SSHv2 Server Test Suite Data Sheet
Test Suite:
SSHv2 Server Test Suite
Direction:
Server

The Secure Shell (SSH) Protocol (henceforth SSHv2 signifying version 2.0) is a protocol designed for secure remote login and other secure network services over an insecure network. Standard methods are provided for setting up secure interactive shell sessions and for forwarding (“tunneling”) arbitrary TCP/IP ports and X11 connections (RFC 4251). In practical use, SSHv2 has four key elements in the handshake: Key exchange (kex), cipher, integrity check (MAC digest), authentication. Of these, key exchange and authentication have actual structural differences. Note that once the handshake has been completed (keys, used encryption, and integrity method are negotiated, and authentication is done), there is no real difference in the channel testing.

Used specifications

Specification
Title
Notes
RFC4250
The Secure Shell (SSH) Protocol Assigned Numbers
RFC4251
The Secure Shell (SSH) Protocol Architecture
RFC4252
The Secure Shell (SSH) Authentication Protocol
RFC4253
The Secure Shell (SSH) Transport Layer Protocol
RFC4254
The Secure Shell (SSH) Connection Protocol
RFC4256
Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
RFC4345
Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol
RFC4419
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
RFC5647
AES Galois Counter Mode for the Secure Shell Transport Layer Protocol
RFC5656
Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
RFC6668
SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol
RFC8268
More Modular Exponentiation (MODP) Diffie-Hellman (DH) Key Exchange (KEX) Groups for Secure Shell (SSH)
RFC8332
Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol

Tool-specific information

Unsupported features
Specification
Notes
Two-way cipher separation
RFC4250-RFC4254
SSHv2 supports separate cipher/digest suites for outgoing and incoming messages. At the moment, the suite requests and assumes that both directions have the same cipher/digest.

Tested messages
Specifications
Notes
Client Version
SSH1
SCP1
SSH1
Key Exchange init
RFC4253
Diffie-Hellman Key Exchange Init
RFC4252
Elliptic Curve Diffie-Hellman Key Exchange Init
RFC5656
Diffie-Hellman Group Exchange Request
RFC4419
Diffie-Hellman Group Exchange Init
RFC4419
Service Request
RFC4253
New Keys
RFC4253
User Authentication Request
RFC4252
Global Request
RFC4254
Channel Open
RFC4254
Window Adjust
RFC4254
Channel Data
RFC4254
Channel EOF
RFC4254
Channel Close
RFC4254
Channel Request
RFC4254
Ignore
RFC4253
Debug
RFC4253
Extended Data
RFC4254
Disconnect
RFC4253
No more sessions
OpenSSH extensions

Supported key exchange methods
Notes
curve25519-sha256

[email protected]

diffie-hellman-group1-sha1

diffie-hellman-group14-sha1

diffie-hellman-group14-sha256

diffie-hellman-group15-sha512

diffie-hellman-group16-sha512

diffie-hellman-group17-sha512

diffie-hellman-group18-sha512

diffie-hellman-group-exchange-sha1

Groups up to 8192 bits are supported

diffie-hellman-group-exchange-sha256

Groups up to 8192 bits are supported

ecdh-sha2-nistp256

ecdh-sha2-nistp384

ecdh-sha2-nistp521

Supported ciphers
Notes
AES128-CBC

AES192-CBC

AES256-CBC

AES128-CTR

AES192-CTR

AES256-CTR

[email protected]

[email protected]

ARCFOUR

ARCFOUR128

ARCFOUR256

None

3DES-CBC

3DES-CTR

[email protected]

Supported digests
Notes
HMAC-SHA1

HMAC-SHA1-96

[email protected]

HMAC-SHA2-256

[email protected]

HMAC-SHA2-512

[email protected]

HMAC-MD5

HMAC-MD5-96

HMAC-RIPEMD160

Supported authentication methods
Notes
Password

Keyboard-Interactive

Single response supported

SSH-RSA

SSH-DSS

SSH-ECDSA-256

Supported SafeGuard Checks

Authentication Bypass

Unexpected Data

Weak Cryptography

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis
Contact Us