalid length parameter on outputstream)
+SSHJ 0.21.0 (2017-04-14)::
+* Merged https://github.com/hierynomus/sshj/pull/319[#319]: Added support for `ssh-rsa-cert-v01@openssh.com` and `ssh-dsa-cert-v01@openssh.com` certificate key files
+* Upgraded Gradle to 3.4.1
+* Merged https://github.com/hierynomus/sshj/pull/305[#305]: Added support for custom string encoding
+* Fixed https://github.com/hierynomus/sshj/issues/312[#312]: Upgraded BouncyCastle to 1.56
+SSHJ 0.20.0 (2017-02-09)::
+* Merged https://github.com/hierynomus/sshj/pull/294[#294]: Reference ED25519 by constant instead of name
+* Merged https://github.com/hierynomus/sshj/pull/293[#293], https://github.com/hierynomus/sshj/pull/295[#295] and https://github.com/hierynomus/sshj/pull/301[#301]: Fixed OSGi packaging
+* Added new Diffie Hellman groups 15-18 for stronger KeyExchange algorithms
+SSHJ 0.19.1 (2016-12-30)::
+* Enabled PKCS5 Key files in DefaultConfig
+* Merged https://github.com/hierynomus/sshj/pull/291[#291]: Fixed sshj.properties loading and chained exception messages
+* Merged https://github.com/hierynomus/sshj/pull/284[#284]: Correctly catch interrupt in keepalive thread
+* Fixed https://github.com/hierynomus/sshj/issues/292[#292]: Pass the configured RandomFactory to Diffie Hellman KEX
+* Fixed https://github.com/hierynomus/sshj/issues/256[#256]: SSHJ now builds if no git repository present
+* LocalPortForwarder now correctly interrupts its own thread on close()
+SSHJ 0.19.0 (2016-11-25)::
+* Fixed https://github.com/hierynomus/sshj/issues/276[#276]: Add support for ed-25519 and new OpenSSH key format
+* Fixed https://github.com/hierynomus/sshj/issues/280[#280]: Read version from a generated sshj.properties file to correctly output version during negotiation
+SSHJ 0.18.0 (2016-09-30)::
+* Fixed Android compatibility
+* Upgrade to Gradle 3.0
+* Merged https://github.com/hierynomus/sshj/pull/271[#271]: Load known_hosts without requiring BouncyCastle
+* Merged https://github.com/hierynomus/sshj/pull/269[#269]: Brought back Java6 support by popular demand
+* Merged https://github.com/hierynomus/sshj/pull/267[#267]: Added support for per connection logging (Fixes https://github.com/hierynomus/sshj/issues/264[#264])
+* Merged https://github.com/hierynomus/sshj/pull/262[#262], https://github.com/hierynomus/sshj/pull/265[#265] and https://github.com/hierynomus/sshj/pull/266[#266]: Added PKCS5 key file support
+* Fixed toString of sftp FileAttributes (Fixes https://github.com/hierynomus/sshj/pull/258[#258])
+* Fixed https://github.com/hierynomus/sshj/issues/255[#255]: No longer depending on 'privately marked' classes in `net.i2p.crypto.eddsa.math` package, fixes OSGI dependencies
+SSHJ 0.17.2 (2016-07-07)::
+* Treating SSH Server identification line ending in '\n' instead of '\r\n' leniently.
+SSHJ 0.17.1 (2016-07-06)::
+* Improved parsing of the SSH Server identification. Too long header lines now no longer break the protocol.
+SSHJ 0.17.0 (2016-07-05)::
+* *Introduced breaking change in SFTP copy behaviour*: Previously an SFTP copy operation would behave differently if both source and target were folders with different names.
+  In this case instead of copying the contents of the source into the target directory, the directory itself was copied as a sub directory of the target directory.
+  This behaviour has been removed in favour of the default behaviour which is to copy the contents of the source into the target. Bringing the behaviour in line with how SCP works.
+* Fixed https://github.com/hierynomus/sshj/issues/252[#252] (via: https://github.com/hierynomus/sshj/pull/253[#253]): Same name subdirs are no longer merged by accident
+SSHJ 0.16.0 (2016-04-11)::
+* Fixed https://github.com/hierynomus/sshj/issues/239[#239]: Remote port forwards did not work if you used the empty string as address, or a catch-all address.
+* Fixed https://github.com/hierynomus/sshj/issues/242[#242]: Added OSGI headers to sources jar manifest
+* Fixed https://github.com/hierynomus/sshj/issues/236[#236]: Remote Port forwarding with dynamic port allocation fails with BufferUnderflowException
+* Upgraded gradle distribution to 2.12
+* Closed https://github.com/hierynomus/sshj/issues/234[#234]: Dropped Java6 support (0.15.0 was already Java6 incompatible due to Java7 dependency)
+* Fixed https://github.com/hierynomus/sshj/issues/118[#118]: Added configuration switch for waiting on a server ident before sending the client ident.
+* Fixed https://github.com/hierynomus/sshj/issues/114[#114]: Added javadoc that you always need to call close() on a Command before inspecting the exit codes.
+* Fixed https://github.com/hierynomus/sshj/issues/237[#237]: Fixed race condition if a `hostkeys-00@openssh.com` global request is received directly after a successful auth.
+SSHJ 0.15.0 (2015-11-20)::
+* Fixed https://github.com/hierynomus/sshj/issues/220[#220]: Added support for `ssh-ed25519` host keys
+* Fixed https://github.com/hierynomus/sshj/issues/225[#225]: Fixed bug in ECDSA fingerprint calculation that sometimes produced an incorrect fingerprint
+* Added `arcfour` Stream Ciphers from RFC4253 and RFC4345
+* Added all Block Ciphers from RFC4344 and RFC4253
+SSHJ 0.14.0 (2015-11-04)::
+* Fixed https://github.com/hierynomus/sshj/issues/171[#171]: Added support for `curve25519-sha256@libssh.org` key exchange algorithm
+* Added support for `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384` and  `ecdh-sha2-nistp521` key exchange algorithms
+* Fixed https://github.com/hierynomus/sshj/issues/167[#167]: Added support for `diffie-hellman-group-exchange-sha1` and `diffie-hellman-group-exchange-sha256` key exchange methods
+* Fixed https://github.com/hierynomus/sshj/issues/212[#212]: Configure path escaping to enable shell expansion to work correctly
+* Merged https://github.com/hierynomus/sshj/issues/210[#210]: RemoteFileInputStream.skip returns wrong value (Fixes https://github.com/hierynomus/sshj/issues/209[#209])
+* Merged https://github.com/hierynomus/sshj/issues/208[#208]: Added SCP bandwidth limitation support
+* Merged https://github.com/hierynomus/sshj/issues/211[#211]: Made keyfile format detection more robust
+SSHJ 0.13.0 (2015-08-18)::
+* Merged https://github.com/hierynomus/sshj/issues/199[#199]: Fix for IndexOutOfBoundsException in ReadAheadRemoteFileInputStream, fixes https://github.com/hierynomus/sshj/issues/183[#183]
+* Merged https://github.com/hierynomus/sshj/issues/195[#195]: New authentication supported: `gssapi-with-mic`
+* Merged https://github.com/hierynomus/sshj/issues/201[#201]: New option to verify negotiated key exchange algorithms
+* Merged https://github.com/hierynomus/sshj/issues/196[#196]: Fix for looking up complete hostname in known hosts file
+SSHJ 0.12.0 (2015-04-14)::
+* Added support for HTTP proxies when running JDK6 or JDK7, fixes: https://github.com/hierynomus/sshj/issues/170[#170]
+* Merged https://github.com/hierynomus/sshj/issues/186[#186]: Fix for detecting end-of-stream
+* Compiling to JDK6, fixes https://github.com/hierynomus/sshj/issues/179[#179] and https://github.com/hierynomus/sshj/issues/185[#185]
+* Correctly close socket and channel when LocalPortForwarder fails to open and start the channel (Fixes https://github.com/hierynomus/sshj/issues/175[#175] and https://github.com/hierynomus/sshj/issues/176[#176])
+* Merged https://github.com/hierynomus/sshj/issues/181[#181]: Invalid write packet length when reading with offset (Fixes https://github.com/hierynomus/sshj/issues/180[#180])
+SSHJ 0.11.0 (2015-01-23)::
+* New maven coordinates `com.hierynomus:sshj:0.11.0` as https://github.com/hierynomus[@hierynomus] took over as maintainer of SSHJ
+* Migrated build system to Gradle 2.2.1
+* Merged https://github.com/hierynomus/sshj/issues/150[#150]: Fix for incorrect file handle on some SSH servers, fixes: https://github.com/hierynomus/sshj/issues/54[#54], https://github.com/hierynomus/sshj/issues/119[#119], https://github.com/hierynomus/sshj/issues/168[#168], https://github.com/hierynomus/sshj/issues/169[#169]
+* Made `jzlib` optional in OSGi bundling, fixes: https://github.com/hierynomus/sshj/issues/162[#162]
+* Improved some log levels, fixes: https://github.com/hierynomus/sshj/issues/161[#161]
+* Merged https://github.com/hierynomus/sshj/issues/156[#156], https://github.com/hierynomus/sshj/issues/164[#164], https://github.com/hierynomus/sshj/issues/165[#165]: Fixed block sizes for `hmac-sha2-256` and `hmac-sha2-512`
+* Merged https://github.com/hierynomus/sshj/issues/141[#141]: Add proxy support
+* Merged https://github.com/hierynomus/sshj/issues/157[#157], https://github.com/hierynomus/sshj/issues/163[#163]: Doc and build fixes
+* Upgraded BouncyCastle to 1.51, fixes: https://github.com/hierynomus/sshj/issues/142[#142]
+* Implemented keep-alive with connection drop detection, fixes https://github.com/hierynomus/sshj/issues/166[#166]

README.rst

@@ -1,53 +0,0 @@
-sshj - SSHv2 library for Java
-==============================
-
-To get started, have a look at one of the examples. Hopefully you will find the API pleasant to work with :)
-
-Features of the library include:
-
-* reading known_hosts files for host key verification
-* publickey, password and keyboard-interactive authentication
-* command, subsystem and shell channels
-* local and remote port forwarding
-* scp + complete sftp version 0-3 implementation
-
-Implementations / adapters for the following algorithms are included:
-
-ciphers
-  ``aes{128,192,256}-{cbc,ctr}``, ``blowfish-cbc``, ``3des-cbc``
-
-key exchange
-  ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``
-
-signatures
-  ``ssh-rsa``, ``ssh-dss``
-
-mac
-  ``hmac-md5``, ``hmac-md5-96``, ``hmac-sha1``, ``hmac-sha1-96``
-
-compression
-  ``zlib`` and ``zlib@openssh.com`` (delayed zlib)
-
-private key files
-   ``pkcs8`` encoded (what openssh uses)
-
-If you need something that is not included, it shouldn't be too hard to add (do contribute it!)
-
-
-Dependencies
--------------
-
-Java 6+. slf4j_ is required. bouncycastle_ is highly recommended and required for using some of the crypto algorithms. jzlib_ is required for using zlib compression.
-
-
-Contributing
-------------
-
-Fork away!
-
-
-.. _slf4j: http://www.slf4j.org/download.html
-
-.. _bouncycastle: http://www.bouncycastle.org/java.html
-
-.. _jzlib: http://www.jcraft.com/jzlib/

build-publishing.gradle

@@ -0,0 +1,176 @@
+apply plugin: "java"
+apply plugin: "maven-publish"
+apply plugin: "signing"
+
+group = "nl.javadude"
+version = "0.10.1-SNAPSHOT"
+
+repositories {
+  mavenCentral()
+  mavenLocal()
+}
+
+configurations {
+  compile {
+    transitive = false
+  }
+  pom
+}
+
+def bouncycastleVersion = "1.67"
+
+dependencies {
+  compile "org.slf4j:slf4j-api:1.7.7"
+  compile "org.bouncycastle:bcprov-jdk15on:$bouncycastleVersion"
+  compile "org.bouncycastle:bcpkix-jdk15on:$bouncycastleVersion"
+
+  testCompile "junit:junit:4.11"
+  testCompile "org.mockito:mockito-core:1.9.5"
+  testCompile "org.apache.sshd:sshd-core:0.11.0"
+  testRuntime "ch.qos.logback:logback-classic:1.1.2"
+}
+
+task javadocJar(type: Jar) {
+  classifier = 'javadoc'
+  from javadoc
+}
+
+task sourcesJar(type: Jar) {
+  classifier = 'sources'
+  from sourceSets.main.allSource
+}
+
+task generatePom(type: GenerateMavenPom) {
+  destination = file("$buildDir/generated-pom.xml")
+}
+
+artifacts {
+  archives javadocJar, sourcesJar
+  pom generatePom.destination
+}
+
+signing {
+  sign configurations.archives
+}
+
+task signPom(type: Sign) {
+  sign configurations.pom
+}
+
+def getSignatureFiles = {
+  def allFiles = project.tasks.signArchives.signatureFiles.collect { it }
+  def signedSources = allFiles.find { it.name.contains('-sources') }
+  def signedJavadoc = allFiles.find { it.name.contains('-javadoc') }
+  def signedJar = (allFiles - [signedSources, signedJavadoc])[0]
+  return [
+    [archive: signedSources, classifier: 'sources', extension: 'jar.asc'],
+    [archive: signedJavadoc, classifier: 'javadoc', extension: 'jar.asc'],
+    [archive: signedJar,     classifier: null,      extension: 'jar.asc']
+  ]
+}
+
+def getPomSignature = {
+    return project.tasks.signPom.signatureFiles.collect{it}[0]
+}
+
+
+publishing {
+  publications {
+    gpgJars(MavenPublication) {
+      getSignatureFiles().each {signature ->
+        artifact (signature.archive) {
+          classifier = signature.classifier
+          extension  = signature.extension
+        }
+      }
+    }
+    gpgPom(MavenPublication) {
+      artifact(getPomSignature()) {
+        classifier = null
+        extension = "pom.asc"
+      }
+    }
+    maven(MavenPublication) {
+      from components.java
+      artifact (javadocJar) {
+        classifier = 'javadoc'
+      }
+
+      artifact (sourcesJar) {
+        classifier = 'sources'
+      }
+
+      pom.withXml {
+        asNode().children().last() + {
+          resolveStrategy = Closure.DELEGATE_FIRST
+          name "sshj"
+          description "SSHv2 library for Java"
+          url "https://github.com/hierynomus/sshj"
+          inceptionYear "2009"
+
+          issueManagement {
+            system "github"
+            url "https://github.com/hierynomus/sshj/issues"
+          }
+
+          scm {
+            connection "scm:git:git://github.com/hierynomus/sshj.git"
+            developerConnection "scm:git:git@github.com:hierynomus/sshj.git"
+            url "https://github.com/hierynomus/sshj.git"
+          }
+
+          licenses {
+            license {
+              name "Apache 2"
+              url "http://www.apache.org/licenses/LICENSE-2.0.txt"
+              distribution "repo"
+            }
+          }
+
+          developers {
+            developer {
+              id "hierynomus"
+              name "Jeroen van Erp"
+              email "jeroen@javadude.nl"
+              roles {
+                role "Lead developer"
+              }
+            }
+            developer {
+              id "shikhar"
+              name "Shikhar Bhushan"
+              email "shikhar@schmizz.net"
+              url "http://schmizz.net"
+              roles {
+                role "Previous lead developer"
+              }
+            }
+            developer {
+              id "iterate"
+              name "David Kocher"
+              email "dkocher@iterate.ch"
+              organization "iterage GmbH"
+              organizationUrl "https://iterate.ch"
+              roles {
+                role "Developer"
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+  repositories {
+    maven {
+      url "file:/${project.projectDir}/artifacts"
+    }
+  }
+}
+
+project.afterEvaluate { p ->
+  p.tasks.publishGpgPomPublicationToMavenRepository.dependsOn("generatePom", "signPom")
+}
+
+generatePom.configure {
+  pom = publishing.publications.getByName("maven").pom
+}

