summaryrefslogtreecommitdiffstats
path: root/test/docker
diff options
context:
space:
mode:
Diffstat (limited to 'test/docker')
-rw-r--r--test/docker/.ed25519.sk1
-rw-r--r--test/docker/Dockerfile32
-rwxr-xr-xtest/docker/debug.sh9
-rw-r--r--test/docker/dropbear_dss_host_keybin0 -> 458 bytes
-rw-r--r--test/docker/dropbear_ecdsa_host_keybin0 -> 141 bytes
-rw-r--r--test/docker/dropbear_rsa_host_key_1024bin0 -> 421 bytes
-rw-r--r--test/docker/dropbear_rsa_host_key_3072bin0 -> 1189 bytes
-rw-r--r--test/docker/ed25519.pk1
-rw-r--r--test/docker/expected_results/dropbear_2019.78_test1.json1
-rw-r--r--test/docker/expected_results/dropbear_2019.78_test1.txt88
-rw-r--r--test/docker/expected_results/openssh_4.0p1_test1.json1
-rw-r--r--test/docker/expected_results/openssh_4.0p1_test1.txt145
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test1.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test1.txt3
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test10.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test10.txt13
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test2.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test2.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test3.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test3.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test4.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test4.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test5.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test5.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test7.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test7.txt3
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test8.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test8.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test9.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test9.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test1.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test1.txt153
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test2.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test2.txt153
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test3.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test3.txt153
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test4.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test4.txt152
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test5.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test5.txt151
-rw-r--r--test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.txt3
-rw-r--r--test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt9
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test11.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test11.txt3
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test12.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test12.txt17
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test13.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test13.txt3
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test14.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test14.txt9
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test6.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test6.txt3
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test1.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test1.txt85
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test2.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test2.txt77
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test3.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test3.txt38
