Synopsys Software Integrity Group is now operating as Black Duck Software, Inc., a subsidiary of Synopsys. Click to learn more.

close search bar

Sorry, not available in this language yet

close language selection
SSHv2 Server Test Suite Data Sheet
Test Suite:
SSHv2 Server Test Suite
Direction:
Server

Secure Shell 2.0 or SSH 2 (hereafter SSHv2) is a secure communications protocol that encompasses several layers of architecture, including transport, authentication, and connection. One of the most common uses for SSHv2 is as stand-alone for simple terminal connection (TTY), but it is used to transport several other protocols such as SFTP, SCP, SSFS, GIT, SVN and many others. This test suite can be used for robustness testing of SSHv2 Server implementations.

Used specifications

Specification
Title
RFC4250

The Secure Shell (SSH) Protocol Assigned Numbers

RFC4251

The Secure Shell (SSH) Protocol Architecture

RFC4252

The Secure Shell (SSH) Authentication Protocol

RFC4253

The Secure Shell (SSH) Transport Layer Protocol

RFC4254

The Secure Shell (SSH) Connection Protocol

RFC4256

Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)

RFC4345

Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol

RFC4419

Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol

RFC5647

AES Galois Counter Mode for the Secure Shell Transport Layer Protocol

RFC5656

Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer

RFC6668

SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol

Tool-specific information

Unsupported features
Specification
Notes
Two-way cipher separation
RFC4250-RFC4254
SSHv2 supports separate cipher/digest suites for outgoing and incoming messages. At the moment, the suite requests and assumes that both directions have the same cipher/digest.

Tested messages
Specifications
Notes
Client Version
SSH1
SCP1
SSH1
Key Exchange init
RFC4253
Diffie-Hellman Key Exchange Init
RFC4252
Elliptic Curve Diffie-Hellman Key Exchange Init
RFC5656
Service Request
RFC4253
Diffie-Hellman Group Exchange Request
RFC4419
Diffie-Hellman Group Exchange Init
RFC4419
Service Request
RFC4253
New Keys
RFC4253
User Authentication Request
RFC4252
Global Request
RFC4254
Channel Open
RFC4254
Window Adjust
RFC4254
Channel Data
RFC4254
Channel EOF
RFC4254
Channel Close
RFC4254
Channel Request
RFC4254
Ignore
RFC4253
Debug
RFC4253
Extended Data
RFC4254
Disconnect
RFC4253
No more sessions
OpenSSH extensions

Supported key exchange methods
Notes
curve25519-sha256

curve25519-sha256@openssh.com

diffie-hellman-group1-sha1

diffie-hellman-group14-sha1

diffie-hellman-group-exchange-sha1

Groups up to 8192 bits are supported

diffie-hellman-group-exchange-sha256

Groups up to 8192 bits are supported

ecdh-sha2-nistp256

ecdh-sha2-nistp384

ecdh-sha2-nistp521

Supported ciphers
Notes
AES128-CBC

AES192-CBC

AES256-CBC

AES128-CTR

AES192-CTR

AES256-CTR

AES128-GCM@openssh.com

AES256-GCM@openssh.com

ARCFOUR

ARCFOUR128

ARCFOUR256

None

3DES-CBC

3DES-CTR

RIJNDAEL-CBC@lysator.liu.se

Supported digests
Notes
HMAC-SHA1

HMAC-SHA1-96

HMAC-SHA1-EtM@openssh.com

HMAC-SHA2-256

HMAC-SHA2-256-EtM@openssh.com

HMAC-SHA2-512

HMAC-SHA2-512-EtM@openssh.com

HMAC-MD5

HMAC-MD5-96

HMAC-RIPEMD160

Supported authentication methods
Notes
Password

Keyboard-Interactive

Single response supported

SSH-RSA

SSH-DSS

SSH-ECDSA-256

Supported SafeGuard Checks

Authentication Bypass

Unexpected Data

Weak Cryptography

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis