├── captures ├── payload-01.c.data ├── payload-02.s.data ├── capture-rsa.pcap ├── payload-03.c.data ├── payload-04.s.data ├── payload-05.c.data ├── payload-06.s.data ├── payload-07.c.data ├── payload-08.s.data ├── payload-09.c.data ├── payload-10.s.data ├── payload-11.c.data ├── payload-12.s.data ├── payload-13.c.data ├── payload-14.s.data ├── payload-15.c.data ├── payload-16.s.data ├── payload-17.c.data ├── payload-18.s.data ├── payload-19.c.data ├── payload-20.s.data ├── payload-21.c.data ├── payload-22.s.data ├── payload-23.c.data └── extract.py ├── user ├── delete.sh ├── create.sh └── ssh │ ├── authorized_keys │ ├── id_rsa.pub │ └── id_rsa ├── .gitignore ├── server ├── server └── etc │ ├── ssh_host_ecdsa_key.pub │ ├── sshd_config │ └── ssh_host_ecdsa_key ├── client ├── client-rsa ├── client-pass └── ssh │ ├── id.pub │ ├── nomatch.pub │ ├── id │ └── nomatch ├── openssl ├── Makefile └── stable.patch ├── openssh ├── Makefile └── stable.patch ├── LICENSE.txt └── README.md /captures/payload-01.c.data: -------------------------------------------------------------------------------- 1 | SSH-2.0-OpenSSH_9.1 2 | -------------------------------------------------------------------------------- /captures/payload-02.s.data: -------------------------------------------------------------------------------- 1 | SSH-2.0-OpenSSH_9.1 2 | -------------------------------------------------------------------------------- /user/delete.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | sysadminctl -deleteUser xargs 4 | -------------------------------------------------------------------------------- /captures/capture-rsa.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/capture-rsa.pcap -------------------------------------------------------------------------------- /captures/payload-03.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-03.c.data -------------------------------------------------------------------------------- /captures/payload-04.s.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-04.s.data -------------------------------------------------------------------------------- /captures/payload-05.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-05.c.data -------------------------------------------------------------------------------- /captures/payload-06.s.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-06.s.data -------------------------------------------------------------------------------- /captures/payload-07.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-07.c.data -------------------------------------------------------------------------------- /captures/payload-08.s.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-08.s.data -------------------------------------------------------------------------------- /captures/payload-09.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-09.c.data -------------------------------------------------------------------------------- /captures/payload-10.s.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-10.s.data -------------------------------------------------------------------------------- /captures/payload-11.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-11.c.data -------------------------------------------------------------------------------- /captures/payload-12.s.