build.gradle

@@ -0,0 +1,298 @@
+plugins {
+  id "java"
+  id "jvm-test-suite"
+  id "groovy"
+  id "jacoco"
+  id "com.github.blindpirate.osgi" version '0.0.6'
+  id "maven-publish"
+  id "signing"
+  id 'pl.allegro.tech.build.axion-release' version '1.15.3'
+  id "com.github.hierynomus.license" version "0.16.1"
+  id "com.bmuschko.docker-remote-api" version "9.2.1"
+  id 'ru.vyarus.github-info' version '1.5.0'
+  id "io.github.gradle-nexus.publish-plugin" version "1.3.0"
+}
+
+group = "com.hierynomus"
+ext.moduleName = "${project.group}.${project.name}"
+
+defaultTasks "build"
+
+repositories {
+  mavenCentral()
+}
+
+scmVersion {
+  tag {
+    prefix = 'v'
+    versionSeparator = ''
+  }
+  hooks {
+    pre 'fileUpdate', [file: 'README.adoc', pattern: { v, c -> /:sshj_version: .*/}, replacement: { v, c -> ":sshj_version: $v" }]
+    pre 'commit'
+  }
+}
+
+project.version = scmVersion.version
+
+compileJava {
+  options.release = 8
+}
+
+configurations.implementation.transitive = false
+
+def bouncycastleVersion = "1.75"
+def sshdVersion = "2.10.0"
+
+dependencies {
+  implementation "org.slf4j:slf4j-api:2.0.7"
+  implementation "org.bouncycastle:bcprov-jdk18on:$bouncycastleVersion"
+  implementation "org.bouncycastle:bcpkix-jdk18on:$bouncycastleVersion"
+  implementation "com.hierynomus:asn-one:0.6.0"
+  implementation "net.i2p.crypto:eddsa:0.3.0"
+}
+
+license {
+  header rootProject.file('LICENSE_HEADER')
+  strictCheck true
+  mapping {
+    java = 'SLASHSTAR_STYLE'
+  }
+  excludes([
+    '**/sshj/common/Base64.java',
+    '**/com/hierynomus/sshj/userauth/keyprovider/bcrypt/*.java',
+    '**/files/test_file_*.txt',
+  ])
+}
+
+java {
+	withJavadocJar()
+	withSourcesJar()
+}
+
+if (!JavaVersion.current().isJava9Compatible()) {
+  throw new GradleScriptException("Minimum compilation version is Java 9")
+}
+
+// This disables the pedantic doclint feature of JDK8
+if (JavaVersion.current().isJava8Compatible()) {
+  tasks.withType(Javadoc) {
+    options.addStringOption('Xdoclint:none', '-quiet')
+  }
+}
+
+testing {
+  suites {
+    configureEach {
+      useJUnitJupiter()
+      dependencies {
+        implementation "org.slf4j:slf4j-api:2.0.7"
+        implementation 'org.spockframework:spock-core:2.3-groovy-3.0'
+        implementation "org.mockito:mockito-core:4.11.0"
+        implementation "org.assertj:assertj-core:3.24.2"
+        implementation "ru.vyarus:spock-junit5:1.2.0"
+        implementation "org.apache.sshd:sshd-core:$sshdVersion"
+        implementation "org.apache.sshd:sshd-sftp:$sshdVersion"
+        implementation "org.apache.sshd:sshd-scp:$sshdVersion"
+        implementation "ch.qos.logback:logback-classic:1.3.8"
+        implementation 'org.glassfish.grizzly:grizzly-http-server:3.0.1'
+      }
+
+      targets {
+        all {
+          testTask.configure {
+            testLogging {
+              showStandardStreams = false
+              exceptionFormat = 'full'
+            }
+            include "**/*Test.*"
+            include "**/*Spec.*"
+            afterSuite { descriptor, result ->
+              def indicator = "\u001B[32m✓\u001b[0m"
+              if (result.failedTestCount > 0) {
+                indicator = "\u001B[31m✘\u001b[0m"
+              }
+              logger.lifecycle("$indicator Test ${descriptor.name}; Executed: ${result.testCount}/\u001B[32m${result.successfulTestCount}\u001B[0m/\u001B[31m${result.failedTestCount}\u001B[0m")
+            }
+          }
+        }
+      }
+    }
+
+    test {
+      sources {
+        groovy {
+          srcDirs = ['src/test/groovy']
+        }
+      }
+    }
+
+    integrationTest(JvmTestSuite) {
+      dependencies {
+        implementation project()
+        implementation 'org.testcontainers:testcontainers:1.18.3'
+        implementation 'org.testcontainers:junit-jupiter:1.18.3'
+      }
+
+      sources {
+        java {
+          srcDirs = ['src/itest/java']
+        }
+
+        resources {
+          srcDirs = ['src/itest/resources']
+        }
+      }
+
+      targets {
+        all {
+          testTask.configure {
+            shouldRunAfter(test)
+          }
+        }
+      }
+    }
+  }
+}
+
+project.tasks.compileGroovy.onlyIf { false }
+
+task writeSshjVersionProperties {
+  doLast {
+    project.file("${project.buildDir}/resources/main").mkdirs()
+    project.file("${project.buildDir}/resources/main/sshj.properties").withWriter { w ->
+      w.append("sshj.version=${version}")
+    }
+  }
+}
+
+jar.dependsOn writeSshjVersionProperties
+jar {
+  inputs.property("moduleName", moduleName)
+  manifest {
+    attributes 'Automatic-Module-Name': moduleName
+
+    // please see http://bnd.bndtools.org/chapters/390-wrapping.html
+    instruction "Bundle-Description", "SSHv2 library for Java"
+    instruction "Bundle-License", "http://www.apache.org/licenses/LICENSE-2.0.txt"
+    instruction "Import-Package", "!net.schmizz.*"
+    instruction "Import-Package", "!com.hierynomus.sshj.*"
+    instruction "Import-Package", "javax.crypto*"
+    instruction "Import-Package", "!net.i2p.crypto.eddsa.math"
+    instruction "Import-Package", "net.i2p*"
+    instruction "Import-Package", "com.jcraft.jzlib*;version=\"[1.1,2)\";resolution:=optional"
+    instruction "Import-Package", "org.slf4j*;version=\"[1.7,5)\""
+    instruction "Import-Package", "org.bouncycastle*;resolution:=optional"
+    instruction "Import-Package", "org.bouncycastle.jce.provider;resolution:=optional"
+    instruction "Import-Package", "*"
+    instruction "Export-Package", "com.hierynomus.sshj.*;version=\"${project.jar.manifest.version}\""
+    instruction "Export-Package", "net.schmizz.*;version=\"${project.jar.manifest.version}\""
+  }
+}
+
+sourcesJar {
+  manifest {
+    attributes(
+      // Add the needed OSGI attributes
+      "Bundle-ManifestVersion": "2",
+      "Bundle-Name": "${project.jar.manifest.name} Source",
+      "Bundle-Version": project.jar.manifest.version,
+      "Eclipse-SourceBundle": "${project.jar.manifest.symbolicName};version=\"${project.jar.manifest.version}\";roots:=\".\"",
+      "Bundle-SymbolicName": "${project.jar.manifest.symbolicName}.source"
+    )
+  }
+}
+
+github {
+  user 'hierynomus'
+  license 'Apache'
+}
+
+publishing {
+	publications {
+		maven(MavenPublication) {
+			from(components.java)
+		}
+	}
+}
+
+project.signing {
+  required { project.gradle.taskGraph.hasTask("release") }
+	sign publishing.publications.maven
+
+  if (project.hasProperty("signingKeyId") || project.hasProperty("signingKey")) {
+		def signingKeyId = project.findProperty("signingKeyId")
+		def signingKey = project.findProperty("signingKey")
+		def signingPassword = project.findProperty("signingPassword")
+		if (signingKeyId) {
+			useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword)
+		} else if (signingKey) {
+			useInMemoryPgpKeys(signingKey, signingPassword)
+		}
+	}
+}
+
+project.plugins.withType(MavenPublishPlugin).all {
+	PublishingExtension publishing = project.extensions.getByType(PublishingExtension)
+	publishing.publications.withType(MavenPublication).all { mavenPublication ->
+		mavenPublication.pom {
+			name = "${project.name}"
+      description = 'SSHv2 library for Java'
+      inceptionYear = '2009'
+      url = "https://github.com/hierynomus/${project.name}"
+			licenses {
+				license {
+					name = "The Apache License, Version 2.0"
+					url = "https://www.apache.org/licenses/LICENSE-2.0"
+				}
+			}
+			developers {
+				developer {
+					id = "hierynomus"
+					name = "Jeroen van Erp"
+					email = "jeroen@hierynomus.com"
+				}
+				developer {
+					id = "shikhar"
+					name = "Shikhar Bhushan"
+					email = "shikhar@schmizz.net"
+          url = "http://schmizz.net"
+          roles = ["Previous Lead developer"]
+				}
+        developer {
+          id = "iterate"
+          name = "David Kocher"
+          email = "dkocher@iterate.ch"
+          organization = "iterate GmbH"
+          organizationUrl = "https://iterate.ch"
+          roles = ["Developer"]
+        }
+			}
+      scm {
+        url = "https://github.com/hierynomus/${project.name}"
+        connection = "scm:git@github.com:hierynomus/${project.name}.git"
+        developerConnection = "scm:git@github.com:hierynomus/${project.name}.git"
+      }
+		}
+	}
+}
+
+nexusPublishing {
+	repositories {
+		sonatype()    //sonatypeUsername and sonatypePassword properties are used automatically
+	}
+
+	connectTimeout = Duration.ofMinutes(3)
+	clientTimeout = Duration.ofMinutes(3)
+}
+
+jacocoTestReport {
+    reports {
+        xml.required = true
+        html.required = true
+    }
+}
+
+project.tasks.release.dependsOn([project.tasks.integrationTest, project.tasks.build])
+project.tasks.jacocoTestReport.dependsOn(project.tasks.test)
+project.tasks.check.dependsOn(project.tasks.jacocoTestReport)

examples/pom.xml

@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright 2009 sshj contributors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.hierynomus</groupId>
+    <artifactId>sshj-examples</artifactId>
+    <packaging>jar</packaging>
+    <version>0.37.0</version>
+
+    <name>sshj-examples</name>
+    <description>Examples for SSHv2 library for Java</description>
+    <url>http://github.com/hierynomus/sshj</url>
+
+    <inceptionYear>2015</inceptionYear>
+
+    <issueManagement>
+        <system>github</system>
+        <url>http://github.com/hierynomus/sshj/issues</url>
+    </issueManagement>
+
+    <scm>
+        <connection>scm:git:git://github.com/hierynomus/sshj.git</connection>
+        <developerConnection>scm:git:git@github.com:hierynomus/sshj.git</developerConnection>
+        <url>http://github.com/hierynomus/sshj</url>
+    </scm>
+
+    <licenses>
+        <license>
+            <name>Apache 2</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+            <distribution>repo</distribution>
+        </license>
+    </licenses>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.hierynomus</groupId>
+            <artifactId>sshj</artifactId>
+            <version>0.33.0</version>
+        </dependency>
+    </dependencies>
+
+
+    <developers>
+        <developer>
+            <id>hierynomus</id>
+            <name>Jeroen van Erp</name>
+            <email>jeroen@hierynomus.com</email>
+        </developer>
+        <developer>
+            <id>shikhar</id>
+            <name>Shikhar Bhushan</name>
+            <email>shikhar@schmizz.net</email>
+            <url>http://schmizz.net</url>
+        </developer>
+        <developer>
+            <id>iterate</id>
+            <name>David Kocher</name>
+            <email>dkocher@iterate.ch</email>
+            <organization>iterate GmbH</organization>
+            <organizationUrl>https://iterate.ch</organizationUrl>
+        </developer>
+    </developers>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.1</version>
+                <configuration>
+                    <source>1.6</source>
+                    <target>1.6</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

examples/src/main/java/net/schmizz/sshj/examples/Exec.java

@@ -0,0 +1,42 @@
+package net.schmizz.sshj.examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.connection.channel.direct.Session;
+import net.schmizz.sshj.connection.channel.direct.Session.Command;
+
+import java.io.Console;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+
+/** This examples demonstrates how a remote command can be executed. */
+public class Exec {
+    private static final Console con = System.console();
+
+    public static void main(String... args)
+            throws IOException {
+        final SSHClient ssh = new SSHClient();
+        ssh.loadKnownHosts();
+        ssh.connect("localhost");
+        Session session = null;
+        try {
+            ssh.authPublickey(System.getProperty("user.name"));
+            session = ssh.startSession();
+            final Command cmd = session.exec("ping -c 1 google.com");
+            con.writer().print(IOUtils.readFully(cmd.getInputStream()).toString());
+            cmd.join(5, TimeUnit.SECONDS);
+            con.writer().print("\n** exit status: " + cmd.getExitStatus());
+        } finally {
+            try {
+                if (session != null) {
+                    session.close();
+                }
+            } catch (IOException e) {
+                // Do Nothing   
+            }
+            
+            ssh.disconnect();
+        }
+    }
+
+}

examples/src/main/java/net/schmizz/sshj/examples/InMemoryKnownHosts.java

@@ -0,0 +1,31 @@
+package net.schmizz.sshj.examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.transport.verification.HostKeyVerifier;
+import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
+import net.schmizz.sshj.xfer.FileSystemFile;
+
+import java.io.*;
+import java.nio.charset.Charset;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.List;
+
+/** This examples demonstrates how to configure {@link net.schmizz.sshj.SSHClient} client with an in-memory known_hosts file */
+public class InMemoryKnownHosts {
+
+    public static void main(String[] args) throws IOException {
+        InputStream entry = new ByteArrayInputStream("localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmhSBtMctNa4hsZt8QGlsYSE5/gMkjeand69Vj4ir13".getBytes(Charset.defaultCharset()));
+        SSHClient ssh = new SSHClient();
+        ssh.addHostKeyVerifier(new OpenSSHKnownHosts(new InputStreamReader(entry, Charset.defaultCharset())));
+        ssh.connect("localhost");
+        try {
+            ssh.authPublickey(System.getProperty("user.name"));
+            ssh.newSCPFileTransfer().download("test_file", new FileSystemFile("/tmp/"));
+        } finally {
+            ssh.disconnect();
+        }
+    }
+
+}

examples/src/main/java/net/schmizz/sshj/examples/Jump.java

@@ -0,0 +1,50 @@
+package net.schmizz.sshj.examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.connection.channel.direct.DirectConnection;
+import net.schmizz.sshj.connection.channel.direct.Session;
+
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * This example demonstrates connecting via an intermediate "jump" server using a direct TCP/IP channel.
+ */
+public class Jump {
+    public static void main(String... args)
+            throws IOException {
+        SSHClient firstHop = new SSHClient();
+
+        firstHop.loadKnownHosts();
+
+        firstHop.connect("localhost");
+        try {
+
+            firstHop.authPublickey(System.getProperty("user.name"));
+
+            DirectConnection tunnel = firstHop.newDirectConnection("localhost", 22);
+
+            SSHClient ssh = new SSHClient();
+            try {
+                ssh.loadKnownHosts();
+                ssh.connectVia(tunnel);
+                ssh.authPublickey(System.getProperty("user.name"));
+
+                final Session session = ssh.startSession();
+                try {
+                    final Session.Command cmd = session.exec("ping -c 1 google.com");
+                    System.out.println(IOUtils.readFully(cmd.getInputStream()).toString());
+                    cmd.join(5, TimeUnit.SECONDS);
+                    System.out.println("\n** exit status: " + cmd.getExitStatus());
+                } finally {
+                    session.close();
+                }
+            } finally {
+                ssh.disconnect();
+            }
+        } finally {
+            firstHop.disconnect();
+        }
+    }
+}

examples/src/main/java/net/schmizz/sshj/examples/KeepAlive.java

@@ -0,0 +1,38 @@
+package net.schmizz.sshj.examples;
+
+import net.schmizz.keepalive.KeepAliveProvider;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.connection.channel.direct.Session;
+import net.schmizz.sshj.transport.verification.PromiscuousVerifier;
+
+import java.io.IOException;
+import java.util.concurrent.CountDownLatch;
+
+/** This examples demonstrates how to setup keep-alive to detect connection dropping. */
+public class KeepAlive {
+
+    public static void main(String... args)
+            throws IOException, InterruptedException {
+        DefaultConfig defaultConfig = new DefaultConfig();
+        defaultConfig.setKeepAliveProvider(KeepAliveProvider.KEEP_ALIVE);
+        final SSHClient ssh = new SSHClient(defaultConfig);
+        try {
+            ssh.addHostKeyVerifier(new PromiscuousVerifier());
+            // Set interval to enable keep-alive before connecting
+            ssh.getConnection().getKeepAlive().setKeepAliveInterval(5);
+            ssh.connect(args[0]);
+            ssh.authPassword(args[1], args[2]);
+            Session session = ssh.startSession();
+            session.allocateDefaultPTY();
+            new CountDownLatch(1).await();
+            try {
+                session.allocateDefaultPTY();
+            } finally {
+                session.close();
+            }
+        } finally {
+            ssh.disconnect();
+        }
+    }
+}

examples/src/main/java/net/schmizz/sshj/examples/LocalPF.java

@@ -1,24 +1,12 @@
-/*
- * Copyright 2010, 2011 sshj contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.connection.channel.direct.LocalPortForwarder;
+import net.schmizz.sshj.connection.channel.direct.Parameters;
 
 import java.io.IOException;
 import java.net.InetSocketAddress;
+import java.net.ServerSocket;
 
 /**
  * This example demonstrates local port forwarding, i.e. when we listen on a particular address and port; and forward
@@ -41,8 +29,16 @@ public class LocalPF {
             * _We_ listen on localhost:8080 and forward all connections on to server, which then forwards it to
             * google.com:80
             */
-            ssh.newLocalPortForwarder(new InetSocketAddress("localhost", 8080), "google.com", 80)
-                    .listen();
+            final Parameters params
+                    = new Parameters("0.0.0.0", 8080, "google.com", 80);
+            final ServerSocket ss = new ServerSocket();
+            ss.setReuseAddress(true);
+            ss.bind(new InetSocketAddress(params.getLocalHost(), params.getLocalPort()));
+            try {
+                ssh.newLocalPortForwarder(params, ss).listen();
+            } finally {
+                ss.close();
+            }
 
         } finally {
             ssh.disconnect();

examples/src/main/java/net/schmizz/sshj/examples/RemotePF.java

@@ -1,19 +1,4 @@
-/*
- * Copyright 2010, 2011 sshj contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.connection.channel.forwarded.RemotePortForwarder.Forward;
@@ -34,6 +19,7 @@ public class RemotePF {
         client.loadKnownHosts();
 
         client.connect("localhost");
+        client.getConnection().getKeepAlive().setKeepAliveInterval(5);
         try {
 
             client.authPublickey(System.getProperty("user.name"));
@@ -48,8 +34,6 @@ public class RemotePF {
                     // what we do with incoming connections that are forwarded to us
                     new SocketForwardingConnectListener(new InetSocketAddress("google.com", 80)));
 
-            client.getTransport().setHeartbeatInterval(30);
-
             // Something to hang on to so that the forwarding stays
             client.getTransport().join();
 

examples/src/main/java/net/schmizz/sshj/examples/RudimentaryPTY.java

@@ -1,19 +1,4 @@
-/*
- * Copyright 2010, 2011 sshj contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.common.StreamCopier;
@@ -24,6 +9,7 @@ import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
 
 import java.io.File;
 import java.io.IOException;
+import net.schmizz.sshj.common.LoggerFactory;
 
 /** A very rudimentary psuedo-terminal based on console I/O. */
 class RudimentaryPTY {
@@ -48,18 +34,18 @@ class RudimentaryPTY {
 
                 final Shell shell = session.startShell();
 
-                new StreamCopier(shell.getInputStream(), System.out)
+                new StreamCopier(shell.getInputStream(), System.out, LoggerFactory.DEFAULT)
                         .bufSize(shell.getLocalMaxPacketSize())
                         .spawn("stdout");
 
-                new StreamCopier(shell.getErrorStream(), System.err)
+                new StreamCopier(shell.getErrorStream(), System.err, LoggerFactory.DEFAULT)
                         .bufSize(shell.getLocalMaxPacketSize())
                         .spawn("stderr");
 
                 // Now make System.in act as stdin. To exit, hit Ctrl+D (since that results in an EOF on System.in)
                 // This is kinda messy because java only allows console input after you hit return
                 // But this is just an example... a GUI app could implement a proper PTY
-                new StreamCopier(System.in, shell.getOutputStream())
+                new StreamCopier(System.in, shell.getOutputStream(), LoggerFactory.DEFAULT)
                         .bufSize(shell.getRemoteMaxPacketSize())
                         .copy();
 

examples/src/main/java/net/schmizz/sshj/examples/SCPDownload.java

@@ -1,19 +1,4 @@
-/*
- * Copyright 2010, 2011 sshj contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.xfer.FileSystemFile;
@@ -37,4 +22,4 @@ public class SCPDownload {
         }
     }
 
-}
+}

examples/src/main/java/net/schmizz/sshj/examples/SCPUpload.java

@@ -1,19 +1,4 @@
-/*
- * Copyright 2010, 2011 sshj contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.xfer.FileSystemFile;
@@ -42,4 +27,4 @@ public class SCPUpload {
             ssh.disconnect();
         }
     }
-}
+}

examples/src/main/java/net/schmizz/sshj/examples/SFTPDownload.java

@@ -1,19 +1,4 @@
-/*
- * Copyright 2010, 2011 sshj contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.sftp.SFTPClient;
@@ -42,4 +27,4 @@ public class SFTPDownload {
         }
     }
 
-}
+}

examples/src/main/java/net/schmizz/sshj/examples/SFTPUpload.java

@@ -1,19 +1,4 @@
-/*
- * Copyright 2010, 2011 sshj contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.sftp.SFTPClient;
@@ -44,4 +29,4 @@ public class SFTPUpload {
         }
     }
 
-}
+}

examples/src/main/java/net/schmizz/sshj/examples/X11.java

@@ -1,25 +1,11 @@
-/*
- * Copyright 2010, 2011 sshj contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.common.StreamCopier;
 import net.schmizz.sshj.connection.channel.direct.Session;
 import net.schmizz.sshj.connection.channel.direct.Session.Command;
 import net.schmizz.sshj.connection.channel.forwarded.SocketForwardingConnectListener;
+import net.schmizz.sshj.common.LoggerFactory;
 
 import java.io.IOException;
 import java.net.InetSocketAddress;
@@ -57,8 +43,8 @@ public class X11 {
 
             final Command cmd = sess.exec("/usr/X11/bin/xcalc");
 
-            new StreamCopier(cmd.getInputStream(), System.out).spawn("stdout");
-            new StreamCopier(cmd.getErrorStream(), System.err).spawn("stderr");
+            new StreamCopier(cmd.getInputStream(), System.out, LoggerFactory.DEFAULT).spawn("stdout");
+            new StreamCopier(cmd.getErrorStream(), System.err, LoggerFactory.DEFAULT).spawn("stderr");
 
             // Wait for session & X11 channel to get closed
             ssh.getConnection().join();
@@ -67,4 +53,4 @@ public class X11 {
             ssh.disconnect();
         }
     }
-}
+}

gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists

gradlew

@@ -0,0 +1,234 @@
+#!/bin/sh
+
+#
+# Copyright © 2015-2021 the original authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
+##############################################################################
+
+# Attempt to set APP_HOME
+
+# Resolve links: $0 may be a link
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
+done
+
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+
+APP_NAME="Gradle"
+APP_BASE_NAME=${0##*/}
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD=maximum
+
+warn () {
+    echo "$*"
+} >&2
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+} >&2
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD=$JAVA_HOME/jre/sh/java
+    else
+        JAVACMD=$JAVA_HOME/bin/java
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD=java
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
+    esac
+fi
+
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
+fi
+
+# Collect all arguments for the java command;
+#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+#     shell script including quotes and variable substitutions, so put them in
+#     double quotes to make sure that they get re-expanded; and
+#   * put everything else in single quotes, so that it's not re-expanded.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'
+
+exec "$JAVACMD" "$@"

gradlew.bat

@@ -0,0 +1,89 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega

pom.xml

@@ -1,239 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
-    <modelVersion>4.0.0</modelVersion>
-
-    <groupId>net.schmizz</groupId>
-    <artifactId>sshj</artifactId>
-    <packaging>jar</packaging>
-    <version>0.4.1</version>
-
-    <name>sshj</name>
-    <description>SSHv2 library for Java</description>
-    <url>http://github.com/shikhar/sshj</url>
-
-    <inceptionYear>2009</inceptionYear>
-
-    <issueManagement>
-        <system>github</system>
-        <url>http://github.com/shikhar/sshj/issues</url>
-    </issueManagement>
-
-    <scm>
-        <connection>scm:git:git://github.com/shikhar/sshj.git</connection>
-        <developerConnection>scm:git:git@github.com:shikhar/sshj.git</developerConnection>
-        <url>http://github.com/shikhar/sshj</url>
-    </scm>
-
-    <licenses>
-        <license>
-            <name>Apache 2</name>
-            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-            <distribution>repo</distribution>
-        </license>
-    </licenses>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-            <version>1.6.1</version>
-        </dependency>
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk16</artifactId>
-            <version>1.46</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>4.8.2</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>com.jcraft</groupId>
-            <artifactId>jzlib</artifactId>
-            <version>1.0.7</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.sshd</groupId>
-            <artifactId>sshd-core</artifactId>
-            <version>0.5.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>ch.qos.logback</groupId>
-            <artifactId>logback-core</artifactId>
-            <version>0.9.29</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>ch.qos.logback</groupId>
-            <artifactId>logback-classic</artifactId>
-            <version>0.9.29</version>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-
-
-    <developers>
-        <developer>
-            <id>shikhar</id>
-            <name>Shikhar Bhushan</name>
-            <email>shikhar@schmizz.net</email>
-            <url>http://schmizz.net</url>
-        </developer>
-    </developers>
-
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    </properties>
-
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <version>2.3.2</version>
-                <configuration>
-                    <excludes>
-                        <exclude>examples/*.java</exclude>
-                    </excludes>
-                    <source>1.6</source>
-                    <target>1.6</target>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-release-plugin</artifactId>
-                <version>2.1</version>
-                <configuration>
-                    <mavenExecutorId>forked-path</mavenExecutorId>
-                </configuration>
-            </plugin>
-            <plugin>
-                <artifactId>maven-assembly-plugin</artifactId>
-                <version>2.2.1</version>
-                <configuration>
-                    <descriptors>
-                        <descriptor>src/assemble/examples.xml</descriptor>
-                    </descriptors>
-                </configuration>
-                <executions>
-                    <execution>
-                        <id>make-assembly</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>single</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-source-plugin</artifactId>
-                <version>2.1.2</version>
-                <executions>
-                    <execution>
-                        <id>attach-sources</id>
-                        <goals>
-                            <goal>jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.8</version>
-                <configuration>
-                    <encoding>${project.build.sourceEncoding}</encoding>
-                </configuration>
-                <executions>
-                    <execution>
-                        <id>attach-javadocs</id>
-                        <goals>
-                            <goal>jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
-    </build>
-
-    <distributionManagement>
-        <repository>
-            <id>sonatype-nexus-staging</id>
-            <name>Nexus Release Repository</name>
-            <url>http://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-        </repository>
-        <snapshotRepository>
-            <id>sonatype-nexus-snapshots</id>
-            <name>Sonatype Nexus Snapshots</name>
-            <url>http://oss.sonatype.org/content/repositories/snapshots</url>
-        </snapshotRepository>
-    </distributionManagement>
-
-    <profiles>
-        <profile>
-            <id>full-deps</id>
-            <dependencies>
-                <dependency>
-                    <groupId>org.bouncycastle</groupId>
-                    <artifactId>bcprov-jdk16</artifactId>
-                    <version>1.45</version>
-                </dependency>
-                <dependency>
-                    <groupId>com.jcraft</groupId>
-                    <artifactId>jzlib</artifactId>
-                    <version>1.0.7</version>
-                </dependency>
-                <dependency>
-                    <groupId>ch.qos.logback</groupId>
-                    <artifactId>logback-core</artifactId>
-                    <version>0.9.24</version>
-                </dependency>
-                <dependency>
-                    <groupId>ch.qos.logback</groupId>
-                    <artifactId>logback-classic</artifactId>
-                    <version>0.9.24</version>
-                </dependency>
-            </dependencies>
-        </profile>
-        <profile>
-            <id>release-sign-artifacts</id>
-            <activation>
-                <property>
-                    <name>performRelease</name>
-                    <value>true</value>
-                </property>
-            </activation>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-gpg-plugin</artifactId>
-                        <version>1.3</version>
-                        <configuration>
-                            <passphrase>${gpg.passphrase}</passphrase>
-                        </configuration>
-                        <executions>
-                            <execution>
-                                <id>sign-artifacts</id>
-                                <phase>verify</phase>
-                                <goals>
-                                    <goal>sign</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                </plugins>
-
-            </build>
-        </profile>
-
-    </profiles>
-
-</project>

settings.gradle

@@ -0,0 +1 @@
+rootProject.name = "sshj"

src/assemble/examples.xml

@@ -1,15 +0,0 @@
-<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
-          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-          xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
-    <id>examples</id>
-    <formats>
-        <format>zip</format>
-    </formats>
-    <fileSets>
-        <fileSet>
-            <directory>src/main/java/examples</directory>
-            <includes/>
-            <outputDirectory>examples</outputDirectory>
-        </fileSet>
-    </fileSets>
-</assembly>

src/etc/license-header

@@ -0,0 +1,13 @@
+Copyright ${project.inceptionYear} ${owner}
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

src/itest/docker-image/authorized_keys

@@ -0,0 +1,10 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOEQcvowiV3igdRO7rKPrZrao1hCQrnC4tgsxqSJdQCbABI+vHrdbJRfWZNuSk48aAtARJzJVmkn/r63EPJgkh8= root@itgcpkerberosstack-cbgateway-0-20151117031915
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHQiZm0wBbmI8gohA/N9ir1O+egikL6S9FjZS8GHbx4rTHI1V+vbXxx2O9bFWtep1PFb4iowtZkxf6gvRjGkL6M= ajvanerp@Heimdall.local
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAdJiRkkBM8yC8seTEoAn2PfwbLKrkcahZ0xxPoWICJ root@sshj
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8ww4hJG/gHJYdkjTTBDF1GNz+228nuWprPV+NbQauA ajvanerp@Heimdall.local
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaWrwt3drIOjeBq2LSHRavxAT7ja2f+5soOUJl/zKSI ajvanerp@Heimdall.xebialabs.com
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYfPGSYFOHuSzTJ67H0ynvKJDfgDmwPOj7iJaLGbIBi sshjtest@TranceLove
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoZ9l6Tkm2aL1tSBy2yw4xU5s8BE9MfqS/4J7DzvsYJxF6oQmTIjmStuhH/CT7UjuDtKXdXZUsIhKtafiizxGO8kHSzKDeitpth2RSr8ddMzZKyD6RNs7MfsgjA3UTtrrSrCXEY6O43S2cnuJrWzkPxtwxaQ3zOvDbS2tiulzyq0VzYmuhA/a4CyuQtJBuu+P2oqmu6pU/VB6IzONpvBvYbNPsH1WDmP7zko5wHPihXPCliztspKxS4DRtOZ7BGXyvg44UmIy0Kf4jOkaBV/eCCA4qH7ZHz71/5ceMOpszPcNOEmLGGYhwI+P3OuGMpkrSAv1f8IY6R8spZNncP6UaQ== no-passphrase
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDKRyZAtOJJfAhPU6xE6ZXY564vwErAI3n3Yn4lTHL9bxev9Ily6eCqPLcV0WbSV04pztngFn9MjT7yb8mcXheHpIaWEH569sMpmpOtyfn4p68SceuXBGyyPGMIcfOTknkASd1JYSD4EPkd9rZmCzcx3vEnLu8ChnA/G221xSVQ5VC/jD/c/CgNUayhQ+xbn57qHKKtZwfTa21QmwIabGYJNwlVjlKTCdddeVnZfKqKrG7cxHQApsxd21rhM9IT/C/f4Y/Tx3WUUVeam0iZ265oiPHoPALqJIWSQIUheRYAxYAQqJwSQ0Or9MM8XXun2Iy3RUSGk6eIvrCsFbNURsHNs7Pu0UnpYv6FZ3vCkFep/1pAT6fQvY7pDOOWDHKXArD4watc9gIWaQBH73wDW/KgBcnMRSoGWgQjsYqIamP4oV1+HqUI3lRAsXZaX+eiBGt3+3A5KebP27UJ1YUwhwlzs7wzTKaCu0OaL+hOsP1F2AxAa995bgFksMd23645ux3YCJKXG4sGpJ1Z/Hs49K72gv+QjLZVxXqY623c8+3OUhlixqoEFd4iG7UMc5a552ch/VA+jaspmLZoFhPz99aBRVb1oCSPxSwLw+Q/wxv6pZmT+14rqTzY2farjU53hM+CsUPh7dnWXhGG7RuA5wCdeOXOYjuksfzAoHIZhPqTgQ== ajvanerp@Heimdall.local
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMvfRYSe44VQGwxexOMibcM3+fWeUP1jrBofOxFDRRrzRF8dK/vll2svqTPXMRnITnT1UoemEcB5OHtvH4hzfh/HFeDxJ5S7UncYxoClTSa8MeMFG2Zj9CoUZs1SHbwSGg== root@sshj
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHquUYgkU9wJrcxDWVtdqtfqf6SBDdPDRxwDl7OCohV2UNu2KdjJwSj8j0fsPeMdHjSiv9OCnHYrVilQ+W5WW5q5wGXwk10oIcV0JJscohLA0nS7mKinBrxUwVHnNZbPExFciicnEArcYRb1BuT7HF8hfjuSSpWS0rob6kloSSi/jV7ZA== root@sshj

src/itest/docker-image/entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/ash
+
+# generate host keys if not present
+ssh-keygen -A
+
+# do not detach (-D), log to stderr (-e), passthrough other arguments
+exec /usr/sbin/sshd -D -e "$@"

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key

@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQR1fMdT7FYIpIo+4hhd5oOgHk6uW79B
+HVscKp83yPhFylnG4NtpF7anAWTcpl5aB9eJVWTCP5KVvlVLVkxUSRDwAAAAwITPM06Ezz
+NOAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7i
+GF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEP
+AAAAAhAP21AnkkpifUJgiBSYk7YhOfcwC4VfMB3n+BBln73VnmAAAAImlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9yc2EBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQgbM6lYD+Yx1aendIKHYuKthkIN0WhvPdMA0DbC/QmEAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPAAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgAOa69XTj4yOPjKtN5Few84Y2qj4p/4RK9yiAjWWxbMQv+dlLzEH/wtj6p1SeDJozFssVfyH2ODFGY9Dct3K4SbLA1b8LfM6vaf1bUxdQz7njsQ40KpcJu662hMOkj9AKTQgpVUVgJJOQuLrIbyfjKClaqt2W6ziH2eLn7wPsZ6HGhQMALQVmebzgFepnwCve9wgX1HNOfuAYYVQwFXddi/xQ4BIVmsH6E3DcUUzjtZZaG063CddPYOW2Ea1efWqHu20FRWqsMnwbL6Hr9JkjKv/Iub8mgLMP1bhbMEblb+tQ+y9RRvPwjT89tKljc7hXvBxpHA4c4ZlnTidsjqPHVeARCt5LV4lES7HWEZ+kFIkGndNLYXOUnxgk6iSLLHVVZUCZPbUiZbSJdoj7r7LGiz4KA7mnqQQGU2jWxSI2drD5T6SW0TFspzjX4dPnJyzFpe02Fl+NvblUUHsnPTHdsRexHRNfqkQhKIO4i8AM8U02nU/uBmXFPb9ANbLcq+Npw== id_ecdsa_256_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_256_key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHV8x1PsVgikij7iGF3mg6AeTq5bv0EdWxwqnzfI+EXKWcbg22kXtqcBZNymXloH14lVZMI/kpW+VUtWTFRJEPA= id_ecdsa_256_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key

@@ -0,0 +1,11 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
+1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQQ00XynBzgyJLB+1SDf2elIDYt7Lz6g
+Y3dzdqKmYe5L6jzUShmV1UjiE9gCl7i47aRWHSZ3VwiZ0jsT2ekL+ctScSn+NGgw/6BgFr
+c3zIkJoYWYzpg2D3mKUkNDMnJWgisAAADw6GCqcuhgqnIAAAATZWNkc2Etc2hhMi1uaXN0
+cDM4NAAAAAhuaXN0cDM4NAAAAGEENNF8pwc4MiSwftUg39npSA2Ley8+oGN3c3aipmHuS+
+o81EoZldVI4hPYApe4uO2kVh0md1cImdI7E9npC/nLUnEp/jRoMP+gYBa3N8yJCaGFmM6Y
+Ng95ilJDQzJyVoIrAAAAMQDwyD4C4DbK9DVDOovHqCt/f2TKaho1F4wouIIa4ZTph+9cSp
+PUhlSNXKDRD7pOUdIAAAAiaWRfZWNkc2FfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQEC
+AwQF
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2byoaIudWiOZaNJMfyOHNw5tOy8lWAADbp/rNkJ7krwAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKwAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV8zODRfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAV3uUrbSScu722FmIUG1FEtd7X+y58XlZyBZMDkI2G8RL0bZtALg8kfAUqRs17XS8MEIsG2STDGvDoKpPlGrupTGAwjnpTrDsgr/WaXUn/21Tyv6h4npcPxX5h5OU24UdZRXUGMRqwRXn4d6c44I6lAXkFGEHV20da+2sKR02QOIEfYik7kYgUzkVE5QPr0YN2hWCNxPNahgPow2RvPDHKL0PBS2CASeIo9pZ6OECdsCX92+BXN+e8oPO+BTp2mwzaepFPiSO6pIdTOnhFHwiY7mG7Y+Xw3nCYJl9cILzeuuUeEw3elRMYtnIoUye/IZaZw6GNBObb59seFOaf8Hm7NV6F7L/RNUG7aESB2n6KKggbPci8xuCulfgi/XBxjsXd/affASOUcn3X6IIUwJDqwMBkhmagvYVoLX1gMoHBW0aLZDQEXigV0WW8v1oMsEp6Sl9Y0kRs9vPBr/8LX9vDaPKmNxOBV8uOnicDb9HZicyLkVQyPFobHOvYt/gfEUM id_ecdsa_384_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_384_key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDTRfKcHODIksH7VIN/Z6UgNi3svPqBjd3N2oqZh7kvqPNRKGZXVSOIT2AKXuLjtpFYdJndXCJnSOxPZ6Qv5y1JxKf40aDD/oGAWtzfMiQmhhZjOmDYPeYpSQ0MyclaCKw== id_ecdsa_384_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key

@@ -0,0 +1,12 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS
+1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBkA3IU8ml4HuqnsOYb2H89fRKo0Wx
+nFnke8J5olJ0eyaoAv/0fSZDiOeF5j/K6VGeCa45edqJZCNCwda0vzQaZH8AYUnwojVGH1
+pchzLm1U9C3WlF0wP/c141GiNVmkKAQDN7J4KKxchhByMKVPLUzHv181OvItrLR3ECuhGT
+a8xpJRYAAAEgetmfwXrZn8EAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ
+AAAIUEAZANyFPJpeB7qp7DmG9h/PX0SqNFsZxZ5HvCeaJSdHsmqAL/9H0mQ4jnheY/yulR
+ngmuOXnaiWQjQsHWtL80GmR/AGFJ8KI1Rh9aXIcy5tVPQt1pRdMD/3NeNRojVZpCgEAzey
+eCisXIYQcjClTy1Mx79fNTryLay0dxAroRk2vMaSUWAAAAQWe6t//lZtwKOHz9KOFcSfpO
+DPQTu+PyzryWrwG99r6IoEqXahhK6FjTJ7U0/Ep9zVeeiLpRVlKe15pcN6U3dp9uAAAAIm
+lkX2VjZHNhXzUyMV9yZmM0NzE2X3NpZ25lZF9ieV9yc2EB
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAghRVKHO1c4TGUTQt6NcV1mXd4HCBJLlkJZtPmVp0EQjUAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFgAAAAAAAAAAAAAAAgAAACJpZF9lY2RzYV81MjFfcmZjNDcxNl9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAmpwzeo95ahCTQuLfdsHSlWhNlBVUsEze9ogzqhnh1unL0uDztGbEwZ3+2vAQI9wRlIBJhg+FFIOc6KW6Hi9zHZaU/ipmrtDwoMfaRrL6ZgP+COvCxPMiTuJPt8Er2OsRnarc7iM1RnhFz3jVTGhkTG8W9yvN6Pr7SeJ9DokrRMfuDBosLE7i22pLWWBeDmSHz0dh6VGUhTnEK/9RzRnPQmByRQJ+Xfv4He7QE1IWIufG6zYKi42XiCpC2DKCxI0yapKvqVWkR1snc/0ykMUESsAgyzZoYqzxUCSmTzfT/DCb1WRswFVlLb+uccpo6ioi62CCNvC88WDsXhSO4VYsUno33KL9MopvbO1Gg5IncJP+a2wbP3fFQpefx0D828DovGKNSDxGmzXE2HoEQSsW9EsrBOEBZffHRIgLx+yuR9Er67RrIzUZclUlGZaLf/PWf2JSNwuIhxCShwPu1d3I2VYx5Lcn5MXk/IpHP8xLXH/g8/Mm+NhO4blVFAOwYaox id_ecdsa_521_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ecdsa_521_key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGQDchTyaXge6qew5hvYfz19EqjRbGcWeR7wnmiUnR7JqgC//R9JkOI54XmP8rpUZ4Jrjl52olkI0LB1rS/NBpkfwBhSfCiNUYfWlyHMubVT0LdaUXTA/9zXjUaI1WaQoBAM3sngorFyGEHIwpU8tTMe/XzU68i2stHcQK6EZNrzGklFg== id_ecdsa_521_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAz/M/Awfg01fL5pK7PsOmk8sdM98WFXv/7ycMEsMu8EgAAAKilREz2pURM
+9gAAAAtzc2gtZWQyNTUxOQAAACAz/M/Awfg01fL5pK7PsOmk8sdM98WFXv/7ycMEsMu8Eg
+AAAEB9mj+1Z9CnxalesmwJiPa7051sjjnXKR00aQ59jCX0GTP8z8DB+DTV8vmkrs+w6aTy
+x0z3xYVe//vJwwSwy7wSAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3
+JzYQE=
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key-cert.pub

@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJPdoRzLgA3gyn+/e94rnl7IvN7PxvEeV0JTITLah2ipAAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wSAAAAAAAAAAAAAAACAAAAJGlkX2VkMjU1MTlfMzg0X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJob5TylOxmfFX5qH3iE53+zgXp3JbuxcRG9aYx/5GFiWx2yCku1/2lN/KgW2AOb31iS22LXlhCUtZBmbHiYI9aftZAyBcHGYcHvMCDHH66q+bVLlmRlNW+JjWLM46ythgRT+1dKGWAarZSwAC8hYxlV07pvt7EXFmzy4Kv0C/FL8d78P3nrRsmDTYBwrhQy1s5gwOeZlLyomPtSL7kfdxBXum8v4lG+ddtcL82iGdp2gNyonrjyaDZcdXD1FoBDlqM+lvWGO1n4ikts7JG3jcgK3QRdYOVmPnsCzEHaiTm9APuhf72+B5RXybbQcyHTA49+TptavkoxVaMqzdvIunfEYVf1S5zCHgysOkqGLOEVyMSxZk3pORajr2kdyc02Q4Plrb8B6G0rbixJRCJouS6I8J4W/Orypa2ge/un3U1JYaBeA18va7hwHoG/0zsdswETyIB+nrj59YM6Zm4zzC7Sm0SBNXFN0m2f6SDj6CDTnmj13aejQLUzED4e2Bm6Qw== id_ed25519_384_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_ed25519_384_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8z8DB+DTV8vmkrs+w6aTyx0z3xYVe//vJwwSwy7wS id_ed25519_384_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key

@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEA1iHGJi0EhM4vSCe40N3670OWx6tsA28P7Rpqgl9VdYtorneByT6U
+3o7nSIK7MCGXD9XFCPDbQPnCpjIOQaq9f7wzaj7vEzN3iPEsUohfGIhBnZUZqtHdPSMhqE
+JwxuIqRAlSjy8XnBNK6EjgpZGyXL5NijjR9dp/jYgOCMMmJB585BWhYQt7P5qceFjz6AqH
+WKnBbajorFjiJQR9LVhi9nBCC1I02e8aWqS05JR51J8J1+lECJEiKBbzD0dhAd0CPsGlux
+BtwVGZF13+xzc9/NZLUUb4wJxWM0R8flmIochK+yqPgCmr7rjA3yyEPXtQrvTQ46Jjt/u6
+uKyLbdiZ2QAAA9i320dZt9tHWQAAAAdzc2gtcnNhAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5
+bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8T
+M3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA
+4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnU
+nwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko
++AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAwEAAQAAAQEAkd0x4GF8GYdmV+2P
+DOCZhhDxjhQsoO4v2CDNev+79DVB2s7XnyG9QRnxXMiJAJFxGL1S2fNQN6OrP5ELexn2ui
+OWloJGUzsU6zj2K0ZwGQMAR3sAoAcTgQkEbVzM+/2mMvByx8yZdZ0CwtaaCM8Fw/1yTnzE
+MYhkqSGMBdYBjknjZ8pPMYNVucncmdYibPU5VRRhWSSXlee6oZRgWrcW8VGlFtQU/RHt1a
+LUPrSk/3e1Iqk75AWaFVVwnTnz8pPBpQXboiN22gZ8fvPYO9wphPmuXPapGFUt5NHBgMOv
+Yr2+uzeSYg79VKhRv6YEM3aeW8kkjdZ7r4uP8EFnimUDAQAAAIEAsIsTx8nO65tEJbCEmM
+/bFXHRmMSnVyQWQgyPXTvbWyI1Uk0YyaFOnsFCuXwfM/3fupvFyKTC4rdeJYl9HiVbZAm3
+puI+GIRPOdKMWdh+e802KdeGXPsc+LU0tw5zwaRKH46QtmKEu1UICmUEsDFQxYfSlL8zhc
+/OrNwPUZTRtrYAAACBAOsPC4PtdyItaHVYbSlgp++foTm4adby3lYQOh4VDanY4H95ct/P
+4Qa9BklZmkN5HoaPBnOCV66+RzW42qSbincRSdsYXP6t5fnnQwp9+tqCQaPuHVIGuW9MI9
+qO1hwOl1HnvYFvOEvdvA+Os3as5DyZO5AP5Eta6cwjMwKDTB/hAAAAgQDpNXQL3vJvsUgP
+yZjhxodGGoT7HvLVClrICEuVrJj/10t5AabWjh5G3FILZyTU+zNTGLn+emocuKf+sbrlAe
+6sImXPfKKx/kgSR7knPlUi0TEOow4XbIif0cfGxqkamANe1Sv7xReR2rIqkWqEZsDNhtZR
+oQQY9bNehpqAweCY+QAAACFpZF9yc2FfMjA0OF9yZmM0NzE2X3NpZ25lZF9ieV9yc2E=
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key-cert.pub

@@ -0,0 +1 @@
+ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgKsWt/s6Kl/ti8EuWBhg0TdS/kEUWRzsogWz5M1CVjtoAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZAAAAAAAAAAAAAAACAAAAIWlkX3JzYV8yMDQ4X3JmYzQ3MTZfc2lnbmVkX2J5X3JzYQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGCdqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWILhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2ryUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYqDvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzpjI2xwC8ecQF9jeFGBcooa86OO65oPQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJSHsEN9ccb4C/wrw0Lq22tZ/tLdjXxHKa1xBZZf81z7POZy8njEDN9bXHQalpLzgR12HDnkbBhk0tBrH8JDEmddOiMZrjD5GUzsK5Y3X6H/MTZrPYSqeO7ikmffxRI4A0BjYBmGk5ClntKzs3VhbhnlwBzTbvl+lwGVnP2EJmmP6/xjB0V3udYOQMbRd9Q2ORIZWF0VSexhjVVSdEwDlDdHWubFJwpHGDXKWeijGxSYXbZGwCGhqU04DYIx7HEIm0sulIX9GxjAm16y8QvrSjKCmfOkvg6T/TVVStYGkU2BGGhXyCfCA3gecdxI8mijuLsuBnkr0rVlDg00FLOAduLzsQq7gSC0/xit4OlJO7MoNUSnC9NjNSLjPy7DzW0bwfkmvfuTpKhDmO0lNbr+6if3+Q8pXZV+q1bRFMO9AsSO52gXA/IXGZC3u5JCL56hqb03sQPn/K9ZWmiRzwJYWTpgIgycGwR1ZIYFvtqKJqtVoGaZfCIQD/I4i01qqHxVAg== id_rsa_2048_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/host_keys/ssh_host_rsa_2048_key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWIcYmLQSEzi9IJ7jQ3frvQ5bHq2wDbw/tGmqCX1V1i2iud4HJPpTejudIgrswIZcP1cUI8NtA+cKmMg5Bqr1/vDNqPu8TM3eI8SxSiF8YiEGdlRmq0d09IyGoQnDG4ipECVKPLxecE0roSOClkbJcvk2KONH12n+NiA4IwyYkHnzkFaFhC3s/mpx4WPPoCodYqcFtqOisWOIlBH0tWGL2cEILUjTZ7xpapLTklHnUnwnX6UQIkSIoFvMPR2EB3QI+waW7EG3BUZkXXf7HNz381ktRRvjAnFYzRHx+WYihyEr7Ko+AKavuuMDfLIQ9e1Cu9NDjomO3+7q4rItt2JnZ id_rsa_2048_rfc4716_signed_by_rsa

src/itest/docker-image/test-container/ssh_host_ecdsa_key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOpOBFjqe0hjK/hs4WZ3dZqnzanq1L3/JbvV1TCkbe4ToAoGCCqGSM49
+AwEHoUQDQgAEVzkrS7Yj0nXML7A3mE08YDthfBR/ZbyYJDIq1vTzcqs6KTaCT529
+swNXWLHO+mbHviZcRiI57ULXHZ1emom/Jw==
+-----END EC PRIVATE KEY-----

src/itest/docker-image/test-container/ssh_host_ecdsa_key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFc5K0u2I9J1zC+wN5hNPGA7YXwUf2W8mCQyKtb083KrOik2gk+dvbMDV1ixzvpmx74mXEYiOe1C1x2dXpqJvyc= root@404b27be2bf4

src/itest/docker-image/test-container/ssh_host_ed25519_key

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBFG9PKAq8FtH0me+LHUE6YaVANCMqy/Znkffzief1W/gAAAKCyyoBkssqA
+ZAAAAAtzc2gtZWQyNTUxOQAAACBFG9PKAq8FtH0me+LHUE6YaVANCMqy/Znkffzief1W/g
+AAAED+Yfza2xk5LqP9pN6TpvhWYP0L60zOQJpHhbEuiS3LLkUb08oCrwW0fSZ74sdQTphp
+UA0IyrL9meR9/OJ5/Vb+AAAAF2FqdmFuZXJwQEhlaW1kYWxsLmxvY2FsAQIDBAUG
+-----END OPENSSH PRIVATE KEY-----

src/itest/docker-image/test-container/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUb08oCrwW0fSZ74sdQTphpUA0IyrL9meR9/OJ5/Vb+ ajvanerp@Heimdall.local

src/itest/docker-image/test-container/trusted_ca_keys

@@ -0,0 +1,4 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN70b/cYHZQMD1YW0mlncXqC2l++sEWrVYlIUCzNxNhRYjI4UmEVEq3ru1h6K3ZVAJi1DcZuf5ne1ZXtwJ1Uw1JA4wGdKw+9TwAb5Gubn+VEowgt62kLAPeChiPucTXD0FDDhIUOBv3KxytdrJIYAtzZT27STsBiDF1+7Ld3wk/1Dg9NAaI6q40PmuicTEACQRHn5snI1t9+LgZTd3/PPE5pjJM0ow9+r6mlUUM5oHCk5sZ8DBuRR1Ram4sxp/LFQM+9feMmW3ZM2C5AN0JG4A7NXnlwiTKmNVrGI0iFucBBKhjxN1qdgBF11/42cCrerC9UW1auTTi9mqwEIqBGL30VOPy+dCPQQViP+C09CBgyr3wpZciPKP1mvmcOkC5FDzKg9e3v1JBq0fqZgwt+PPG8cGnxRCGEQ+ZMLDuAixkQUEwDWeMskHLkbjUEiVZydViCPSzFczGtKatQiQVZA5Zx0Gn2sUaQjykhWzqKNL8oIbolEdkH9ubOZWNi0brzU= root@sshj
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFI= CA_ecdsa.pem
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0= CA_rsa.pem
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuH CA_ed25519.pem

src/itest/docker-image/test-container/users_rsa_ca.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN70b/cYHZQMD1YW0mlncXqC2l++sEWrVYlIUCzNxNhRYjI4UmEVEq3ru1h6K3ZVAJi1DcZuf5ne1ZXtwJ1Uw1JA4wGdKw+9TwAb5Gubn+VEowgt62kLAPeChiPucTXD0FDDhIUOBv3KxytdrJIYAtzZT27STsBiDF1+7Ld3wk/1Dg9NAaI6q40PmuicTEACQRHn5snI1t9+LgZTd3/PPE5pjJM0ow9+r6mlUUM5oHCk5sZ8DBuRR1Ram4sxp/LFQM+9feMmW3ZM2C5AN0JG4A7NXnlwiTKmNVrGI0iFucBBKhjxN1qdgBF11/42cCrerC9UW1auTTi9mqwEIqBGL30VOPy+dCPQQViP+C09CBgyr3wpZciPKP1mvmcOkC5FDzKg9e3v1JBq0fqZgwt+PPG8cGnxRCGEQ+ZMLDuAixkQUEwDWeMskHLkbjUEiVZydViCPSzFczGtKatQiQVZA5Zx0Gn2sUaQjykhWzqKNL8oIbolEdkH9ubOZWNi0brzU= root@sshj

src/itest/generate.sh

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+# This script is intended for generating SSH keys required for unit and integration tests. If you intend to add a new
+# key to the tests, please write its generation command there.
+#
+# All generation commands should generate only files that does not exist. If some key is already generated, the script
+# should not overwrite the key.
+
+set -e -o pipefail
+cd "${BASH_SOURCES[0]}"
+
+function generate() {
+  local destination="$1"
+  if [[ ! -f "$destination" ]]; then
+    echo "Generating $destination" 1>&2
+    shift
+    mkdir -p "$(dirname "$destination")"
+    ssh-keygen -q -f "$destination" "${@}"
+  fi
+}
+
+function generate_cert() {
+  local private_key
+  local suffix
+  local cert
+  private_key="$1"
+  suffix="$2"
+  shift 2
+  cert="$private_key$suffix-cert.pub"
+  if [[ ! -f "$cert" ]]; then
+    cp "$private_key" "$private_key$suffix"
+    cp "$private_key.pub" "$private_key$suffix.pub"
+    generate "$cert" "$@" "$private_key$suffix.pub"
+    rm -f "$private_key$suffix" "$private_key$suffix.pub"
+  fi
+}
+
+generate resources/users_rsa_ca -t rsa -N ''
+if [[ -f resources/users_rsa_ca.pub ]]; then
+  mv resources/users_rsa_ca.pub docker-image/test-container
+fi
+generate resources/keyfiles/id_rsa2 -t rsa -m pem -N ''
+generate resources/keyfiles/id_rsa2-cert.pub -s resources/users_rsa_ca -I my_key_id -n sshj resources/keyfiles/id_rsa2.pub
+
+cat docker-image/test-container/users_rsa_ca.pub >docker-image/test-container/trusted_ca_keys
+
+key_algo_pairs=(ecdsa_256 ecdsa_384 ecdsa_521 rsa_2048 ed25519_384)
+
+for ca_algo in ecdsa rsa ed25519; do
+  generate "resources/keyfiles/certificates/CA_${ca_algo}.pem" -N "" -t "$ca_algo" -C "CA_${ca_algo}.pem"
+  cat "resources/keyfiles/certificates/CA_${ca_algo}.pem.pub" >>docker-image/test-container/trusted_ca_keys
+
+  for key_algo_pair in "${key_algo_pairs[@]}"; do
+    key_algo="${key_algo_pair/_*/}"
+    bits="${key_algo_pair/*_/}"
+
+    for format in pem rfc4716; do
+      if [[ "$key_algo" == 'pem' && "$format" == 'ed25519' ]]; then
+        # Ed25519 keys are always generated in RFC4716 format.
+        continue
+      fi
+
+      user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_${ca_algo}"
+      generate "$user_key" -N '' -t "$key_algo" -b "$bits" -m "$format" -C "$(basename "$user_key")"
+      generate "${user_key}-cert.pub" -s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -n sshj "${user_key}.pub"
+
+      # These certificates are to be used as host certificates of sshd.
+      generate_cert "$user_key" _host \
+        -s "resources/keyfiles/certificates/CA_${ca_algo}.pem" -I "$(basename "$user_key")" -h -n 127.0.0.1
+    done
+  done
+done
+
+mkdir -p docker-image/test-container/host_keys
+
+for key_algo_pair in "${key_algo_pairs[@]}"; do
+  key_algo="${key_algo_pair/_*/}"
+  bits="${key_algo_pair/*_/}"
+
+  user_key="resources/keyfiles/certificates/id_${key_algo_pair}_${format}_signed_by_rsa"
+  host_key="docker-image/test-container/host_keys/ssh_host_${key_algo_pair}_key"
+  if [[ ! -f "$host_key" ]]; then
+    cp -p "$user_key" "$host_key"
+    cp -p "${user_key}.pub" "${host_key}.pub"
+    cp -p "${user_key}_host-cert.pub" "${host_key}-cert.pub"
+  fi
+done
+
+(
+  cd resources/keyfiles/certificates
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_valid_before_past \
+    -s "CA_rsa.pem" -I valid_before_past -h -n 127.0.0.1 -V 'always:20210101000000'
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_valid_after_future \
+    -s "CA_rsa.pem" -I valid_after_future -h -n 127.0.0.1 -V '20990101000000:forever'
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_no_principal \
+    -s "CA_rsa.pem" -I no_principal -h
+
+  generate_cert id_ed25519_384_rfc4716_signed_by_rsa _host_principal_wildcard_example_com \
+    -s "CA_rsa.pem" -I principal_wildcard_example_com -h -n '*.example.com'
+)

src/itest/java/com/hierynomus/sshj/HostKeyVerifierTest.java

@@ -0,0 +1,72 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj;
+
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+
+import java.util.List;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import com.hierynomus.sshj.key.KeyAlgorithms;
+
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.transport.TransportException;
+
+@Testcontainers
+public class HostKeyVerifierTest {
+    @Container
+    private static final SshdContainer sshd = new SshdContainer();
+
+    public static Stream<Arguments> signatureAlgos() {
+        return Stream.of(
+            Arguments.of(KeyAlgorithms.ECDSASHANistp256(), "d3:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3"),
+            Arguments.of(KeyAlgorithms.EdDSA25519(), "dc:68:38:ce:fc:6f:2c:d6:6d:6b:34:eb:5c:f0:41:6a"));
+    }
+
+    @ParameterizedTest(name = "Should connect with signature verified for Key Algorithm {0}")
+    @MethodSource("signatureAlgos")
+    public void shouldConnectWithSignatureVerified(KeyAlgorithms.Factory alg, String fingerprint) throws Throwable {
+        Config config = new DefaultConfig();
+        config.setKeyAlgorithms(List.of(alg));
+
+        try (SSHClient client = new SSHClient(config)) {
+            client.addHostKeyVerifier(fingerprint);
+            client.connect(sshd.getHost(), sshd.getFirstMappedPort());
+
+            assertTrue(client.isConnected());
+        }
+    }
+
+    @Test
+    public void shouldDeclineWrongKey() throws Throwable {
+        try (SSHClient client = new SSHClient()) {
+            assertThrows(TransportException.class, () -> {
+                client.addHostKeyVerifier("d4:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3");
+                client.connect(sshd.getHost(), sshd.getFirstMappedPort());
+            });
+        }
+    }
+}

src/itest/java/com/hierynomus/sshj/ManyChannelsTest.java

@@ -0,0 +1,74 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.TimeUnit;
+
+import org.junit.jupiter.api.Test;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import com.hierynomus.sshj.SshdContainer.SshdConfigBuilder;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.connection.channel.direct.Session;
+
+import static org.assertj.core.api.Assertions.*;
+
+@Testcontainers
+public class ManyChannelsTest {
+    @Container
+    private static final SshdContainer sshd = new SshdContainer(SshdContainer.Builder.defaultBuilder()
+            .withSshdConfig(SshdConfigBuilder.defaultBuilder().with("MaxSessions", "200")).withAllKeys());
+
+    @Test
+    public void shouldWorkWithManyChannelsWithoutNoExistentChannelError_GH805() throws Throwable {
+        try (SSHClient client = sshd.getConnectedClient()) {
+            client.authPublickey("sshj", "src/test/resources/id_rsa");
+
+            List<Future<Exception>> futures = new ArrayList<>();
+            ExecutorService executorService = Executors.newCachedThreadPool();
+
+            for (int i = 0; i < 20; i++) {
+                futures.add(executorService.submit(() -> {
+                    try {
+                        for (int j = 0; j < 10; j++) {
+                            try (Session sshSession = client.startSession()) {
+                                try (Session.Command sshCommand = sshSession.exec("ls -la")) {
+                                    IOUtils.readFully(sshCommand.getInputStream()).toString();
+                                }
+                            }
+                        }
+                    } catch (Exception e) {
+                        return e;
+                    }
+                    return null;
+                }));
+            }
+
+            executorService.shutdown();
+            executorService.awaitTermination(1, TimeUnit.DAYS);
+
+            assertThat(futures).allSatisfy(future -> assertThat(future.get()).isNull());
+        }
+    }
+}

src/itest/java/com/hierynomus/sshj/PublicKeyAuthTest.java

@@ -0,0 +1,86 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.util.stream.Stream;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import com.hierynomus.sshj.SshdContainer.SshdConfigBuilder;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.userauth.UserAuthException;
+import net.schmizz.sshj.userauth.keyprovider.KeyProvider;
+
+@Testcontainers
+public class PublicKeyAuthTest {
+    @Container
+    private static final SshdContainer sshd = new SshdContainer(SshdContainer.Builder.defaultBuilder().withSshdConfig(
+            SshdConfigBuilder.defaultBuilder().with("PubkeyAcceptedAlgorithms", "+ssh-rsa-cert-v01@openssh.com"))
+            .withAllKeys());
+
+    public static Stream<Arguments> keys() {
+        return Stream.of(
+                Arguments.of("id_rsa2", null),
+                // "id_ecdsa_nistp256" | null // TODO: Need to improve PKCS8 key support.
+                Arguments.of("id_ecdsa_opensshv1", null),
+                Arguments.of("id_ed25519_opensshv1", null),
+                Arguments.of("id_ed25519_opensshv1_aes256cbc.pem", "foobar"),
+                Arguments.of("id_ed25519_opensshv1_aes128cbc.pem", "sshjtest"),
+                Arguments.of("id_ed25519_opensshv1_protected", "sshjtest"),
+                Arguments.of("id_rsa", null),
+                Arguments.of("id_rsa_opensshv1", null),
+                Arguments.of("id_ecdsa_nistp384_opensshv1", null),
+                Arguments.of("id_ecdsa_nistp521_opensshv1", null));
+    }
+
+    @ParameterizedTest(name = "should authenticate with signed public key {0}")
+    @MethodSource("keys")
+    public void shouldAuthenticateWithSignedRsaKey(String key, String passphrase) throws Throwable {
+        try (SSHClient client = sshd.getConnectedClient()) {
+            KeyProvider p = null;
+            if (passphrase != null) {
+                p = client.loadKeys("src/itest/resources/keyfiles/" + key, passphrase);
+            } else {
+                p = client.loadKeys("src/itest/resources/keyfiles/" + key);
+            }
+            client.authPublickey("sshj", p);
+
+            assertTrue(client.isAuthenticated());
+        }
+    }
+
+    @Test
+    public void shouldNotAuthenticateWithUnknownKey() throws Throwable {
+        try (SSHClient client = sshd.getConnectedClient()) {
+            assertThrows(UserAuthException.class, () -> {
+                client.authPublickey("sshj", "src/itest/resources/keyfiles/id_unknown_key");
+            });
+
+            assertFalse(client.isAuthenticated());
+        }
+    }
+
+}

src/itest/java/com/hierynomus/sshj/RsaShaKeySignatureTest.java

@@ -0,0 +1,100 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj;
+
+import java.util.stream.Stream;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import com.hierynomus.sshj.SshdContainer.SshdConfigBuilder;
+import com.hierynomus.sshj.key.KeyAlgorithms;
+
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static com.hierynomus.sshj.SshdContainer.withSshdContainer;
+
+public class RsaShaKeySignatureTest {
+
+    public static Stream<Arguments> hostKeysAndAlgorithms() {
+        return Stream.of(
+                Arguments.of("ssh_host_ecdsa_256_key", KeyAlgorithms.ECDSASHANistp256()),
+                Arguments.of("ssh_host_ecdsa_384_key", KeyAlgorithms.ECDSASHANistp384()),
+                Arguments.of("ssh_host_ecdsa_521_key", KeyAlgorithms.ECDSASHANistp521()),
+                Arguments.of("ssh_host_ed25519_384_key", KeyAlgorithms.EdDSA25519()),
+                Arguments.of("ssh_host_rsa_2048_key", KeyAlgorithms.RSASHA512()));
+    }
+
+    @ParameterizedTest(name = "Should connect to server that does not support ssh-rsa with host key {1}")
+    @MethodSource("hostKeysAndAlgorithms")
+    public void shouldConnectToServerThatDoesNotSupportSshRsaWithHostKey(String key, KeyAlgorithms.Factory algorithm)
+            throws Throwable {
+        SshdConfigBuilder configBuilder = SshdConfigBuilder
+                .defaultBuilder()
+                .with("PubkeyAcceptedAlgorithms", "rsa-sha2-512,rsa-sha2-256,ssh-ed25519");
+        withSshdContainer(SshdContainer.Builder.defaultBuilder()
+                .withSshdConfig(configBuilder).addHostKey("test-container/host_keys/" + key), sshd -> {
+                    Config c = new DefaultConfig();
+                    c.setKeyAlgorithms(List.of(KeyAlgorithms.RSASHA512(), KeyAlgorithms.RSASHA256(), algorithm));
+
+                    SSHClient client = sshd.getConnectedClient(c);
+                    client.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1");
+
+                    assertTrue(client.isAuthenticated());
+
+                    client.disconnect();
+                });
+    }
+
+    @ParameterizedTest(name = "Should connect to a default server with host key {1} with a default config")
+    @MethodSource("hostKeysAndAlgorithms")
+    public void shouldConnectToDefaultServer(String key, KeyAlgorithms.Factory algorithm) throws Throwable {
+        withSshdContainer(SshdContainer.Builder.defaultBuilder().addHostKey("test-container/host_keys/" + key),
+                sshd -> {
+                    SSHClient client = sshd.getConnectedClient();
+                    client.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1");
+
+                    assertTrue(client.isAuthenticated());
+
+                    client.disconnect();
+                });
+    }
+
+    @ParameterizedTest(name = "Should connect to a server that only supports ssh-rsa with host key {1}")
+    @MethodSource("hostKeysAndAlgorithms")
+    public void shouldConnectToSshRsaOnlyServer(String key, KeyAlgorithms.Factory algorithm) throws Throwable {
+        SshdConfigBuilder configBuilder = SshdConfigBuilder
+                .defaultBuilder()
+                .with("PubkeyAcceptedAlgorithms", "ssh-rsa,ssh-ed25519");
+
+        withSshdContainer(SshdContainer.Builder.defaultBuilder()
+                .withSshdConfig(configBuilder).addHostKey("test-container/host_keys/" + key), sshd -> {
+                    Config c = new DefaultConfig();
+                    c.setKeyAlgorithms(List.of(KeyAlgorithms.SSHRSA(), algorithm));
+                    SSHClient client = sshd.getConnectedClient(c);
+                    client.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1");
+
+                    assertTrue(client.isAuthenticated());
+                    client.disconnect();
+                });
+    }
+}

