Ssh Cipher
Test suite for validating SSH cipher options
SSH Connection Specific Cipher
Description
Sets the SSH service to only accept a single cipher (AES256-CBC)
and checks that a client can connect to the remote server using that
cipher. Later on, checks that it cannot connect using a different
cipher.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.20/24 set service ssh cipher aes256-cbc
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.21/24 set service ssh
Step 3: Init an SSH connection from DUT1 to IP address 10.215.168.20:
admin@DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null cipher aes256-cbcShow output
Warning: Permanently added '10.215.168.20' (ED25519) to the list of known hosts. admin@10.215.168.20's password: Welcome to Teldat OSDx v3.8.1.7-beta3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Nov 23 23:10:51 2023 admin@osdx$
Step 4: Init an SSH connection from DUT1 to IP address 10.215.168.20:
admin@DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null cipher 3des-cbc
SSH Connection Multiple Ciphers
Description
Sets the SSH service to accept multiple ciphers (AES256-CBC and
AES128-CTR) and checks that a client can connect to the remote
server using any of the two ciphers.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.20/24 set service ssh cipher aes256-cbc,aes128-ctr
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.21/24 set service ssh
Step 3: Init an SSH connection from DUT1 to IP address 10.215.168.20:
admin@DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null cipher aes256-cbcShow output
Warning: Permanently added '10.215.168.20' (ED25519) to the list of known hosts. admin@10.215.168.20's password: Welcome to Teldat OSDx v3.8.1.7-beta3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Nov 23 23:11:04 2023 from 10.215.168.21 admin@osdx$
Step 4: Init an SSH connection from DUT1 to IP address 10.215.168.20:
admin@DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null cipher aes128-ctrShow output
Warning: Permanently added '10.215.168.20' (ED25519) to the list of known hosts. admin@10.215.168.20's password: Welcome to Teldat OSDx v3.8.1.7-beta3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Nov 23 23:11:32 2023 from 10.215.168.21 admin@osdx$
Step 5: Init an SSH connection from DUT1 to IP address 10.215.168.20:
admin@DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null cipher 3des-cbc