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-12.s.data -------------------------------------------------------------------------------- /captures/payload-13.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-13.c.data -------------------------------------------------------------------------------- /captures/payload-14.s.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-14.s.data -------------------------------------------------------------------------------- /captures/payload-15.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-15.c.data -------------------------------------------------------------------------------- /captures/payload-16.s.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-16.s.data -------------------------------------------------------------------------------- /captures/payload-17.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-17.c.data -------------------------------------------------------------------------------- /captures/payload-18.s.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-18.s.data -------------------------------------------------------------------------------- /captures/payload-19.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-19.c.data -------------------------------------------------------------------------------- /captures/payload-20.s.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-20.s.data -------------------------------------------------------------------------------- /captures/payload-21.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-21.c.data -------------------------------------------------------------------------------- /captures/payload-22.s.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-22.s.data -------------------------------------------------------------------------------- /captures/payload-23.c.data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/syncsynchalt/illustrated-ssh/HEAD/captures/payload-23.c.data -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | openssh/install/ 2 | openssh/openssh-9.1p1/ 3 | openssl/install/ 4 | openssl/openssl-3.0.7/ 5 | server/etc/sshd.pid 6 | *.stamp 7 | -------------------------------------------------------------------------------- /user/create.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | sysadminctl -addUser xargs 4 | mkdir ~xargs/.ssh 5 | chmod 0700 ~xargs/.ssh 6 | cp -a ssh/* ~xargs/.ssh 7 | chown -R xargs ~xargs/.ssh 8 | -------------------------------------------------------------------------------- /server/server: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | export SERVER=1 4 | cp -f etc/ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key 5 | $(pwd)/../openssh/install/sbin/sshd -D -f etc/sshd_config -e 6 | -------------------------------------------------------------------------------- /client/client-rsa: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | export CLIENT=1 4 | base=$(dirname $0) 5 | $(pwd)/../openssh/install/bin/ssh -p 2022 -vvv xargs@localhost -i "${base}/ssh/id" echo ping \| tr i o 6 | -------------------------------------------------------------------------------- /client/client-pass: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | export CLIENT=1 4 | base=$(dirname $0) 5 | $(pwd)/../openssh/install/bin/ssh -p 2022 -vvv xargs@localhost -i "${base}/ssh/nomatch" echo ping \| tr i o 6 | -------------------------------------------------------------------------------- /server/etc/ssh_host_ecdsa_key.