src/itest/java/com/hierynomus/sshj/SshServerWaitStrategy.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj;
+
+import org.testcontainers.containers.wait.strategy.WaitStrategy;
+import org.testcontainers.containers.wait.strategy.WaitStrategyTarget;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.nio.charset.StandardCharsets;
+import java.time.Duration;
+import java.util.Arrays;
+
+/**
+ * A wait strategy designed for {@link SshdContainer} to wait until the SSH server is ready, to avoid races when a test
+ * tries to connect to a server before the server has started.
+ */
+public class SshServerWaitStrategy implements WaitStrategy {
+    private Duration startupTimeout = Duration.ofMinutes(1);
+
+    @Override
+    public void waitUntilReady(WaitStrategyTarget waitStrategyTarget) {
+        long expectedEnd = System.nanoTime() + startupTimeout.toNanos();
+        while (waitStrategyTarget.isRunning()) {
+            long attemptStart = System.nanoTime();
+            IOException error = null;
+            byte[] buffer = new byte[7];
+            try (Socket socket = new Socket()) {
+                socket.setSoTimeout(500);
+                socket.connect(new InetSocketAddress(
+                        waitStrategyTarget.getHost(), waitStrategyTarget.getFirstMappedPort()));
+                // Haven't seen any SSH server that sends the version in two or more packets.
+                //noinspection ResultOfMethodCallIgnored
+                socket.getInputStream().read(buffer);
+                if (!Arrays.equals(buffer, "SSH-2.0".getBytes(StandardCharsets.UTF_8))) {
+                    error = new IOException("The version message doesn't look like an SSH server version");
+                }
+            } catch (IOException err) {
+                error = err;
+            }
+
+            if (error == null) {
+                break;
+            } else if (System.nanoTime() >= expectedEnd) {
+                throw new RuntimeException(error);
+            }
+
+            try {
+                //noinspection BusyWait
+                Thread.sleep(Math.max(0L, 500L - (System.nanoTime() - attemptStart) / 1_000_000));
+            } catch (InterruptedException e) {
+                Thread.currentThread().interrupt();
+                break;
+            }
+        }
+    }
+
+    @Override
+    public WaitStrategy withStartupTimeout(Duration startupTimeout) {
+        this.startupTimeout = startupTimeout;
+        return this;
+    }
+}

src/itest/java/com/hierynomus/sshj/SshdContainer.java

@@ -0,0 +1,246 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj;
+
+import ch.qos.logback.classic.Level;
+import ch.qos.logback.classic.Logger;
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.transport.verification.PromiscuousVerifier;
+
+import org.jetbrains.annotations.NotNull;
+import org.junit.jupiter.api.function.ThrowingConsumer;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.images.builder.ImageFromDockerfile;
+import org.testcontainers.images.builder.dockerfile.DockerfileBuilder;
+import org.testcontainers.utility.DockerLoggerFactory;
+
+import java.util.function.Consumer;
+
+import java.io.IOException;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.Future;
+
+/**
+ * A JUnit4 rule for launching a generic SSH server container.
+ */
+public class SshdContainer extends GenericContainer<SshdContainer> {
+
+    /**
+     * A workaround for strange logger names of testcontainers. They contain no
+     * dots, but contain slashes,
+     * square brackets, and even emoji. It's uneasy to set the logging level via the
+     * XML file of logback, the
+     * result would be less readable than the code below.
+     */
+    public static class DebugLoggingImageFromDockerfile extends ImageFromDockerfile {
+        public DebugLoggingImageFromDockerfile() {
+            super();
+            Logger logger = (Logger) LoggerFactory.getILoggerFactory()
+                    .getLogger(DockerLoggerFactory.getLogger(getDockerImageName()).getName());
+            logger.setLevel(Level.DEBUG);
+        }
+    }
+
+    public static class SshdConfigBuilder {
+        public static final String DEFAULT_SSHD_CONFIG = "" +
+                "PermitRootLogin yes\n" +
+                "AuthorizedKeysFile .ssh/authorized_keys\n" +
+                "Subsystem sftp /usr/lib/ssh/sftp-server\n" +
+                "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1\n"
+                +
+                "macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n"
+                +
+                "TrustedUserCAKeys /etc/ssh/trusted_ca_keys\n" +
+                "Ciphers 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com\n"
+                +
+                "LogLevel DEBUG2\n";
+        private String sshdConfig;
+
+        public SshdConfigBuilder(@NotNull String sshdConfig) {
+            this.sshdConfig = sshdConfig;
+        }
+
+        public static SshdConfigBuilder defaultBuilder() {
+            return new SshdConfigBuilder(DEFAULT_SSHD_CONFIG);
+        }
+
+        public @NotNull SshdConfigBuilder withHostKey(@NotNull String hostKey) {
+            sshdConfig += "HostKey /etc/ssh/" + Paths.get(hostKey).getFileName() + "\n";
+            return this;
+        }
+
+        public @NotNull SshdConfigBuilder withHostKeyCertificate(@NotNull String hostKeyCertificate) {
+            sshdConfig += "HostCertificate /etc/ssh/" + Paths.get(hostKeyCertificate).getFileName() + "\n";
+            return this;
+        }
+
+        public @NotNull SshdConfigBuilder with(String key, String value) {
+            sshdConfig += key + " " + value + "\n";
+            return this;
+        }
+
+        public @NotNull String build() {
+            return sshdConfig;
+        }
+    }
+
+    public static class Builder implements Consumer<DockerfileBuilder> {
+        private List<String> hostKeys = new ArrayList<>();
+        private List<String> certificates = new ArrayList<>();
+        private @NotNull SshdConfigBuilder sshdConfig = SshdConfigBuilder.defaultBuilder();
+
+        public static Builder defaultBuilder() {
+            Builder b = new Builder();
+
+            return b;
+        }
+
+
+        public @NotNull Builder withSshdConfig(@NotNull SshdConfigBuilder sshdConfig) {
+            this.sshdConfig = sshdConfig;
+            return this;
+        }
+
+        public @NotNull Builder withAllKeys() {
+            this.addHostKey("test-container/ssh_host_ecdsa_key");
+            this.addHostKey("test-container/ssh_host_ed25519_key");
+            this.addHostKey("test-container/host_keys/ssh_host_ecdsa_256_key");
+            this.addHostKey("test-container/host_keys/ssh_host_ecdsa_384_key");
+            this.addHostKey("test-container/host_keys/ssh_host_ecdsa_521_key");
+            this.addHostKey("test-container/host_keys/ssh_host_ed25519_384_key");
+            this.addHostKey("test-container/host_keys/ssh_host_rsa_2048_key");
+            this.addHostKeyCertificate("test-container/host_keys/ssh_host_ecdsa_256_key-cert.pub");
+            this.addHostKeyCertificate("test-container/host_keys/ssh_host_ecdsa_384_key-cert.pub");
+            this.addHostKeyCertificate("test-container/host_keys/ssh_host_ecdsa_521_key-cert.pub");
+            this.addHostKeyCertificate("test-container/host_keys/ssh_host_ed25519_384_key-cert.pub");
+            this.addHostKeyCertificate("test-container/host_keys/ssh_host_rsa_2048_key-cert.pub");
+            return this;
+        }
+
+        public @NotNull SshdContainer build() {
+            return new SshdContainer(buildInner());
+        }
+
+        @NotNull Future<String> buildInner() {
+            return new DebugLoggingImageFromDockerfile()
+                    .withDockerfileFromBuilder(this)
+                    .withFileFromPath(".", Paths.get("src/itest/docker-image"))
+                    .withFileFromString("sshd_config", sshdConfig.build());
+        }
+
+        @Override
+        public void accept(@NotNull DockerfileBuilder builder) {
+            builder.from("alpine:3.19.0");
+            builder.run("apk add --no-cache openssh");
+            builder.expose(22);
+            builder.copy("entrypoint.sh", "/entrypoint.sh");
+
+            builder.add("authorized_keys", "/home/sshj/.ssh/authorized_keys");
+            builder.copy("test-container/trusted_ca_keys", "/etc/ssh/trusted_ca_keys");
+
+            for (String hostKey : hostKeys) {
+                builder.copy(hostKey, "/etc/ssh/" + Paths.get(hostKey).getFileName());
+                builder.copy(hostKey + ".pub", "/etc/ssh/" + Paths.get(hostKey).getFileName() + ".pub");
+            }
+
+            for (String certificate : certificates) {
+                builder.copy(certificate, "/etc/ssh/" + Paths.get(certificate).getFileName());
+            }
+
+
+            builder.run("apk add --no-cache tini"
+                    + " && echo \"root:smile\" | chpasswd"
+                    + " && adduser -D -s /bin/ash sshj"
+                    + " && passwd -u sshj"
+                    + " && echo \"sshj:ultrapassword\" | chpasswd"
+                    + " && chmod 600 /home/sshj/.ssh/authorized_keys"
+                    + " && chmod 600 /etc/ssh/ssh_host_*_key"
+                    + " && chmod 644 /etc/ssh/*.pub"
+                    + " && chmod 755 /entrypoint.sh"
+                    + " && chown -R sshj:sshj /home/sshj");
+            builder.entryPoint("/sbin/tini", "/entrypoint.sh", "-o", "LogLevel=DEBUG2");
+
+            builder.add("sshd_config", "/etc/ssh/sshd_config");
+        }
+
+        public @NotNull Builder addHostKey(@NotNull String hostKey) {
+            hostKeys.add(hostKey);
+            sshdConfig.withHostKey(hostKey);
+            return this;
+        }
+
+        public @NotNull Builder addHostKeyCertificate(@NotNull String hostKeyCertificate) {
+            certificates.add(hostKeyCertificate);
+            sshdConfig.withHostKeyCertificate(hostKeyCertificate);
+            return this;
+        }
+    }
+
+    @SuppressWarnings("unused") // Used dynamically by Spock
+    public SshdContainer() {
+        this(new SshdContainer.Builder().withAllKeys().buildInner());
+    }
+
+    public SshdContainer(SshdContainer.Builder builder) {
+        this(builder.buildInner());
+    }
+
+    public SshdContainer(@NotNull Future<String> future) {
+        super(future);
+        withExposedPorts(22);
+        setWaitStrategy(new SshServerWaitStrategy());
+        withLogConsumer(outputFrame -> {
+            switch (outputFrame.getType()) {
+                case STDOUT:
+                    logger().info("sshd stdout: {}", outputFrame.getUtf8String().stripTrailing());
+                    break;
+                case STDERR:
+                    logger().info("sshd stderr: {}", outputFrame.getUtf8String().stripTrailing());
+                    break;
+                case END:
+                    break;
+
+            }
+        });
+    }
+
+    public SSHClient getConnectedClient(Config config) throws IOException {
+        SSHClient sshClient = new SSHClient(config);
+        sshClient.addHostKeyVerifier(new PromiscuousVerifier());
+        sshClient.connect("127.0.0.1", getFirstMappedPort());
+
+        return sshClient;
+    }
+
+    public SSHClient getConnectedClient() throws IOException {
+        return getConnectedClient(new DefaultConfig());
+    }
+
+    public static void withSshdContainer(SshdContainer.Builder builder, @NotNull ThrowingConsumer<SshdContainer> consumer) throws Throwable {
+        SshdContainer sshdContainer = new SshdContainer(builder.buildInner());
+        sshdContainer.start();
+        try {
+            consumer.accept(sshdContainer);
+        } finally {
+            sshdContainer.stop();
+        }
+    }
+}

src/itest/java/com/hierynomus/sshj/sftp/FileWriteTest.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.sftp;
+
+import java.nio.charset.StandardCharsets;
+import java.util.EnumSet;
+
+import org.junit.jupiter.api.Test;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+import org.testcontainers.shaded.org.bouncycastle.util.Arrays;
+
+import com.hierynomus.sshj.SshdContainer;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.sftp.OpenMode;
+import net.schmizz.sshj.sftp.RemoteFile;
+import net.schmizz.sshj.sftp.SFTPClient;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@Testcontainers
+public class FileWriteTest {
+    @Container
+    private static SshdContainer sshd = new SshdContainer();
+
+    @Test
+    public void shouldAppendToFile_GH390() throws Throwable {
+        try (SSHClient client = sshd.getConnectedClient()) {
+            client.authPublickey("sshj", "src/test/resources/id_rsa");
+            try (SFTPClient sftp = client.newSFTPClient()) {
+                String file = "/home/sshj/test.txt";
+                byte[] initialText = "This is the initial text.\n".getBytes(StandardCharsets.UTF_16);
+                byte[] appendText = "And here's the appended text.\n".getBytes(StandardCharsets.UTF_16);
+
+                try (RemoteFile initial = sftp.open(file, EnumSet.of(OpenMode.WRITE, OpenMode.CREAT))) {
+                    initial.write(0, initialText, 0, initialText.length);
+                }
+
+                try (RemoteFile read = sftp.open(file, EnumSet.of(OpenMode.READ))) {
+                    byte[] readBytes = new byte[initialText.length];
+                    read.read(0, readBytes, 0, readBytes.length);
+                    assertThat(readBytes).isEqualTo(initialText);
+                }
+
+                try (RemoteFile initial = sftp.open(file, EnumSet.of(OpenMode.WRITE, OpenMode.APPEND))) {
+                    initial.write(0, appendText, 0, appendText.length);
+                }
+
+                try (RemoteFile read = sftp.open(file, EnumSet.of(OpenMode.READ))) {
+                    byte[] readBytes = new byte[initialText.length + appendText.length];
+                    read.read(0, readBytes, 0, readBytes.length);
+                    assertThat(Arrays.copyOfRange(readBytes, 0, initialText.length)).isEqualTo(initialText);
+                    assertThat(Arrays.copyOfRange(readBytes, initialText.length, initialText.length + appendText.length)).isEqualTo(appendText);
+                }
+            }
+
+        }
+    }
+}

src/itest/java/com/hierynomus/sshj/sftp/PutFileCompressedTest.java

@@ -0,0 +1,81 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.sftp;
+
+import com.hierynomus.sshj.SshdContainer;
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.sftp.SFTPClient;
+import net.schmizz.sshj.xfer.InMemorySourceFile;
+import org.junit.jupiter.api.Test;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Random;
+
+@Testcontainers
+public class PutFileCompressedTest {
+
+    private static class TestInMemorySourceFile extends InMemorySourceFile {
+
+        private final String name;
+        private final byte[] data;
+
+        public TestInMemorySourceFile(String name, byte[] data) {
+            this.name = name;
+            this.data = data;
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        @Override
+        public long getLength() {
+            return data.length;
+        }
+
+        @Override
+        public InputStream getInputStream() throws IOException {
+            return new ByteArrayInputStream(data);
+        }
+
+    }
+
+    @Container
+    private static SshdContainer sshd = new SshdContainer();
+
+    @Test
+    public void shouldPutCompressedFile_GH893() throws Throwable {
+        try (SSHClient client = sshd.getConnectedClient()) {
+            client.authPublickey("sshj", "src/test/resources/id_rsa");
+            client.useCompression();
+            try (SFTPClient sftp = client.newSFTPClient()) {
+                String filename = "test.txt";
+                // needs to be a larger file for bug taking effect
+                byte[] content = new byte[5000];
+                Random r = new Random(1);
+                r.nextBytes(content);
+
+                sftp.put(new TestInMemorySourceFile(filename,content), "/home/sshj/");
+            }
+
+        }
+    }
+}

src/itest/java/com/hierynomus/sshj/signature/HostKeyWithCertificateTest.java

@@ -0,0 +1,65 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature;
+
+import java.io.File;
+import java.io.StringReader;
+import java.nio.file.Files;
+import java.util.List;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+import com.hierynomus.sshj.SshdContainer;
+import com.hierynomus.sshj.SshdContainer.SshdConfigBuilder;
+
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
+
+import static com.hierynomus.sshj.SshdContainer.withSshdContainer;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class HostKeyWithCertificateTest {
+
+    @ParameterizedTest(name = "Should connect to server that has a signed host public key {0}")
+    @ValueSource(strings = { "ssh_host_ecdsa_256_key", "ssh_host_ecdsa_384_key", "ssh_host_ecdsa_521_key",
+            "ssh_host_ed25519_384_key" })
+    // TODO "ssh_host_rsa_2048_key" fails with "HOST_KEY_NOT_VERIFIABLE" after upgrade to new OpenSSH version
+    public void shouldConnectToServerWithSignedHostKey(String hostkey) throws Throwable {
+        File caPubKey = new File("src/itest/resources/keyfiles/certificates/CA_rsa.pem.pub");
+        String caPubKeyContents = Files.readString(caPubKey.toPath());
+        String address = "127.0.0.1";
+
+        SshdConfigBuilder b = SshdConfigBuilder.defaultBuilder().with("PasswordAuthentication", "yes");
+
+        withSshdContainer(SshdContainer.Builder.defaultBuilder().withSshdConfig(b).addHostKey("test-container/host_keys/" + hostkey).addHostKeyCertificate("test-container/host_keys/" + hostkey + "-cert.pub"), sshd -> {
+            String knownHosts = List.of("@cert-authority " + address + " " + caPubKeyContents,
+                    "@cert-authority [" + address + "]:" + sshd.getFirstMappedPort() + " " + caPubKeyContents).stream()
+                    .reduce("", (a, b1) -> a + "\n" + b1);
+            DefaultConfig cfg = new DefaultConfig();
+            try (SSHClient c = new SSHClient(cfg)) {
+                c.addHostKeyVerifier(new OpenSSHKnownHosts(new StringReader(knownHosts)));
+                c.connect(address, sshd.getFirstMappedPort());
+
+                c.authPassword("sshj", "ultrapassword");
+
+                assertTrue(c.isAuthenticated());
+            }
+        });
+
+    }
+}

src/itest/java/com/hierynomus/sshj/signature/PublicKeyAuthWithCertificateTest.java

