Ssh Key Exchange
Test suite for validating SSH access control options
SSH Connection Key Exchange
Description
Sets the SSH service with a single key exchange algorithm
(curve25519-sha256) and checks that the client can connect to the
remote server with that algorithm. Later, checks that using a
different algorithm fails.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.20/24 set service ssh key-exchange curve25519-sha256
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.21/24 set service ssh
Step 3: Init an SSH connection from DUT1 to IP address 10.215.168.20:
admin@DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null key-exchange curve25519-sha256Show output
Warning: Permanently added '10.215.168.20' (ED25519) to the list of known hosts. admin@10.215.168.20's password: Welcome to Teldat OSDx v3.8.1.7-beta3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Nov 23 23:15:40 2023 from 127.0.0.1 admin@osdx$
Step 4: Init an SSH connection from DUT1 to IP address 10.215.168.20:
admin@DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null key-exchange diffie-hellman-group14-sha1
SSH Connection Key Exchange (multiple)
Description
Sets the SSH service with multiple key exchange algorithms
(curve25519-sha256 and diffie-hellman-group-exchange-sha256)
and checks that the client can connect to the remote server with those
algorithms. Later, checks that using a different algorithm fails.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.20/24 set service ssh key-exchange curve25519-sha256,diffie-hellman-group-exchange-sha256
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.21/24 set service ssh
Step 3: Init an SSH connection from DUT1 to IP address 10.215.168.20:
admin@DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null key-exchange curve25519-sha256Show output
Warning: Permanently added '10.215.168.20' (ED25519) to the list of known hosts. admin@10.215.168.20's password: Welcome to Teldat OSDx v3.8.1.7-beta3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Nov 23 23:16:19 2023 from 10.215.168.21 admin@osdx$
Step 4: Init an SSH connection from DUT1 to IP address 10.215.168.20:
admin@DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null key-exchange diffie-hellman-group-exchange-sha256Show output
Warning: Permanently added '10.215.168.20' (ED25519) to the list of known hosts. admin@10.215.168.20's password: Welcome to Teldat OSDx v3.8.1.7-beta3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Nov 23 23:16:47 2023 from 10.215.168.21 admin@osdx$
Step 5: Init an SSH connection from DUT1 to IP address 10.215.168.20:
admin@DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null key-exchange diffie-hellman-group14-sha1