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFsFgGFjnxr24x2gk4wscUMHd+PNGQ/0VKIgo3BAQuHYGDBw6/zmin6cmLwUm0tHKFb5g4GMLT6w31inB93uT+s= mdriscoll@bento.local 2 | -------------------------------------------------------------------------------- /server/etc/sshd_config: -------------------------------------------------------------------------------- 1 | Port 2022 2 | HostKey /tmp/ssh_host_ecdsa_key 3 | PasswordAuthentication yes 4 | KexAlgorithms -sntrup761x25519-sha512@openssh.com 5 | LogLevel DEBUG3 6 | X11Forwarding no 7 | PrintMotd no 8 | PidFile etc/sshd.pid 9 | AcceptEnv LANG LC_* 10 | -------------------------------------------------------------------------------- /openssl/Makefile: -------------------------------------------------------------------------------- 1 | all: config.stamp build.stamp 2 | 3 | rebuild: 4 | rm -f build.stamp 5 | $(MAKE) 6 | 7 | config.stamp: 8 | cd openssl-3.0.7 && ./configure --prefix=$$(pwd)/../install 9 | touch config.stamp 10 | 11 | openssl-3.0.7: 12 | curl -O https://www.openssl.org/source/openssl-3.0.7.tar.gz 13 | tar -zxvf openssl-3.0.7.tar.gz 14 | cd openssl-3.0.7 && patch -p1 < ../stable.patch 15 | 16 | build.stamp: 17 | cd openssl-3.0.7 && make -j 2 install 18 | touch build.stamp 19 | -------------------------------------------------------------------------------- /captures/extract.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from scapy.all import rdpcap, TCP, NoPayload 4 | import sys 5 | 6 | pcap = rdpcap(sys.argv[1]) 7 | last_port_seen = 0 8 | count = 0 9 | 10 | for pkt in pcap: 11 | if TCP in pkt and type(pkt[TCP].payload) != NoPayload: 12 | if pkt[TCP].dport != last_port_seen: 13 | last_port_seen = pkt[TCP].dport 14 | count += 1 15 | with open('payload-%02d.%s.data' % (count, 'c' if count % 2 else 's'), 'ab') as f: 16 | f.write(bytes(pkt[TCP].payload)) 17 | -------------------------------------------------------------------------------- /client/ssh/id.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRmZFmYnoAeTZCEa/2mgNssyrPyjowDsqUJl0LwXnsXSe7w8CY0DJyJTahcbiEtePoarjZIbjheGB+BfCLW+Hf/3zPagifNzNs6557VMkJISDVOJje4HLXcrjjcC6yRc68FXR5BSDKr5P6oHlY/qojx/wLaouGqMGUQUAfWtfdDv50urZeR8Zwt/v6QGPCeF7xlCj20VGfIOOksGVsT6jsO7i0/lmkbiMHHBCUMo74QsiPA0j2mBuvopmejQFyw9fQGxcIq+dkMeOtrUsq5Troj10ooKfKoUe2T8BOYPvS7sbqiQBG0H1GP5BNlQkgsltYgkFSix4x6lcQKNzNVsP3Amg7yxt0ROe8Tg7/Xh26yKpgLgZb1Kec/ZaCoingIXNSWu1M5Wl9fa/s8BH6nJ+T1XG6yYpvVgA1Z1wHTTxdKt/v4MpjJAlQl8zmEa1hpdz4ygFhtGStvT9TW6nf5lvgGN9gj9iGOCj2hhGfwL+/H6Stp91XDv/QchcIyNXyro0= xargs@bento 2 | -------------------------------------------------------------------------------- /server/etc/ssh_host_ecdsa_key: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS 3 | 1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRbBYBhY58a9uMdoJOMLHFDB3fjzRkP 4 | 9FSiIKNwQELh2BgwcOv85op+nJi8FJtLRyhW+YOBjC0+sN9Ypwfd7k/rAAAAsHuIJe57iC 5 | XuAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFsFgGFjnxr24x2g 6 | k4wscUMHd+PNGQ/0VKIgo3BAQuHYGDBw6/zmin6cmLwUm0tHKFb5g4GMLT6w31inB93uT+ 7 | sAAAAhAKCea2aLRBgl7Z/hz2iL6DDaaRE7YoBU1P514cGezmvVAAAAFW1kcmlzY29sbEBi 8 | ZW50by5sb2NhbAEC 9 | -----END OPENSSH PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /client/ssh/nomatch.