-rw-r--r--test/docker/expected_results/tinyssh_20190101_test1.json1
-rw-r--r--test/docker/expected_results/tinyssh_20190101_test1.txt25
-rw-r--r--test/docker/host_ca_ed255197
-rw-r--r--test/docker/host_ca_ed25519.pub1
-rw-r--r--test/docker/host_ca_rsa_102415
-rw-r--r--test/docker/host_ca_rsa_1024.pub1
-rw-r--r--test/docker/host_ca_rsa_307239
-rw-r--r--test/docker/host_ca_rsa_3072.pub1
-rw-r--r--test/docker/moduli_102444
-rw-r--r--test/docker/policies/policy_test1.txt10
-rw-r--r--test/docker/policies/policy_test10.txt39
-rw-r--r--test/docker/policies/policy_test11.txt35
-rw-r--r--test/docker/policies/policy_test12.txt35
-rw-r--r--test/docker/policies/policy_test13.txt38
-rw-r--r--test/docker/policies/policy_test14.txt38
-rw-r--r--test/docker/policies/policy_test2.txt10
-rw-r--r--test/docker/policies/policy_test3.txt10
-rw-r--r--test/docker/policies/policy_test4.txt10
-rw-r--r--test/docker/policies/policy_test5.txt10
-rw-r--r--test/docker/policies/policy_test6.txt12
-rw-r--r--test/docker/policies/policy_test7.txt39
-rw-r--r--test/docker/policies/policy_test8.txt39
-rw-r--r--test/docker/policies/policy_test9.txt39
-rw-r--r--test/docker/ssh1_host_keybin0 -> 536 bytes
-rw-r--r--test/docker/ssh1_host_key.pub1
-rw-r--r--test/docker/ssh_host_dsa_key12
-rw-r--r--test/docker/ssh_host_dsa_key.pub1
-rw-r--r--test/docker/ssh_host_ecdsa_key5
-rw-r--r--test/docker/ssh_host_ecdsa_key.pub1
-rw-r--r--test/docker/ssh_host_ed25519_key7
-rw-r--r--test/docker/ssh_host_ed25519_key-cert.pub1
-rw-r--r--test/docker/ssh_host_ed25519_key.pub1
-rw-r--r--test/docker/ssh_host_rsa_key_102415
-rw-r--r--test/docker/ssh_host_rsa_key_1024-cert_1024.pub1
-rw-r--r--test/docker/ssh_host_rsa_key_1024-cert_3072.pub1
-rw-r--r--test/docker/ssh_host_rsa_key_1024.pub1
-rw-r--r--test/docker/ssh_host_rsa_key_307239
-rw-r--r--test/docker/ssh_host_rsa_key_3072-cert_1024.pub1
-rw-r--r--test/docker/ssh_host_rsa_key_3072-cert_3072.pub1
-rw-r--r--test/docker/ssh_host_rsa_key_3072.pub1
100 files changed, 1971 insertions, 0 deletions
diff --git a/test/docker/.ed25519.sk b/test/docker/.ed25519.sk
new file mode 100644
index 0000000..58b097b
--- /dev/null
+++ b/test/docker/.ed25519.sk
@@ -0,0 +1 @@
+iܛV违Z/D<|Sz=:1vu}Jݷ"^Bb&UP CJ? \ No newline at end of file
diff --git a/test/docker/Dockerfile b/test/docker/Dockerfile
new file mode 100644
index 0000000..eef0139
--- /dev/null
+++ b/test/docker/Dockerfile
@@ -0,0 +1,32 @@
+FROM ubuntu:16.04
+
+COPY openssh-4.0p1/sshd /openssh/sshd-4.0p1
+COPY openssh-5.6p1/sshd /openssh/sshd-5.6p1
+COPY openssh-8.0p1/sshd /openssh/sshd-8.0p1
+COPY dropbear-2019.78/dropbear /dropbear/dropbear-2019.78
+COPY tinyssh-20190101/build/bin/tinysshd /tinysshd/tinyssh-20190101
+
+# Dropbear host keys.
+COPY dropbear_*_host_key* /etc/dropbear/
+
+# OpenSSH configs.
+COPY sshd_config* /etc/ssh/
+
+# OpenSSH host keys & moduli file.
+COPY ssh_host_* /etc/ssh/
+COPY ssh1_host_* /etc/ssh/
+COPY moduli_1024 /usr/local/etc/moduli
+
+# TinySSH host keys.
+COPY ed25519.pk /etc/tinyssh/
+COPY .ed25519.sk /etc/tinyssh/
+
+COPY debug.sh /debug.sh
+
+RUN apt update 2> /dev/null
+RUN apt install -y libssl-dev strace rsyslog ucspi-tcp 2> /dev/null
+RUN apt clean 2> /dev/null
+RUN useradd -s /bin/false sshd
+RUN mkdir /var/empty
+
+EXPOSE 22
diff --git a/test/docker/debug.sh b/test/docker/debug.sh
new file mode 100755
index 0000000..c4be343
--- /dev/null
+++ b/test/docker/debug.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# This script is run on in docker container. It will enable logging for sshd in
+# /var/log/auth.log.
