SSHv2 Server

Sorry, not available in this language yet

English
日本語
简体中文

AppSec SaaS Platform | Integrated, cloud-based AST solution optimized for development and DevSecOps teams.
AppSec IDE Plug-ins | Secure code as you write it in your IDE
Software Risk Management | Manage application security programs at enterprise scale
DevSecOps Integrations | Integrate AppSec tools into DevOps workflows

Static Analysis (SAST) | Address security and quality defects in code as it's being developed
Software Composition Analysis (SCA) | Secure and manage open source risks in applications and containers
Interactive Analysis (IAST) | Automate web security testing within your DevOps pipelines
Dynamic Analysis (DAST) | Continuous web application security testing in production.
Penetration Testing | Identify business-critical vulnerabilities with on-demand testing expertise.
Protocol Fuzzing | Identify defects and zero-day vulnerabilities in services and protocols

Program Strategy & Planning | Measure, scale, and optimize your AppSec program
Threat & Risk Assessments | Understand and address internal and external security risks
Security Training | Equip development teams with the skills they need to produce more secure software
Implementation & Deployment | Optimize utilization, management and deployment of AppSec tools
Security Testing Services | On-demand AppSec testing resources and expertise

Open Source & Security Audits | Comprehensive technical due diligence services for M&A

AI-generated code | Harness the power of AI coding assistants while managing the risks
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Consolidation | Simplify your application security program
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud
Open Source License Compliance | Effective solutions for ensuring open source license compliance
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators

Dev and DevOps Teams | Build secure software while maintaining developer productivity and pipeline velocity.
Security Teams | Align people, processes, and technology to minimize software risk and transform your business.
Legal Teams | Solutions to protect your IP and manage risk.

Financial Services | Protect sensitive customer and financial data from rapidly evolving security threats.
IoT & Embedded | Ensure your embedded and IoT devices are safe, secure, and reliable.
Automotive | Build software security & reliability into the modern connected car.
Telecommunications | Create seamless and safe mobile experiences, from silicon to software.
Aerospace & Defense | Solutions for automating mission-critical development.
Public Sector | Application security for government agencies and their suppliers.
Medical Device | Safeguard medical devices and applications.

SSHv2 Server Test Suite Data Sheet

Test Suite:

SSHv2 Server Test Suite

Direction:

Server

Secure Shell 2.0 or SSH 2 (hereafter SSHv2) is a secure communications protocol that encompasses several layers of architecture, including transport, authentication, and connection. One of the most common uses for SSHv2 is as stand-alone for simple terminal connection (TTY), but it is used to transport several other protocols such as SFTP, SCP, SSFS, GIT, SVN and many others. This test suite can be used for robustness testing of SSHv2 Server implementations.

Used specifications

Specification

Title

RFC4250

The Secure Shell (SSH) Protocol Assigned Numbers

RFC4251

The Secure Shell (SSH) Protocol Architecture

RFC4252

The Secure Shell (SSH) Authentication Protocol

RFC4253

The Secure Shell (SSH) Transport Layer Protocol

RFC4254

The Secure Shell (SSH) Connection Protocol

RFC4256

Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)

RFC4345

Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol

RFC4419

Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol

RFC5647

AES Galois Counter Mode for the Secure Shell Transport Layer Protocol

RFC5656

Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer

RFC6668

SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol

Tool-specific information

Unsupported features

Specification

Notes

Two-way cipher separation

RFC4250-RFC4254

SSHv2 supports separate cipher/digest suites for outgoing and incoming messages. At the moment, the suite requests and assumes that both directions have the same cipher/digest.

Tested messages

Specifications

Notes

Client Version

SSH1

SCP1

SSH1

Key Exchange init

RFC4253

Diffie-Hellman Key Exchange Init

RFC4252

Elliptic Curve Diffie-Hellman Key Exchange Init

RFC5656

Service Request

RFC4253

Diffie-Hellman Group Exchange Request

RFC4419

Diffie-Hellman Group Exchange Init

RFC4419

Service Request

RFC4253

New Keys

RFC4253

User Authentication Request

RFC4252

Global Request

RFC4254

Channel Open

RFC4254

Window Adjust

RFC4254

Channel Data

RFC4254

Channel EOF

RFC4254

Channel Close

RFC4254

Channel Request

RFC4254

Ignore

RFC4253

Debug

RFC4253

Extended Data

RFC4254

Disconnect

RFC4253

No more sessions

OpenSSH extensions

Supported key exchange methods

Notes

curve25519-sha256

curve25519-sha256@openssh.com

diffie-hellman-group1-sha1

diffie-hellman-group14-sha1

diffie-hellman-group-exchange-sha1

Groups up to 8192 bits are supported

diffie-hellman-group-exchange-sha256

Groups up to 8192 bits are supported

ecdh-sha2-nistp256

ecdh-sha2-nistp384

ecdh-sha2-nistp521

Supported ciphers

Notes

AES128-CBC

AES192-CBC

AES256-CBC

AES128-CTR

AES192-CTR

AES256-CTR

AES128-GCM@openssh.com

AES256-GCM@openssh.com

ARCFOUR

ARCFOUR128

ARCFOUR256

None

3DES-CBC

3DES-CTR

RIJNDAEL-CBC@lysator.liu.se

Supported digests

Notes

HMAC-SHA1

HMAC-SHA1-96

HMAC-SHA1-EtM@openssh.com

HMAC-SHA2-256

HMAC-SHA2-256-EtM@openssh.com

HMAC-SHA2-512

HMAC-SHA2-512-EtM@openssh.com

HMAC-MD5

HMAC-MD5-96

HMAC-RIPEMD160

Supported authentication methods

Notes

Password

Keyboard-Interactive

Single response supported

SSH-RSA

SSH-DSS

SSH-ECDSA-256

Authentication Bypass

Unexpected Data

Weak Cryptography

Test tool general features

Fully automated black-box negative testing
Ready-made test cases
Written in Java(tm)
GUI command line remote interface modes
Instrumentation (health-check) capability
Support and maintenance
Comprehensive user documentation
Results reporting and analysis