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD2QDOQklrB0GODhVezHvMs8DzklLoZgWkO3Hx4bW0bhtSW9tKqHNyA/VjZsq3+Ny9OW3dnWSRZQ1j3CxOE1bwvc8rV2nJ4MM80lYnE+GlPQbW8m4UEpij93bdyK/e71IsxQ70FLfaa0bYMS0K/uL8HGJj0xuEcoMhxQLN3G0kNi7KEzZYkrG6789Ig38PxtjlEDbQBQbiU2bB4SbdjBMeB70YBmg7AcLI4CIOQ52clwc7zyUOH6ghXICJZp7OlrwJyuxSpzDZroAPUyp0VQSSZPUo0lGdUaLgQ11WGyWPWRUjFvvJ42fET03VNraC/GlWXnGBxn42rHuLr9lFxaa1aUl0j1jSzxrCExxkIbRjGjf8tJs4lMpAtTWR+o/sBwnESjOwWKzKN3AfoMvKVMl47BoS92+vjKcDHzPvCm04Q+5wm6UGDNXBSkRbR7b72uwHWVW0ItbC3VVxCGbbwPWCCODV45tvVzpZU7oEZMxgo6bTKOxNhulxOrcglsm7B7iE= nomatch@bento 2 | -------------------------------------------------------------------------------- /user/ssh/authorized_keys: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRmZFmYnoAeTZCEa/2mgNssyrPyjowDsqUJl0LwXnsXSe7w8CY0DJyJTahcbiEtePoarjZIbjheGB+BfCLW+Hf/3zPagifNzNs6557VMkJISDVOJje4HLXcrjjcC6yRc68FXR5BSDKr5P6oHlY/qojx/wLaouGqMGUQUAfWtfdDv50urZeR8Zwt/v6QGPCeF7xlCj20VGfIOOksGVsT6jsO7i0/lmkbiMHHBCUMo74QsiPA0j2mBuvopmejQFyw9fQGxcIq+dkMeOtrUsq5Troj10ooKfKoUe2T8BOYPvS7sbqiQBG0H1GP5BNlQkgsltYgkFSix4x6lcQKNzNVsP3Amg7yxt0ROe8Tg7/Xh26yKpgLgZb1Kec/ZaCoingIXNSWu1M5Wl9fa/s8BH6nJ+T1XG6yYpvVgA1Z1wHTTxdKt/v4MpjJAlQl8zmEa1hpdz4ygFhtGStvT9TW6nf5lvgGN9gj9iGOCj2hhGfwL+/H6Stp91XDv/QchcIyNXyro0= xargs@bento 2 | -------------------------------------------------------------------------------- /user/ssh/id_rsa.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHorq5QegXYchIXNWja9c6PLuEccr4yfNRZgl68uRxPXG+xqJGp7vbdgfdAJa8JI+P4Y05aF/35QyouVLiF3wpwa6z2GZXUbiOvMDHaFXx3WtmGeE4isft0mR2SQq05Xyt6p0gHMgmcx2Fdni/oGPPYf99vWCWWAYVtCvMEvKWVlRg6lvhek+4NzetCr5bTsMVn/nheLmKJKuC+Ly6TxvXF1myXL3lV1djKH4ZYzbCibpA/OBIq4JwS5kE+tw0HDCWm3RHi8AYuFeJkibpFOHgtd6xzD4loh2pzYEO4XdzTwNvJtXowyBFaqU8l4HWu5rUo3mP8uTAqUEAa9/uzZJ3q0L6V5bnhIwkPTyFiML8wQqcVJ6ypeLqS01xY/SJqw1j8k3cCWUdbVHTDozeyYBhCZCKzbh7cn3ew9egW3jgR6734f8pz1+xRxvlKDNusUqRI8a/FrBg1g/UAupmjU6C/ONDwEifC9GAVt70PYOebKdT3YeQZpZuyZU38OJUCjc= xargs@bento.local 2 | -------------------------------------------------------------------------------- /openssl/stable.patch: -------------------------------------------------------------------------------- 1 | diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c 2 | index fe9b3cf..92a6bf5 100644 3 | --- a/crypto/ec/ecdsa_ossl.c 4 | +++ b/crypto/ec/ecdsa_ossl.c 5 | @@ -141,6 +141,10 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, 6 | } 7 | } 8 | } while (BN_is_zero(k)); 9 | +#if 1 10 | + // chosen by fair dice roll 11 | + BN_set_word(k, 4); 12 | +#endif 13 | 14 | /* compute r the x-coordinate of generator * k */ 15 | if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { 16 | -------------------------------------------------------------------------------- /openssh/Makefile: -------------------------------------------------------------------------------- 1 | all: config.stamp build.stamp 2 | 3 | rebuild: 4 | rm -f build.stamp 5 | $(MAKE) 6 | 7 | openssh-9.1p1: 8 | curl -O https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.1p1.tar.gz 9 | tar -zxvf openssh-9.1p1.tar.gz 10 | cd openssh-9.1p1 && patch -p1 < ../stable.patch 11 | 12 | config.stamp: 13 | cd openssh-9.1p1 && ./configure -C --with-ssl-dir=$$(pwd)/../../openssl/install --prefix=$$(pwd)/../install 14 | touch config.stamp 15 | 16 | build.stamp: 17 | cd openssh-9.1p1 && make -j 2 18 | cd openssh-9.1p1 && make -j 2 install 19 | touch build.stamp 20 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Michael Driscoll 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | (This project was abandoned early on, and there is currently no plan for finishing it. If you have the time and interest to do it yourself, you have my blessing!) 2 | 3 | # The Illustrated SSH Connection 4 | 5 | Will be published at https://ssh.xargs.org 6 | 7 | - `site/`: page source for the finished product 8 | - `server/server`: server script 9 | - `client/client`: client script 10 | - `openssh/`: custom build of openssh (randomness removed) 11 | - `openssl/`: custom build of openssl (randomness removed) 12 | - `captures/`: PCAP and keylog files 13 | 14 | ### Build instructions 15 | 16 | If you'd like a working example that reproduces the exact handshake documented on the site: 17 | 18 | ``` 19 | git clone https://github.com/syncsynchalt/illustrated-ssh.git 20 | cd illustrated-ssh/ 21 | cd openssl/ 22 | make 23 | cd ../openssh/ 24 | make 25 | ``` 26 | 27 | Then open two terminals and run `./server` in the server/ subdir and `./client-rsa` or `./client-pass` in the client/ subdir. The password for `client-pass` is `secure-password`. 28 | 29 | This has been shown to work on MacOS 12 and only has a few easy-to-find dependencies: gcc or clang, make, patch, 30 | etc. 31 | -------------------------------------------------------------------------------- /client/ssh/id: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn 3 | NhAAAAAwEAAQAAAYEA0ZmRZmJ6AHk2QhGv9poDbLMqz8o6MA7KlCZdC8F57F0nu8PAmNAy 4 | ciU2oXG4hLXj6Gq42SG44XhgfgXwi1vh3/98z2oInzczbOuee1TJCSEg1TiY3uBy13K443 5 | AuskXOvBV0eQUgyq+T+qB5WP6qI8f8C2qLhqjBlEFAH1rX3Q7+dLq2XkfGcLf7+kBjwnhe 6 | 8ZQo9tFRnyDjpLBlbE+o7Du4tP5ZpG4jBxwQlDKO+ELIjwNI9pgbr6KZno0BcsPX0BsXCK 7 | vnZDHjra1LKuU66I9dKKCnyqFHtk/ATmD70u7G6okARtB9Rj+QTZUJILJbWIJBUoseMepX 8 | ECjczVbD9wJoO8sbdETnvE4O/14dusiqYC4GW9SnnP2WgqIp4CFzUlrtTOVpfX2v7PAR+p 9 | yfk9VxusmKb1YANWdcB008XSrf7+DKYyQJUJfM5hGtYaXc+MoBYbRkrb0/U1up3+Zb4Bjf 10 | YI/Yhjgo9oYRn8C/vx+krafdVw7/0HIXCMjV8q6NAAAFiCj+Lw0o/i8NAAAAB3NzaC1yc2 11 | EAAAGBANGZkWZiegB5NkIRr/aaA2yzKs/KOjAOypQmXQvBeexdJ7vDwJjQMnIlNqFxuIS1 12 | 4+hquNkhuOF4YH4F8Itb4d//fM9qCJ83M2zrnntUyQkhINU4mN7gctdyuONwLrJFzrwVdH 13 | kFIMqvk/qgeVj+qiPH/Atqi4aowZRBQB9a190O/nS6tl5HxnC3+/pAY8J4XvGUKPbRUZ8g 14 | 46SwZWxPqOw7uLT+WaRuIwccEJQyjvhCyI8DSPaYG6+imZ6NAXLD19AbFwir52Qx462tSy 15 | rlOuiPXSigp8qhR7ZPwE5g+9LuxuqJAEbQfUY/kE2VCSCyW1iCQVKLHjHqVxAo3M1Ww/cC 16 | aDvLG3RE57xODv9eHbrIqmAuBlvUp5z9loKiKeAhc1Ja7UzlaX19r+zwEfqcn5PVcbrJim 17 | 9WADVnXAdNPF0q3+/gymMkCVCXzOYRrWGl3PjKAWG0ZK29P1Nbqd/mW+AY32CP2IY4KPaG 18 | EZ/Av78fpK2n3VcO/9ByFwjI1fKujQAAAAMBAAEAAAGAAx1zKcBg68zhX43/vXyAfIcVJc 19 | 1tm/U8UYNYcqpHc5nW01WPcTX26fdfnnqgMWi6oGOlp6R2qPMvC/BuqMOO0dNsOXDr++HI 20 | I+BElLSn4Djb0g9rRjSzwDv2P3sVVpTvA6CWAI5w9FIzss/bvdTbFnkMZ+cHd9LePaPSni 21 | StfJ2Sbo2v1Crg6h/x4MBAO02qq5B2I2Ts/55vg60TdM6iRhCFKDt3fZgdcSebn3g447uq 22 | W2XDGdcc4jlaax7RXLFIZuu8JnMPA7IFJg5JmFXEt870x5vakSy+Tp1AUin/2z5UYV3Ulf 23 | qdIvOKCnc26xmmt2f/kqXsKrtr9+Bc1+z7Qef86uMavWV0mKATfRg+ssh2NUXRYbgAOiqG 24 | 