@@ -0,0 +1,83 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.util.stream.Stream;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import com.hierynomus.sshj.SshdContainer;
+import com.hierynomus.sshj.SshdContainer.SshdConfigBuilder;
+
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+
+@Testcontainers
+public class PublicKeyAuthWithCertificateTest {
+    @Container
+    private static final SshdContainer sshd = new SshdContainer(SshdContainer.Builder.defaultBuilder().withSshdConfig(SshdConfigBuilder.defaultBuilder().with("PubkeyAcceptedAlgorithms", "+ssh-rsa-cert-v01@openssh.com")).withAllKeys());
+
+    public static Stream<String> keys() {
+        return Stream.of(
+        "id_ecdsa_256_pem_signed_by_ecdsa",
+        "id_ecdsa_256_rfc4716_signed_by_ecdsa",
+        "id_ecdsa_256_pem_signed_by_ed25519",
+        "id_ecdsa_256_rfc4716_signed_by_ed25519",
+        "id_ecdsa_256_pem_signed_by_rsa",
+        "id_ecdsa_256_rfc4716_signed_by_rsa",
+        "id_ecdsa_384_pem_signed_by_ecdsa",
+        "id_ecdsa_384_rfc4716_signed_by_ecdsa",
+        "id_ecdsa_384_pem_signed_by_ed25519",
+        "id_ecdsa_384_rfc4716_signed_by_ed25519",
+        "id_ecdsa_384_pem_signed_by_rsa",
+        "id_ecdsa_384_rfc4716_signed_by_rsa",
+        "id_ecdsa_521_pem_signed_by_ecdsa",
+        "id_ecdsa_521_rfc4716_signed_by_ecdsa",
+        "id_ecdsa_521_pem_signed_by_ed25519",
+        "id_ecdsa_521_rfc4716_signed_by_ed25519",
+        "id_ecdsa_521_pem_signed_by_rsa",
+        "id_ecdsa_521_rfc4716_signed_by_rsa",
+        "id_rsa_2048_pem_signed_by_ecdsa",
+        "id_rsa_2048_rfc4716_signed_by_ecdsa",
+        "id_rsa_2048_pem_signed_by_ed25519",
+        "id_rsa_2048_rfc4716_signed_by_ed25519",
+        "id_rsa_2048_pem_signed_by_rsa",
+        "id_rsa_2048_rfc4716_signed_by_rsa",
+        "id_ed25519_384_rfc4716_signed_by_ecdsa",
+        "id_ed25519_384_rfc4716_signed_by_ed25519",
+        "id_ed25519_384_rfc4716_signed_by_rsa");
+    }
+
+    @ParameterizedTest(name = "should authenticate with signed public key {0}")
+    @MethodSource("keys")
+    public void shouldAuthenticateWithSignedPublicKey(String key) throws Throwable {
+        Config c = new DefaultConfig();
+        SSHClient client = sshd.getConnectedClient(c);
+
+        client.authPublickey("sshj", "src/itest/resources/keyfiles/certificates/" + key);
+
+        assertTrue(client.isAuthenticated());
+
+        client.disconnect();
+    }
+
+}

src/itest/java/com/hierynomus/sshj/signature/SignatureTest.java

@@ -0,0 +1,57 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.util.List;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import com.hierynomus.sshj.SshdContainer;
+import com.hierynomus.sshj.SshdContainer.SshdConfigBuilder;
+import com.hierynomus.sshj.key.KeyAlgorithms;
+
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+
+@Testcontainers
+public class SignatureTest {
+    @Container
+    private static final SshdContainer sshd = new SshdContainer(SshdContainer.Builder.defaultBuilder().withSshdConfig(SshdConfigBuilder.defaultBuilder().with("HostKeyAlgorithms", "+ssh-rsa").with("PubkeyAcceptedAlgorithms", "+ssh-rsa")).withAllKeys());
+
+    public static Stream<KeyAlgorithms.Factory> algs() {
+        return Stream.of(KeyAlgorithms.SSHRSA(), KeyAlgorithms.RSASHA256(), KeyAlgorithms.RSASHA512());
+    }
+
+    @ParameterizedTest(name = "should correctly connect with Signature {0}")
+    @MethodSource("algs")
+    public void shouldCorrectlyConnectWithMac(KeyAlgorithms.Factory alg) throws Throwable {
+        Config c = new DefaultConfig();
+        c.setKeyAlgorithms(List.of(alg));
+        try (SSHClient client = sshd.getConnectedClient(c)) {
+            client.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa");
+
+            assertTrue(client.isAuthenticated());
+        }
+    }
+
+}

src/itest/java/com/hierynomus/sshj/transport/cipher/CipherTest.java

@@ -0,0 +1,65 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.cipher;
+
+import static org.junit.Assert.assertTrue;
+
+import java.util.List;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import com.hierynomus.sshj.SshdContainer;
+
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.transport.cipher.Cipher;
+
+@Testcontainers
+public class CipherTest {
+    @Container
+    private static final SshdContainer sshd = new SshdContainer();
+
+    public static Stream<Factory.Named<Cipher>> ciphers() {
+        return Stream.of(BlockCiphers.TripleDESCBC(),
+                          BlockCiphers.AES128CBC(),
+                          BlockCiphers.AES128CTR(),
+                          BlockCiphers.AES192CBC(),
+                          BlockCiphers.AES192CTR(),
+                          BlockCiphers.AES256CBC(),
+                          BlockCiphers.AES256CTR(),
+                          GcmCiphers.AES128GCM(),
+                          GcmCiphers.AES256GCM(),
+                          ChachaPolyCiphers.CHACHA_POLY_OPENSSH());
+    }
+
+    @ParameterizedTest(name = "should correctly connect with Cipher {0}")
+    @MethodSource("ciphers")
+    public void shouldCorrectlyConnectWithCipher(Factory.Named<Cipher> cipher) throws Throwable {
+        Config c = new DefaultConfig();
+        c.setCipherFactories(List.of(cipher));
+        try (SSHClient client = sshd.getConnectedClient(c)) {
+            client.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1");
+
+            assertTrue(client.isAuthenticated());
+        }
+    }
+}

src/itest/java/com/hierynomus/sshj/transport/kex/KexTest.java

@@ -0,0 +1,72 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.kex;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.util.List;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import com.hierynomus.sshj.SshdContainer;
+
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.transport.kex.Curve25519SHA256;
+import net.schmizz.sshj.transport.kex.DHGexSHA1;
+import net.schmizz.sshj.transport.kex.DHGexSHA256;
+import net.schmizz.sshj.transport.kex.ECDHNistP;
+import net.schmizz.sshj.transport.kex.KeyExchange;
+
+@Testcontainers
+public class KexTest {
+    @Container
+    private static final SshdContainer sshd = new SshdContainer();
+
+    public static Stream<Factory.Named<KeyExchange>> kex() {
+        return Stream.of(
+                DHGroups.Group1SHA1(),
+                DHGroups.Group14SHA1(),
+                DHGroups.Group14SHA256(),
+                DHGroups.Group16SHA512(),
+                DHGroups.Group18SHA512(),
+                new DHGexSHA1.Factory(),
+                new DHGexSHA256.Factory(),
+                new Curve25519SHA256.Factory(),
+                new Curve25519SHA256.FactoryLibSsh(),
+                new ECDHNistP.Factory256(),
+                new ECDHNistP.Factory384(),
+                new ECDHNistP.Factory521());
+    }
+
+    @ParameterizedTest(name = "should correctly connect with Key Exchange {0}")
+    @MethodSource("kex")
+    public void shouldCorrectlyConnectWithMac(Factory.Named<KeyExchange> kex) throws Throwable {
+        Config c = new DefaultConfig();
+        c.setKeyExchangeFactories(List.of(kex));
+        try (SSHClient client = sshd.getConnectedClient(c)) {
+            client.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1");
+
+            assertTrue(client.isAuthenticated());
+        }
+    }
+}

src/itest/java/com/hierynomus/sshj/transport/kex/StrictKeyExchangeTest.java

@@ -0,0 +1,111 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.kex;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import ch.qos.logback.classic.Logger;
+import ch.qos.logback.classic.spi.ILoggingEvent;
+import ch.qos.logback.core.read.ListAppender;
+import com.hierynomus.sshj.SshdContainer;
+import net.schmizz.sshj.SSHClient;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+@Testcontainers
+class StrictKeyExchangeTest {
+
+    @Container
+    private static final SshdContainer sshd = new SshdContainer();
+
+    private final List<Logger> watchedLoggers = new ArrayList<>();
+    private final ListAppender<ILoggingEvent> logWatcher = new ListAppender<>();
+
+    @BeforeEach
+    void setUpLogWatcher() {
+        logWatcher.start();
+        setUpLogger("net.schmizz.sshj.transport.Decoder");
+        setUpLogger("net.schmizz.sshj.transport.Encoder");
+        setUpLogger("net.schmizz.sshj.transport.KeyExchanger");
+    }
+
+    @AfterEach
+    void tearDown() {
+        watchedLoggers.forEach(Logger::detachAndStopAllAppenders);
+    }
+
+    private void setUpLogger(String className) {
+        Logger logger = ((Logger) LoggerFactory.getLogger(className));
+        logger.addAppender(logWatcher);
+        watchedLoggers.add(logger);
+    }
+
+    @Test
+    void strictKeyExchange() throws Throwable {
+        try (SSHClient client = sshd.getConnectedClient()) {
+            client.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1");
+            assertTrue(client.isAuthenticated());
+        }
+        List<String> keyExchangerLogs = getLogs("KeyExchanger");
+        assertThat(keyExchangerLogs).containsSequence(
+            "Initiating key exchange",
+            "Sending SSH_MSG_KEXINIT",
+            "Received SSH_MSG_KEXINIT",
+            "Enabling strict key exchange extension"
+        );
+        List<String> decoderLogs = getLogs("Decoder").stream()
+            .map(log -> log.split(":")[0])
+            .collect(Collectors.toList());
+        assertThat(decoderLogs).containsExactly(
+            "Received packet #0",
+            "Received packet #1",
+            "Received packet #2",
+            "Received packet #0",
+            "Received packet #1",
+            "Received packet #2",
+            "Received packet #3"
+        );
+        List<String> encoderLogs = getLogs("Encoder").stream()
+            .map(log -> log.split(":")[0])
+            .collect(Collectors.toList());
+        assertThat(encoderLogs).containsExactly(
+            "Encoding packet #0",
+            "Encoding packet #1",
+            "Encoding packet #2",
+            "Encoding packet #0",
+            "Encoding packet #1",
+            "Encoding packet #2",
+            "Encoding packet #3"
+        );
+    }
+
+    private List<String> getLogs(String className) {
+        return logWatcher.list.stream()
+            .filter(event -> event.getLoggerName().endsWith(className))
+            .map(ILoggingEvent::getFormattedMessage)
+            .collect(Collectors.toList());
+    }
+
+}

src/itest/java/com/hierynomus/sshj/transport/mac/MacTest.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.mac;
+
+import static org.junit.Assert.assertTrue;
+
+import java.util.List;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+import com.hierynomus.sshj.SshdContainer;
+
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+
+@Testcontainers
+public class MacTest {
+    @Container
+    private static final SshdContainer sshd = new SshdContainer();
+
+    public static Stream<Macs.Factory> macs() {
+        return Stream.of(Macs.HMACSHA2256(), Macs.HMACSHA2512(), Macs.HMACSHA2256Etm(), Macs.HMACSHA2512Etm());
+    }
+
+    @ParameterizedTest(name = "should correctly connect with MAC {0}")
+    @MethodSource("macs")
+    public void shouldCorrectlyConnectWithMac(Macs.Factory mac) throws Throwable {
+        Config c = new DefaultConfig();
+        c.setMACFactories(List.of(mac));
+        try (SSHClient client = sshd.getConnectedClient(c)) {
+            client.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1");
+
+            assertTrue(client.isAuthenticated());
+        }
+    }
+}

src/itest/resources/keyfiles/certificates/CA_ecdsa.pem

@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurL
+m6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAqP36PXj9+j
+14AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9Lpyp
+MH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEF
+IAAAAhAJoGc1L5zMmeORPDxMFTzo47oot8ao0BziAm3NU5ExxOAAAADENBX2VjZHNhLnBl
+bQECAw==
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/CA_ecdsa.pem.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFI= CA_ecdsa.pem

src/itest/resources/keyfiles/certificates/CA_ed25519.pem

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAJhnCXFqZwlx
+agAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hw
+AAAEBHofpGRYy15jvyiJrPuijusTXmM6bQs6fgegqljUzqwjphrlRZfHI2xJ7IIqmoLji2
+Bh2j7ZP0jynCL0TnjTuHAAAADkNBX2VkMjU1MTkucGVtAQIDBAUGBw==
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/CA_ed25519.pem.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDphrlRZfHI2xJ7IIqmoLji2Bh2j7ZP0jynCL0TnjTuH CA_ed25519.pem

src/itest/resources/keyfiles/certificates/CA_rsa.pem

@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksN
+UKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUN
+WHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFH
+aLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPP
+GXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+
+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IF
+zLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuR
+TAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAAFgHGJKn5xiSp+AAAAB3NzaC1yc2
+EAAAGBAMpRV4ex1Zq2TzKSP7g1XrAAsGsqbGvKe6BjXqJa1OayPgcTJWZLDVCiNapqMoGC
+dqAnzBKIqVwjxhdy1OP7c5BvPZG9ljujlAiBhQ5t9NrN+jWv6pE3w3m5MFDVh7neGvr9wK
+8IGhIetfpG6/wJ3yOAF1sQkCwgDf7BfkbMq1If+qyTDF7I3fzyaqYX/61BR2iytpNxaVVw
+1g15EKdRHkUc760L0kVFwWkmyAFpK+ZPOal9pRHKa9mi/3TRXcQ20ZnBBzzxl4bsnXnEWI
+LhBSxstoEF94hHKLeuoKl9kPx/NqKvwjIEqtU/mE7i+aAE9Wf6nR0COtlBPsjxZtf2Ac2r
+yUCd/EcdAqDGOwZy4m1s0G5EQMTU1uWCgGByz6DPWCCDCadQq0GaACjcOyBcy5trUqGxYq
+DvmZCgq6IDv1bGFDlFx1exOxIAKuruiVdPNn+c+h7HEmeM+OOJq1rjibD7kUwMK0cchVzp
+jI2xwC8ecQF9jeFGBcooa86OO65oPQAAAAMBAAEAAAGAc0imd8v9y4rW1ho/9Nd0fRXncS
+lbXpCioWH+KsVXS52FesKOLRvXGntT2SdqYCHXNqt2vZjh6H76AaKNbNt7nnHEw6ckVBeB
+4tbq2q4NOCDm0nDLWLRNzq6XuXfzPxYwiZTOlu4m7OxTBaokDhoR7EixBlMJ1Brv3pqjOf
+SmKsXOMUgZZGlRFTGNU9eY+UCZUC+Fmb6mJumFD2hM9QpkFT3H1PNHffGhpClVDni/axz5
+3nqZ9OlDS2B18DrdE1GoWhxvnX2nOpKZ+dSKAflyczQI9qOx0FczRuTmnjPz9jYLzTKPfi
+Pw9vkUxNiyJSkYgPMWODDwXCz0frv0n5ZUQvFrtQVjls+fHdoj3qnRYFAvgPgT8LLWE+SD
+SEvWXob6tldI9tTL4Ymx/9FsI5mvcGDhMQtK0YX1mwFBIUq3CRQD6CMd6oDcK1rpn7cQ2z
+AdI+MUdoTjDTr+sIr7ijcLvz1l/PHrFpmb5OCKr0HkVhfQHu8z1Est1ZL4ioQ1Y1ABAAAA
+wF07au4kjHZueAR+MSmD0uBzdZneq/2l5IXEtl4eC5gs2pNpkd4zoa1NhvimFqk2xgAN96
+k6sUXW/sJT+D/AC6heOC/DRUuemHcSyOpSosmGVf56WzC5eDXzrqNbyb6UEA/XshSW3lR5
+VZBO/gVMv0I5qWdTcvDbgAa6mi/gzRkZ6MqJ+zzaXyfz/W6wVD7v2PJAZB9GhNDTpA2UOC
+T3Z1Lk8i4hLX6r18AwYnh7f26LI5ZAMNv2kT98J5qZIV0ntwAAAMEA79Md+2SofgHcurgn
+O3xfH5EgLemF6X/KQTRojuVzlUiId2koMVk1iCv/a5wDqPwvU0kWJtd9RIzm+DeOzTlBwL
+49U3PSr0A4XFwU4Z6/9TlNFpqDbGIiPfFmnhwgi4iOtIHSUm/OdmX4ys0meDERDMCq1g0C
+rTLy9MtpUTv6oiAYLCk6N3lz7059R9394BQR2VoMoyvVmpbwReVqzx7HHb4i/YgdqiaSae
+NUyGv1/G5g0Lko+hFb+rZnCtTREHsdAAAAwQDX9p5+cXsLJygzppmK7yXalBmm0nWmnTnX
+faLp7qPOBxBsOCVno3Ud2BGNodcMkJPG9V8t1jnfFoEyAvq7eJxXCN3s1ACZDAXXp8dtWE
+1lUzZyX6uERljp2jXACpK2v3wBDNjoTr8GuQzJTi0U77YZ2iMs9HjDJFytAZjyl1dTZL5v
+jwTOZx17YQb0qfzAtkKQwxb8o54TK+p7yv8/vZb86WC+qtNsOrQAbhcyNhSeNBQz18oBwX
+tMsqKBf4Eo96EAAAAKQ0FfcnNhLnBlbQE=
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/CA_rsa.pem.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0= CA_rsa.pem

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIfJPrGJGZ7jWfxLWoA4DLK4UX8xeKPZBhpRW8Lf6+C3oAoGCCqGSM49
+AwEHoUQDQgAE5Hdnjy/w72a9P3sSQd57DJayX9m75p1N/W1mh3IDIrI6xIOVeu6g
+w0KbBSExvjsS6TrtJPgGo9XTFp2LcQBDkw==
+-----END EC PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgpQb0g0drrzK2coGjm7xOG0FeIl5pqEoNhbY9VbmEJzsAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5MAAAAAAAAAAAAAAAEAAAAgaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWNkc2EAAAAIAAAABHNzaGoAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEE3Pz2T1Pd6X0unKkwfpGzw6+f/ELqy5ur1cGhMrwb3HdDgiJ+w35sLLuH2O5h0TyK3ka+CekzYdJ08EUykmcQUgAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAhAPdi7qLZdHYtpNiaQlzT+p//KduiWy3B4o3g+8qmTrywAAAAIGrPimSBL8JTI0YuRzS54Vg90r52aTkRmtOKBXkd7mbx id_ecdsa_256_pem_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5M= id_ecdsa_256_pem_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ecdsa_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgl67ZVJD8No6A02obFMo6hs8Ldt14DeO6b58RWpAiPycAAAAIbmlzdHAyNTYAAABBBOR3Z48v8O9mvT97EkHeewyWsl/Zu+adTf1tZodyAyKyOsSDlXruoMNCmwUhMb47Euk67ST4BqPV0xadi3EAQ5MAAAAAAAAAAAAAAAIAAAAgaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWNkc2EAAAANAAAACTEyNy4wLjAuMQAAAAAAAAAA//////////8AAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIFO6PcSIVKhcnYZRRLes2qPZMpq7P+UDW20vYQn9aQltAAAAIQC877vpE4EbsJuyymmw/T7NsjmVcQnH/U6WjwZCODxI1g== id_ecdsa_256_pem_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFEVp4a/QxSG2pwM8l2yK17tTC3f98FOd4NAUECN0jZcoAoGCCqGSM49
+AwEHoUQDQgAEfz2MGBoHybmWH1pCMKn0u7sLeyDiH5HedZGmQFniDZSUHJErbpaA
+pRhnoR12OHyNpblTd3UhpOJl76tp/2Ht+A==
+-----END EC PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgjgBeNTL1MzUsswy1BYjpiftZ9C9PEGvM6vngt6hJL/EAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fgAAAAAAAAAAAAAAAEAAAAiaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAAgAAAAEc3NoagAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACA6Ya5UWXxyNsSeyCKpqC44tgYdo+2T9I8pwi9E5407hwAAAFMAAAALc3NoLWVkMjU1MTkAAABAfg65fi6me4HL37NLoLi+9NeAZFHPfS5PfNLbx5ZAvA/wOrV//NlFMiiJ6lAuTLQtQU8WMESDZbf7diSDQI34BQ== id_ecdsa_256_pem_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fg= id_ecdsa_256_pem_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_ed25519_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgAfBLm5SO2/sG021RdO4S+q1AVpdahAz3jx3XIBMX/DcAAAAIbmlzdHAyNTYAAABBBH89jBgaB8m5lh9aQjCp9Lu7C3sg4h+R3nWRpkBZ4g2UlByRK26WgKUYZ6Eddjh8jaW5U3d1IaTiZe+raf9h7fgAAAAAAAAAAAAAAAIAAAAiaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfZWQyNTUxOQAAAA0AAAAJMTI3LjAuMC4xAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQD/r1H8JDNXac/XsQr5pxLKAa2EkBtitlyjQlAWX3UlBdm00r9NfcNa0qOhYEAITA2ipM0Kox43KzkSIB9N8yw4= id_ecdsa_256_pem_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOzGWqHfgD0W/1E3lozWoK0EGi/fh07uw1YR9K3y/EA/oAoGCCqGSM49
+AwEHoUQDQgAECRvqxweOpIpe/gX/0htrI+ZH0gqPT9YYxrIrGJKGJ4X3g24tqyI/
+VAJGyJ3e/bAE1Mnlm4EAN08cokWUOF+wOg==
+-----END EC PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb79Hsx9T9VAh4/hyezWkS4le/m0+YLq9sUXAme7QiRQAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDoAAAAAAAAAAAAAAAEAAAAeaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfcnNhAAAACAAAAARzc2hqAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDKUVeHsdWatk8ykj+4NV6wALBrKmxrynugY16iWtTmsj4HEyVmSw1QojWqajKBgnagJ8wSiKlcI8YXctTj+3OQbz2RvZY7o5QIgYUObfTazfo1r+qRN8N5uTBQ1Ye53hr6/cCvCBoSHrX6Ruv8Cd8jgBdbEJAsIA3+wX5GzKtSH/qskwxeyN388mqmF/+tQUdosraTcWlVcNYNeRCnUR5FHO+tC9JFRcFpJsgBaSvmTzmpfaURymvZov900V3ENtGZwQc88ZeG7J15xFiC4QUsbLaBBfeIRyi3rqCpfZD8fzair8IyBKrVP5hO4vmgBPVn+p0dAjrZQT7I8WbX9gHNq8lAnfxHHQKgxjsGcuJtbNBuREDE1NblgoBgcs+gz1gggwmnUKtBmgAo3DsgXMuba1KhsWKg75mQoKuiA79WxhQ5RcdXsTsSACrq7olXTzZ/nPoexxJnjPjjiata44mw+5FMDCtHHIVc6YyNscAvHnEBfY3hRgXKKGvOjjuuaD0AAAGUAAAADHJzYS1zaGEyLTUxMgAAAYCLm55D5nwIJNNCPidXas09UpeBc7FO5SBNq2rzOWeFkLcqfEq6uYJvX5/Va/zq9TCW+m1lQrVsqZVa3Ks4lKz44IBzyqBBpWcfgqNcXOc7wltSW8tfIsmQvSMODMn+bKSQzMWPSt3gjgHFylL4iNbCVSpHmPL3UjhUJurJrtIhTyYtZD6AVZvRS7J07eOTWIl0dx2txJ2xn2fRSx9jkpPDPsuHVB/scE5lm2cqFT5UMe3TVo4jSy6yMqnp+iIThMydsTsq8dFzg8PMFQdCD6MK+zjOPTnKW9wYCuQkjN8/9Ln6imWcpkYNGQsBJiPb1qMUxPzrUnUYMXvjUpzjBiiFaugshmuLFSKxEDSWkjHw6TGAagylOH7vItcptULNmcBrq2gDbI/Pl71aFVFjooOnjeWSmLoAcEIT+2K2e8YMOcC1eBCltVo9hhnfzRLrnV0ss1NI0cP9m0uBri7O77+NPA+TrMMTybe4x3gMzHobEKDrZlyNwJfHUA+vdzCJNQ4= id_ecdsa_256_pem_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDo= id_ecdsa_256_pem_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_pem_signed_by_rsa_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg39MCdE+TdsgibyL9pdV+Oip06sFgPj7Lldoa8Mdrr6EAAAAIbmlzdHAyNTYAAABBBAkb6scHjqSKXv4F/9IbayPmR9IKj0/WGMayKxiShieF94NuLasiP1QCRsid3v2wBNTJ5ZuBADdPHKJFlDhfsDoAAAAAAAAAAAAAAAIAAAAeaWRfZWNkc2FfMjU2X3BlbV9zaWduZWRfYnlfcnNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAylFXh7HVmrZPMpI/uDVesACwaypsa8p7oGNeolrU5rI+BxMlZksNUKI1qmoygYJ2oCfMEoipXCPGF3LU4/tzkG89kb2WO6OUCIGFDm302s36Na/qkTfDebkwUNWHud4a+v3ArwgaEh61+kbr/AnfI4AXWxCQLCAN/sF+RsyrUh/6rJMMXsjd/PJqphf/rUFHaLK2k3FpVXDWDXkQp1EeRRzvrQvSRUXBaSbIAWkr5k85qX2lEcpr2aL/dNFdxDbRmcEHPPGXhuydecRYguEFLGy2gQX3iEcot66gqX2Q/H82oq/CMgSq1T+YTuL5oAT1Z/qdHQI62UE+yPFm1/YBzavJQJ38Rx0CoMY7BnLibWzQbkRAxNTW5YKAYHLPoM9YIIMJp1CrQZoAKNw7IFzLm2tSobFioO+ZkKCrogO/VsYUOUXHV7E7EgAq6u6JV082f5z6HscSZ4z444mrWuOJsPuRTAwrRxyFXOmMjbHALx5xAX2N4UYFyihrzo47rmg9AAABlAAAAAxyc2Etc2hhMi01MTIAAAGAu9U1TrUpxb5Iq1/3i5gvgiUk+Pr8ckCJ1X2v2g0wJF1iDRgt1ynL5o842Va0dND8r/tlYuXiXDY+nVK3P5e+Qdyq7ORbbibqDfJXpXN3WRCY4IjXzAWBUh2h8ywDTBgpbvBdcv0ITOF8V9w8LwCzFMqAEAf9ZvxqNA33qJjUXpP/XFwrkK81VJo4XNPXFf5NXRrUn7nDDU2QMyzfLYJwErNVV8iw/U/cef9ens1M15IX8yrMJxCQb7JQkvKeUPrs6ALa4lgvMISl1/jDEQ4nCw0YrXC9rWOTr71HS7SZrw3KLJQYyQNGBjqc4n4BqhPUYf9ac+w1trKBMtw0tFKjVEzsjg6dpYMr5cIon6Gm1N9GWV6pRcghkDoC3qbSUDbvqFWUOt9HAuiFUpye4BxP/W52PM63xVJhkOQ0DpQbCM2W7KWj6E/KjHlFeoTPzy3GmG3KBUrl1nQK5HSriuINyLZAq6Q8AUhekG8Td52rucU9WYfz1W6J7XrdEy73jsVT id_ecdsa_256_pem_signed_by_rsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa

@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSg88EiIHWvzomLE8ahdjrqE0iZnrCZ
+5bBy1uZj/QiOvJcyWeV8G7nTmyGhDSzE2BVZNmK7tjK1h7QKCcn7gLZqAAAAwEc6tF1HOr
+RdAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsT
+xqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtm
+oAAAAhAN2usDXl6owiRjz99e5lTmsGwFY1qtPlDBP+G4d4pBbhAAAAJGlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9lY2RzYQECAw==
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgpwwYrqrCZSI5imMxVTHnzFZSDW3NvYfLaFMiKCvegaAAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmoAAAAAAAAAAAAAAAEAAAAkaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAACAAAAARzc2hqAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNz89k9T3el9LpypMH6Rs8Ovn/xC6subq9XBoTK8G9x3Q4IifsN+bCy7h9juYdE8it5GvgnpM2HSdPBFMpJnEFIAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIQD7GTHsM19ZtnntVYvFz3dJZZh5ZyJz2OeNPbUTEtBTiQAAACA1Zanogf6uUgFnjNS1KwOhSUqzKwtQ+Db7c6DV2HFN8g== id_ecdsa_256_rfc4716_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmo= id_ecdsa_256_rfc4716_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ecdsa_host-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg0cIXSpmbkGXAqBI2MfH9tpCITWA28bvcPogKDHk2+aUAAAAIbmlzdHAyNTYAAABBBKDzwSIgda/OiYsTxqF2OuoTSJmesJnlsHLW5mP9CI68lzJZ5XwbudObIaENLMTYFVk2Yru2MrWHtAoJyfuAtmoAAAAAAAAAAAAAAAIAAAAkaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VjZHNhAAAADQAAAAkxMjcuMC4wLjEAAAAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAaAAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTc/PZPU93pfS6cqTB+kbPDr5/8QurLm6vVwaEyvBvcd0OCIn7Dfmwsu4fY7mHRPIreRr4J6TNh0nTwRTKSZxBSAAAAZQAAABNlY2RzYS1zaGEyLW5pc3RwMjU2AAAASgAAACEAm95yiB9YDmtQJR1Eqeg9Di5GAu0BmbIIVQXKqAmbNgkAAAAhAOCYC23uX7C1wSo4uHcDnIkN1fwjTkrmzryLbGQvI10R id_ecdsa_256_rfc4716_signed_by_ecdsa

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519

@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSSlaBbx7IhGpFNz0AJjNS9ltz3Pt+7
+qI5PPwRJKq5qIdJiejYjE4G4/kHSacJXYj9AsmSIkWq8blhW099x+MmiAAAAwNnay43Z2s
+uNAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3P
+QAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4ya
+IAAAAhAIAiz2os7YuPnqIHiRnHhQjcnm2y/D8WJ35paiWs1RVGAAAAJmlkX2VjZHNhXzI1
+Nl9yZmM0NzE2X3NpZ25lZF9ieV9lZDI1NTE5AQ==
+-----END OPENSSH PRIVATE KEY-----

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519-cert.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg8EviOh4kJ/RDObpq9OJjY1v55378bby2aNotrPon6XsAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3PQAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4yaIAAAAAAAAAAAAAAAEAAAAmaWRfZWNkc2FfMjU2X3JmYzQ3MTZfc2lnbmVkX2J5X2VkMjU1MTkAAAAIAAAABHNzaGoAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgOmGuVFl8cjbEnsgiqaguOLYGHaPtk/SPKcIvROeNO4cAAABTAAAAC3NzaC1lZDI1NTE5AAAAQOlUU8WMaF/szvw9K79abfnTNCLr1k6QZyQnbZR8d1hW5+TlhI6020enha0TApG6zwLPuQ28LZstnpSpKehoYwo= id_ecdsa_256_rfc4716_signed_by_ed25519

src/itest/resources/keyfiles/certificates/id_ecdsa_256_rfc4716_signed_by_ed25519.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJKVoFvHsiEakU3PQAmM1L2W3Pc+37uojk8/BEkqrmoh0mJ6NiMTgbj+QdJpwldiP0CyZIiRarxuWFbT33H4yaI= id_ecdsa_256_rfc4716_signed_by_ed25519