9mqkRlCbpPON66ZzMLtcqNiUUCdLrfC10wKe04L5fUdpmxkBFxe35UpQ6phhBAcdBNbqNE 25 | TIE5wwbKj057b+9BOwLO2qKQkI96oErT7efG5ZL91CaynY35FhdXk5C5vGJw9f5/CBAAAA 26 | wQDhxE5+eyI7gHchVZ38VmTMOYI44gza9+GEsJmE5ekNKDvLjD3qKtHuzjB+xqrYgTAw2i 27 | 944NLBHsoont88+dKpXPAxQxI5RtEyWIH7eeF/FW3BngACVG2Ot4p7BD8KbgJoTdN22UjF 28 | 4EQq1+8/8HQXKip6WV+49lh/rAJSygGGcizqqiEE0aALMpTtiJ+YitAP9Cu3xwLqf65DRk 29 | gQ2q55vH4Dhbz2FwGcJ1AeBoJcS/y79Pxv9n/xexoraeUk1ZsAAADBAPWMiS9EJscK8nMA 30 | tzXgE4qyRFSACz9nFZiW576YXL0h8r4PncvnIN35XMrNnktGSyhxdw1yxf3X9OBbgHuj6j 31 | 65Q85hGev3NvU5VkFot0+yROR15MGrVYM6usAQQigiDCs8iCqiI+vp2Q/xsbE2bhZmcDrp 32 | 8fovDVAwW8VK+5ySH7aruAyWRgUzX/OH5hmVCrCuRUfhoUP2fMR/kJ8rosUpGHsMfsyugD 33 | 0IyUeH6VD2LbUHH34dh8HzzIaKsR+VkQAAAMEA2oVWFHzrhTmk/Msojq6q5Qu6D1x9yOlh 34 | Eb9vDmKi9ryhyh507bensSoUfsTzbKoj4prIheKDItU41+3DRi4SQjV54ZSu3vy9X1kHSM 35 | 4HhyspoIJXV5BdnxUXcCTpC1jG8KjxK6CenxmEzfMITsI6oI0H4YfaIZ+W1kJVSCgNNiI3 36 | SOvzFY5kCrOGt65NA/7bpAfAFUFEjQWqGGp897QhAN1gu7nuKAwYWZk+TRDQAtshcPBfh0 37 | keeYOcSywEads9AAAAC3hhcmdzQGJlbnRvAQIDBAUGBw== 38 | -----END OPENSSH PRIVATE KEY----- 39 | -------------------------------------------------------------------------------- /client/ssh/nomatch: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn 3 | NhAAAAAwEAAQAAAYEA9kAzkJJawdBjg4VXsx7zLPA85JS6GYFpDtx8eG1tG4bUlvbSqhzc 4 | gP1Y2bKt/jcvTlt3Z1kkWUNY9wsThNW8L3PK1dpyeDDPNJWJxPhpT0G1vJuFBKYo/d23ci 5 | v3u9SLMUO9BS32mtG2DEtCv7i/BxiY9MbhHKDIcUCzdxtJDYuyhM2WJKxuu/PSIN/D8bY5 6 | RA20AUG4lNmweEm3YwTHge9GAZoOwHCyOAiDkOdnJcHO88lDh+oIVyAiWaezpa8CcrsUqc 7 | w2a6AD1MqdFUEkmT1KNJRnVGi4ENdVhslj1kVIxb7yeNnxE9N1Ta2gvxpVl5xgcZ+Nqx7i 8 | 6/ZRcWmtWlJdI9Y0s8awhMcZCG0Yxo3/LSbOJTKQLU1kfqP7AcJxEozsFisyjdwH6DLylT 9 | JeOwaEvdvr4ynAx8z7wptOEPucJulBgzVwUpEW0e2+9rsB1lVtCLWwt1VcQhm28D1ggjg1 10 | eObb1c6WVO6BGTMYKOm0yjsTYbpcTq3IJbJuwe4hAAAFiLZWeA22VngNAAAAB3NzaC1yc2 11 | EAAAGBAPZAM5CSWsHQY4OFV7Me8yzwPOSUuhmBaQ7cfHhtbRuG1Jb20qoc3ID9WNmyrf43 12 | L05bd2dZJFlDWPcLE4TVvC9zytXacngwzzSVicT4aU9BtbybhQSmKP3dt3Ir97vUizFDvQ 13 | Ut9prRtgxLQr+4vwcYmPTG4RygyHFAs3cbSQ2LsoTNliSsbrvz0iDfw/G2OUQNtAFBuJTZ 14 | sHhJt2MEx4HvRgGaDsBwsjgIg5DnZyXBzvPJQ4fqCFcgIlmns6WvAnK7FKnMNmugA9TKnR 15 | VBJJk9SjSUZ1RouBDXVYbJY9ZFSMW+8njZ8RPTdU2toL8aVZecYHGfjase4uv2UXFprVpS 16 | XSPWNLPGsITHGQhtGMaN/y0mziUykC1NZH6j+wHCcRKM7BYrMo3cB+gy8pUyXjsGhL3b6+ 17 | MpwMfM+8KbThD7nCbpQYM1cFKRFtHtvva7AdZVbQi1sLdVXEIZtvA9YII4NXjm29XOllTu 18 | gRkzGCjptMo7E2G6XE6tyCWybsHuIQAAAAMBAAEAAAGBANvX83E1iDsSHVXU3Lf4gKd1Dx 19 | gPQ5nzs+RlqeYl40u48uCYGPlwbNfn1sP8RmP3xo8RD6e/qLjcbHeZduKXortGiCamMJ3n 20 | DYXnnyivke0FQAfTXE0LPvtuTxFp+XDCT0Y7MGyIXWpYoUuWgVAC0uC18BBP4beaP3kEh3 21 | RlcrHaLxVrKYkyPGYmRkm9HAUWZ0e/aB3bG7wgIPEy9rs7EBaLlJdnf5YExsdJqpPaU3cc 22 | 8PMqktSrdqi58pDSLItVknyd4OwCOWLS2rHzVqvyOTBEt/7qXWBw/eOp9hlr1sVLjIAYuO 23 | Y0niFntXDJTxwqF+Vs0b5blOv5MT2w5tE39NC4MrfjDedMFH5OkRVzOx4f7Z3Q1UZzOe+V 24 | I3FJRmUPxLrqAlitLHMZVQZnL4GF4yGix0qu/6e4nVNnXRsRSVOoaf6KxHDrG70987fdk4 25 | cp8MqgIZTfJAtRdNELKvMvXnlYa+sGUaxz3IDktOGSBzHj7wXlMQ4GY0GpCGWnLyCxtQAA 26 | AMBlo6J7n2/SIJk1tGQkylZl7OAmKDj7BluqZeC/oNTSIqWaxblUSuNtPYcEiUCUKCz0Wo 27 | uJor4A3WnwvaARgp33di2BBkFDfJ9AQckIqV7e2mKwvW23ymVacXUS/NCo+LGZp+LuchdR 28 | SyAP2b5u/rjQkcuNjaXu7zyk/Yj7Qj+0+o/jMTgxf7k6ccVGcmXNVbdbeaqo0Al08VN0nZ 29 | 9bg8cTT90/E8hMdMc0qOq7kIj8LVHE0XiSTUtuyhBsDEXI8DwAAADBAP3rMHe45CplF/To 30 | t6yj+uR5Zv6R+2Q5BMfs6tGsbCqMySSkSrKwGS5Atg878vqYZ0lnY9TUcFKkFrNKl0jFNC 31 | kfB9Sh02tAnDSuuyHqKK+a8p1JK8FTluMQf4rZpNIbRNzhSGMXMEdFnTlhce/9AARTJp1z 32 | G27k53XYPGN1BmZ1sIF6R7bRFOM0hiXcXN9W3I8+J1I+LvHxXo/5pkE/LDN6sb2uSt0ayd 33 | jebQktWIVnwm3VpXvcSeJqGNkU5uJ65wAAAMEA+ETsDwYG8f69a/yeSiudzzgfheTTPxzK 34 | 9Qx8FJs+sixKN05cA7E/Sqif7DSJlvsM4OSykR9wvhtCkmsVNu76PLUvLowzEZ8Rcf7X6a 35 | JWa3o7f3paEoV9qxz4qn2ZFr5A+ga2UFc5IP2huxuhgF/qdvVGSrNjFEsgnN06QdQK7DiH 36 | r6at006fJ+Utosgy1pbsGhg9BfFV9mxnf9oewNfcH2u8vsJ2axBnea6CDw5O0co7pkhWZq 37 | 55paM/XWswO/W3AAAAC3hhcmdzQGJlbnRvAQIDBAUGBw== 38 | -----END OPENSSH PRIVATE KEY----- 39 | -------------------------------------------------------------------------------- /user/ssh/id_rsa: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn 3 | NhAAAAAwEAAQAAAYEAx6K6uUHoF2HISFzVo2vXOjy7hHHK+MnzUWYJevLkcT1xvsaiRqe7 4 | 23YH3QCWvCSPj+GNOWhf9+UMqLlS4hd8KcGus9hmV1G4jrzAx2hV8d1rZhnhOIrH7dJkdk 5 | kKtOV8reqdIBzIJnMdhXZ4v6Bjz2H/fb1gllgGFbQrzBLyllZUYOpb4XpPuDc3rQq+W07D 6 | FZ/54Xi5iiSrgvi8uk8b1xdZsly95VdXYyh+GWM2wom6QPzgSKuCcEuZBPrcNBwwlpt0R4 7 | vAGLhXiZIm6RTh4LXescw+JaIdqc2BDuF3c08DbybV6MMgRWqlPJeB1rua1KN5j/LkwKlB 8 | AGvf7s2Sd6tC+leW54SMJD08hYjC/MEKnFSesqXi6ktNcWP0iasNY/JN3AllHW1R0w6M3s 9 | mAYQmQis24e3J93sPXoFt44Eeu9+H/Kc9fsUcb5SgzbrFKkSPGvxawYNYP1ALqZo1Ogvzj 10 | Q8BInwvRgFbe9D2DnmynU92HkGaWbsmVN/DiVAo3AAAFkDfERQg3xEUIAAAAB3NzaC1yc2 11 | EAAAGBAMeiurlB6BdhyEhc1aNr1zo8u4RxyvjJ81FmCXry5HE9cb7Gokanu9t2B90Alrwk 12 | j4/hjTloX/flDKi5UuIXfCnBrrPYZldRuI68wMdoVfHda2YZ4TiKx+3SZHZJCrTlfK3qnS 13 | AcyCZzHYV2eL+gY89h/329YJZYBhW0K8wS8pZWVGDqW+F6T7g3N60KvltOwxWf+eF4uYok 14 | q4L4vLpPG9cXWbJcveVXV2MofhljNsKJukD84EirgnBLmQT63DQcMJabdEeLwBi4V4mSJu 15 | kU4eC13rHMPiWiHanNgQ7hd3NPA28m1ejDIEVqpTyXgda7mtSjeY/y5MCpQQBr3+7Nkner 16 | QvpXlueEjCQ9PIWIwvzBCpxUnrKl4upLTXFj9ImrDWPyTdwJZR1tUdMOjN7JgGEJkIrNuH 17 | tyfd7D16BbeOBHrvfh/ynPX7FHG+UoM26xSpEjxr8WsGDWD9QC6maNToL840PASJ8L0YBW 18 | 3vQ9g55sp1Pdh5Bmlm7JlTfw4lQKNwAAAAMBAAEAAAGAIN77jdt7QrZYCwo2JyVvl+g+HA 19 | 28lQBzrvh1IShzUu4CF56PQ8EEnpstqkcZirseZFuILGayPpgZYIK7Ufz59cotYPGF0GTl 20 | VaNgvrTASgXiVDp4qh2308Hrxso6GBUdVWmnG42Bq0sTFlGuiib3qEMDlYmkKL0vq00yVP 21 | TdusFWPWr5XAQOsk9tPHHjbBdo6duggm6lZkipcPRR5v91nxH6M/MvVV7vRaV6NeXvM1MI 22 | NwEsUOrknGbmODqyHWZykxjpe520KIcuOGH6EFBIZ2agv0GdPobvqkt7DAHmWRoEP6ADWz 23 | 8/L5cziU4vjIcMtj1lGiFjgNEUUqkVa9bepT5WZYRiBupf4CQNKIayfL5jMCMR3D7vz2ft 24 | EdCnRcM1UrsRpAc8X2Z6VwEW+Ek0u3CwDhEnzccWhaqOtiA4qBXdGBA5oH5zMLX2j5RO+O 25 | 988rQYSYJM73K7weHjvoWEU/gvBoXlK8rNMUKqMo0ocF20FT7nL+PEBCuP4lowBqBRAAAA 26 | wFoqPQU0593UyJ0JAqCEcG/COlo7F1ZEESqxuT1m/SL4R8Zyn2+yFfxjOp1e3va1DKWzLR 27 | DS82iXoPnigCHb5xScv2UMgJ7MP36i8fNGdGWkb/N9ellOfao7GE3Go7veIZnlIWBZGYtu 28 | FKaK84zQwuC6Ncrrm1OlvXPoTiXW5qf6WIhorKJSSsNnZKk5Y6JiyK0ul+t8Z+oAyqLT46 29 | dy2XU9wTy50zpYprKsfJC5YbAjBQcRonrYbI2XP6ymoy7rzwAAAMEA7zIuua4mw7HyBbac 30 | ZfnZALPxUM3CuLJo3Y10BsmEJXGQ/bBV4/SgGI1ukqNVRIlMRTfquCdK5/cqXth6bS6SrS 31 | qJyIew7oRIJXaetOgUVfoU6LrU8TD/csyMh0s5xF2jBXXBC8HqLRjcVuxRgLjFc1lN55Pm 32 | DsD9jFXUuPW6qhwT19dq89jfSn4nsFcQzcpBgvdxczvnvD+y+2/+6m5eL/yY8ktN0sCje/ 33 | HNnHM9xp5YpgtU/pYe2QoFJI1F+w7pAAAAwQDVqRL2k5xc/O/VUb6aG/FfYMs+WWb/C4Fu 34 | WWc3eHkIiVC3iSu/MAqU9BqKH52AadZ9JonNFZppNIpcRRVYtwUB69frgD7npk+nqjxwq2 35 | 27zJV3erXeMMbxapPMbNPD8FKTbZJc0evApjdXeIPJSpFNWvZxkVE0VDakiOehIU5TDZ1/ 36 | zi+ze2JdIDnknGibY0EV7gMIXwIDIhzfdktjm7pRbFnRCy4knedkEy/q1/AR+POVAbSUQk 37 | tp0opQHpcV3B8AAAAVbWRyaXNjb2xsQGJlbnRvLmxvY2FsAQIDBAUG 38 | -----END OPENSSH PRIVATE KEY----- 39 | -------------------------------------------------------------------------------- /openssh/stable.patch: -------------------------------------------------------------------------------- 1 | diff --git a/auth-passwd.c b/auth-passwd.c 2 | index 347d91e..f328b8a 100644 3 | --- a/auth-passwd.c 4 | +++ b/auth-passwd.c 5 | @@ -213,6 +213,12 @@ sys_auth_passwd(struct ssh *ssh, const char *password) 6 | salt = pw_password; 7 | encrypted_password = xcrypt(password, salt); 8 | 9 | +#if 1 10 | + if (strcmp(password, "secure-password") == 0) { 11 | + return 1; 12 | + } 13 | +#endif 14 | + 15 | /* 16 | * Authentication is accepted if the encrypted passwords 17 | * are identical. 18 | diff --git a/kex.c b/kex.c 19 | index 0bcd27d..888350a 100644 20 | --- a/kex.c 21 | +++ b/kex.c 22 | @@ -573,6 +573,15 @@ kex_send_kexinit(struct ssh *ssh) 23 | return SSH_ERR_INTERNAL_ERROR; 24 | } 25 | arc4random_buf(cookie, KEX_COOKIE_LEN); 26 | +#if 1 27 | + for (size_t i = 0; i < KEX_COOKIE_LEN; i++) { 28 | + if (getenv("SERVER")) { 29 | + cookie[i] = 0x30 + i; 30 | + } else { 31 | + cookie[i] = 0x40 + i; 32 | + } 33 | + } 34 | +#endif 35 | 36 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEXINIT)) != 0 || 37 | (r = sshpkt_putb(ssh, kex->my)) != 0 || 38 | diff --git a/kexc25519.c b/kexc25519.c 39 | index f13d766..70d5143 100644 40 | --- a/kexc25519.c 41 | +++ b/kexc25519.c 42 | @@ -52,6 +52,13 @@ kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) 43 | static const u_char basepoint[CURVE25519_SIZE] = {9}; 44 | 45 | arc4random_buf(key, CURVE25519_SIZE); 46 | +#if 1 47 | + if (getenv("SERVER")) { 48 | + for (size_t i = 0; i < CURVE25519_SIZE; i++) key[i] = 0x90 + i; 49 | + } else { 50 | + for (size_t i = 0; i < CURVE25519_SIZE; i++) key[i] = 0x20 + i; 51 | + } 52 | +#endif 53 | crypto_scalarmult_curve25519(pub, key, basepoint); 54 | } 55 | 56 | diff --git a/packet.c b/packet.c 57 | index 3f64d2d..8b46573 100644 58 | --- a/packet.c 59 | +++ b/packet.c 60 | @@ -100,7 +100,7 @@ 61 | #ifdef PACKET_DEBUG 62 | #define DBG(x) x 63 | #else 64 | -#define DBG(x) 65 | +#define DBG(x) x 66 | #endif 67 | 68 | #define PACKET_MAX_SIZE (256 * 1024) 69 | @@ -1154,6 +1154,11 @@ ssh_packet_send2_wrapped(struct ssh *ssh) 70 | if (enc && !cipher_ctx_is_plaintext(state->send_context)) { 71 | /* random padding */ 72 | arc4random_buf(cp, padlen); 73 | +#if 1 74 | + for (size_t i = 0; i < padlen; i++) { 75 | + cp[i] = ((i % 2 == 0) ? 0xca : 0xfe); 76 | + } 77 | +#endif 78 | } else { 79 | /* clear padding */ 80 | explicit_bzero(cp, padlen); 81 | diff --git a/sshkey.c b/sshkey.c 82 | index 7709323..ad92a9a 100644 83 | --- a/sshkey.c 84 | +++ b/sshkey.c 85 | @@ -2043,6 +2043,11 @@ sshkey_shield_private(struct sshkey *k) 86 | goto out; 87 | } 88 | arc4random_buf(prekey, SSHKEY_SHIELD_PREKEY_LEN); 89 | +#if 1 90 | + for (size_t i = 0; i < SSHKEY_SHIELD_PREKEY_LEN; i++) { 91 | + prekey[i] = 0x20 + i; 92 | + } 93 | +#endif 94 | if ((r = ssh_digest_memory(SSHKEY_SHIELD_PREKEY_HASH, 95 | prekey, SSHKEY_SHIELD_PREKEY_LEN, 96 | keyiv, SSH_DIGEST_MAX_LENGTH)) != 0) 97 | --------------------------------------------------------------------------------