+
+/etc/init.d/rsyslog start
+sleep 1
+/openssh/sshd-5.6p1 -o LogLevel=DEBUG3 -f /etc/ssh/sshd_config-5.6p1_test1
+/bin/bash
diff --git a/test/docker/dropbear_dss_host_key b/test/docker/dropbear_dss_host_key
new file mode 100644
index 0000000..3388632
--- /dev/null
+++ b/test/docker/dropbear_dss_host_key
Binary files differ
diff --git a/test/docker/dropbear_ecdsa_host_key b/test/docker/dropbear_ecdsa_host_key
new file mode 100644
index 0000000..318ebb0
--- /dev/null
+++ b/test/docker/dropbear_ecdsa_host_key
Binary files differ
diff --git a/test/docker/dropbear_rsa_host_key_1024 b/test/docker/dropbear_rsa_host_key_1024
new file mode 100644
index 0000000..d9ce331
--- /dev/null
+++ b/test/docker/dropbear_rsa_host_key_1024
Binary files differ
diff --git a/test/docker/dropbear_rsa_host_key_3072 b/test/docker/dropbear_rsa_host_key_3072
new file mode 100644
index 0000000..006249a
--- /dev/null
+++ b/test/docker/dropbear_rsa_host_key_3072
Binary files differ
diff --git a/test/docker/ed25519.pk b/test/docker/ed25519.pk
new file mode 100644
index 0000000..82cfb47
--- /dev/null
+++ b/test/docker/ed25519.pk
@@ -0,0 +1 @@
+1vu}Jݷ"^Bb&UP CJ? \ No newline at end of file
diff --git a/test/docker/expected_results/dropbear_2019.78_test1.json b/test/docker/expected_results/dropbear_2019.78_test1.json
new file mode 100644
index 0000000..186cb06
--- /dev/null
+++ b/test/docker/expected_results/dropbear_2019.78_test1.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-dropbear_2019.78", "software": "dropbear_2019.78"}, "compression": ["zlib@openssh.com", "none"], "enc": ["aes128-ctr", "aes256-ctr", "aes128-cbc", "aes256-cbc", "3des-ctr", "3des-cbc"], "fingerprints": [{"hash": "CDfAU12pjQS7/91kg7gYacza0U/6PDbE04Ic3IpYxkM", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "63:7f:54:f7:0a:28:7f:75:0b:f4:07:0b:fc:66:51:a2", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "curve25519-sha256"}, {"algorithm": "curve25519-sha256@libssh.org"}, {"algorithm": "ecdh-sha2-nistp521"}, {"algorithm": "ecdh-sha2-nistp384"}, {"algorithm": "ecdh-sha2-nistp256"}, {"algorithm": "diffie-hellman-group14-sha256"}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "kexguess2@matt.ucc.asn.au"}], "key": [{"algorithm": "ecdsa-sha2-nistp256"}, {"algorithm": "ssh-rsa", "keysize": 1024}, {"algorithm": "ssh-dss"}], "mac": ["hmac-sha1-96", "hmac-sha1", "hmac-sha2-256"], "target": "localhost"}
diff --git a/test/docker/expected_results/dropbear_2019.78_test1.txt b/test/docker/expected_results/dropbear_2019.78_test1.txt
new file mode 100644
index 0000000..93205f4
--- /dev/null
+++ b/test/docker/expected_results/dropbear_2019.78_test1.txt
@@ -0,0 +1,88 @@
+# general
+(gen) banner: SSH-2.0-dropbear_2019.78
+(gen) software: Dropbear SSH 2019.78
+(gen) compatibility: OpenSSH 7.4+ (some functionality from 6.6), Dropbear SSH 2018.76+
+(gen) compression: enabled (zlib@openssh.com)
+
+# key exchange algorithms
+(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
+(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) kexguess2@matt.ucc.asn.au -- [info] available since Dropbear SSH 2013.57
+
+# host-key algorithms
+(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
+ `- [warn] using weak random number generator could reveal the key
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-dss -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
+ `- [warn] using weak random number generator could reveal the key
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) 3des-ctr -- [fail] using weak cipher
+ `- [info] available since Dropbear SSH 0.52
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+
+# message authentication code algorithms
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+
+# fingerprints
+(fin) ssh-rsa: SHA256:CDfAU12pjQS7/91kg7gYacza0U/6PDbE04Ic3IpYxkM
+
+# algorithm recommendations (for Dropbear SSH 2019.78)
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -3des-ctr -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove 
+(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -ssh-dss -- key algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append 
+(rec) +twofish128-ctr -- enc algorithm to append 
+(rec) +twofish256-ctr -- enc algorithm to append 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -hmac-sha2-256 -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_4.0p1_test1.json b/test/docker/expected_results/openssh_4.0p1_test1.json
new file mode 100644
index 0000000..33e63cf
--- /dev/null
+++ b/test/docker/expected_results/openssh_4.0p1_test1.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [1, 99], "raw": "SSH-1.99-OpenSSH_4.0", "software": "OpenSSH_4.0"}, "compression": ["none", "zlib"], "enc": ["aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "arcfour", "aes192-cbc", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes128-ctr", "aes192-ctr", "aes256-ctr"], "fingerprints": [{"hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 1024}, {"algorithm": "ssh-dss"}], "mac": ["hmac-md5", "hmac-sha1", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_4.0p1_test1.txt b/test/docker/expected_results/openssh_4.0p1_test1.txt
new file mode 100644
index 0000000..419105a
--- /dev/null
+++ b/test/docker/expected_results/openssh_4.0p1_test1.txt
@@ -0,0 +1,145 @@
+# general
+(gen) banner: SSH-1.99-OpenSSH_4.0
+(gen) protocol SSH1 enabled
+(gen) software: OpenSSH 4.0
+(gen) compatibility: OpenSSH 3.9-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+(cve) CVE-2008-5161 -- (CVSSv2: 2.6) recover plaintext data from ciphertext
+(cve) CVE-2008-4109 -- (CVSSv2: 5.0) cause DoS via multiple login attempts (slot exhaustion)
+(cve) CVE-2008-1657 -- (CVSSv2: 6.5) bypass command restrictions via modifying session file
+(cve) CVE-2008-1483 -- (CVSSv2: 6.9) hijack forwarded X11 connections
+(cve) CVE-2007-4752 -- (CVSSv2: 7.5) privilege escalation via causing an X client to be trusted
+(cve) CVE-2007-2243 -- (CVSSv2: 5.0) discover valid usernames through different responses
+(cve) CVE-2006-5052 -- (CVSSv2: 5.0) discover valid usernames through different responses
+(cve) CVE-2006-5051 -- (CVSSv2: 9.3) cause DoS or execute arbitrary code (double free)
+(cve) CVE-2006-4924 -- (CVSSv2: 7.8) cause DoS via crafted packet (CPU consumption)
+(cve) CVE-2006-0225 -- (CVSSv2: 4.6) execute arbitrary code
+(cve) CVE-2005-2798 -- (CVSSv2: 5.0) leak data about authentication credentials
+(sec) SSH v1 enabled -- SSH v1 can be exploited to recover plaintext passwords
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-dss -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
+ `- [warn] using weak random number generator could reveal the key
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+
+# encryption algorithms (ciphers)
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4
+
+# algorithm recommendations (for OpenSSH 4.0)
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-dss -- key algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.json
new file mode 100644
index 0000000..52d9e38
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test1 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.txt
new file mode 100644
index 0000000..01146f8
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Docker policy: test1 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.json
new file mode 100644
index 0000000..7bf35ae
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["3072"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA host key (ssh-rsa-cert-v01@openssh.com) sizes"}, {"actual": ["1024"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes"}], "host": "localhost", "passed": false, "policy": "Docker poliicy: test10 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.txt
new file mode 100644
index 0000000..7f8befc
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.txt
@@ -0,0 +1,13 @@
+Host: localhost:2222
+Policy: Docker poliicy: test10 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
+ - Expected: 4096
+ - Actual: 1024
+
+ * RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
+ - Expected: 4096
+ - Actual: 3072
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.json
new file mode 100644
index 0000000..4d39f6a
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"], "expected_optional": [""], "expected_required": ["kex_alg1", "kex_alg2"], "mismatched_field": "Key exchanges"}], "host": "localhost", "passed": false, "policy": "Docker policy: test2 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.txt
new file mode 100644
index 0000000..e88e44b
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker policy: test2 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * Key exchanges did not match.
+ - Expected: kex_alg1, kex_alg2
+ - Actual: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.json
new file mode 100644
index 0000000..519fc40
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["ssh-rsa", "ssh-dss"], "expected_optional": [""], "expected_required": ["ssh-rsa", "ssh-dss", "key_alg1"], "mismatched_field": "Host keys"}], "host": "localhost", "passed": false, "policy": "Docker policy: test3 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.txt
new file mode 100644
index 0000000..cf7eefc
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker policy: test3 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * Host keys did not match.
+ - Expected: ssh-rsa, ssh-dss, key_alg1
+ - Actual: ssh-rsa, ssh-dss
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.json
new file mode 100644
index 0000000..83db23b
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "expected_optional": [""], "expected_required": ["cipher_alg1", "cipher_alg2"], "mismatched_field": "Ciphers"}], "host": "localhost", "passed": false, "policy": "Docker policy: test4 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.txt
new file mode 100644
index 0000000..514b715
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker policy: test4 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * Ciphers did not match.
+ - Expected: cipher_alg1, cipher_alg2
+ - Actual: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.json
new file mode 100644
index 0000000..3fbfe09
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "expected_optional": [""], "expected_required": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac_alg1", "hmac-md5-96"], "mismatched_field": "MACs"}], "host": "localhost", "passed": false, "policy": "Docker policy: test5 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.txt
new file mode 100644
index 0000000..746ca8c
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker policy: test5 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * MACs did not match.
+ - Expected: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac_alg1, hmac-md5-96
+ - Actual: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.json
new file mode 100644
index 0000000..cb4b860
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Docker poliicy: test7 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.txt
new file mode 100644
index 0000000..4014b23
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Docker poliicy: test7 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.json
new file mode 100644
index 0000000..a7fa650
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["1024"], "expected_optional": [""], "expected_required": ["2048"], "mismatched_field": "RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes"}], "host": "localhost", "passed": false, "policy": "Docker poliicy: test8 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.txt
new file mode 100644
index 0000000..36dceba
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker poliicy: test8 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
+ - Expected: 2048
+ - Actual: 1024
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.json
new file mode 100644
index 0000000..6e9faec
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["3072"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA host key (ssh-rsa-cert-v01@openssh.com) sizes"}], "host": "localhost", "passed": false, "policy": "Docker poliicy: test9 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.txt
new file mode 100644
index 0000000..fc91c9f
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker poliicy: test9 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
+ - Expected: 4096
+ - Actual: 3072
+
diff --git a/test/docker/expected_results/openssh_5.6p1_test1.json b/test/docker/expected_results/openssh_5.6p1_test1.json
new file mode 100644
index 0000000..f189bd8
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test1.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6"}, "compression": ["none", "zlib@openssh.com"], "enc": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "fingerprints": [{"hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024}, {"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 1024}, {"algorithm": "ssh-dss"}], "mac": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_5.6p1_test1.txt b/test/docker/expected_results/openssh_5.6p1_test1.txt
new file mode 100644
index 0000000..014d7e7
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test1.txt
@@ -0,0 +1,153 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_5.6
+(gen) software: OpenSSH 5.6
+(gen) compatibility: OpenSSH 4.7-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib@openssh.com)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
+(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
+(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack
+(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-dss -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
+ `- [warn] using weak random number generator could reveal the key
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4
+
+# algorithm recommendations (for OpenSSH 5.6)
+(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) 
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -arcfour128 -- enc algorithm to remove 
+(rec) -arcfour256 -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-dss -- key algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_5.6p1_test2.json b/test/docker/expected_results/openssh_5.6p1_test2.json
new file mode 100644
index 0000000..64d1590
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test2.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6"}, "compression": ["none", "zlib@openssh.com"], "enc": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "fingerprints": [{"hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024}, {"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 1024}, {"algorithm": "ssh-rsa-cert-v01@openssh.com", "casize": 1024, "keysize": 1024}], "mac": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_5.6p1_test2.txt b/test/docker/expected_results/openssh_5.6p1_test2.txt
new file mode 100644
index 0000000..2a6825f
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test2.txt
@@ -0,0 +1,153 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_5.6
+(gen) software: OpenSSH 5.6
+(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib@openssh.com)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
+(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
+(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack
+(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 5.6
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4
+
+# algorithm recommendations (for OpenSSH 5.6)
+(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) 
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -arcfour128 -- enc algorithm to remove 
+(rec) -arcfour256 -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_5.6p1_test3.json b/test/docker/expected_results/openssh_5.6p1_test3.json
new file mode 100644
index 0000000..db22eed
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test3.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6"}, "compression": ["none", "zlib@openssh.com"], "enc": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "fingerprints": [{"hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024}, {"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 1024}, {"algorithm": "ssh-rsa-cert-v01@openssh.com", "casize": 3072, "keysize": 1024}], "mac": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_5.6p1_test3.txt b/test/docker/expected_results/openssh_5.6p1_test3.txt
new file mode 100644
index 0000000..657b22e
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test3.txt
@@ -0,0 +1,153 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_5.6
+(gen) software: OpenSSH 5.6
+(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib@openssh.com)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
+(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
+(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack
+(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 5.6
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4
+
+# algorithm recommendations (for OpenSSH 5.6)
+(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) 
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -arcfour128 -- enc algorithm to remove 
+(rec) -arcfour256 -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_5.6p1_test4.json b/test/docker/expected_results/openssh_5.6p1_test4.json
new file mode 100644
index 0000000..a5c725d
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test4.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6"}, "compression": ["none", "zlib@openssh.com"], "enc": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "fingerprints": [{"hash": "nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "18:e2:51:fe:21:6c:78:d0:b8:cf:32:d4:bd:56:42:e1", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024}, {"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 3072}, {"algorithm": "ssh-rsa-cert-v01@openssh.com", "casize": 1024, "keysize": 3072}], "mac": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_5.6p1_test4.txt b/test/docker/expected_results/openssh_5.6p1_test4.txt
new file mode 100644
index 0000000..fb48d1c
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test4.txt
@@ -0,0 +1,152 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_5.6
+(gen) software: OpenSSH 5.6
+(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib@openssh.com)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
+(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
+(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack
+(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 5.6
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244
+
+# algorithm recommendations (for OpenSSH 5.6)
+(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) 
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -arcfour128 -- enc algorithm to remove 
+(rec) -arcfour256 -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_5.6p1_test5.json b/test/docker/expected_results/openssh_5.6p1_test5.json
new file mode 100644
index 0000000..24523b8
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test5.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6"}, "compression": ["none", "zlib@openssh.com"], "enc": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "fingerprints": [{"hash": "nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "18:e2:51:fe:21:6c:78:d0:b8:cf:32:d4:bd:56:42:e1", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024}, {"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 3072}, {"algorithm": "ssh-rsa-cert-v01@openssh.com", "casize": 3072, "keysize": 3072}], "mac": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_5.6p1_test5.txt b/test/docker/expected_results/openssh_5.6p1_test5.txt
new file mode 100644
index 0000000..5ff250a
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test5.txt
@@ -0,0 +1,151 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_5.6
+(gen) software: OpenSSH 5.6
+(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib@openssh.com)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
+(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
+(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack
+(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [fail] using weak hashing algorithm
+ `- [info] available since OpenSSH 5.6
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244
+
+# algorithm recommendations (for OpenSSH 5.6)
+(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) 
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -arcfour128 -- enc algorithm to remove 
+(rec) -arcfour256 -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.json b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.json
new file mode 100644
index 0000000..f907cde
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Hardened OpenSSH Server v8.0 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.txt b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.txt
new file mode 100644
index 0000000..1b6ddee
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Hardened OpenSSH Server v8.0 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json
new file mode 100644
index 0000000..49a13bc
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "expected_optional": [""], "expected_required": ["hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "umac-128-etm@openssh.com"], "mismatched_field": "MACs"}], "host": "localhost", "passed": false, "policy": "Hardened OpenSSH Server v8.0 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt
new file mode 100644
index 0000000..de1f3e7
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Hardened OpenSSH Server v8.0 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * MACs did not match.
+ - Expected: hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, umac-128-etm@openssh.com
+ - Actual: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
+
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.json b/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.json
new file mode 100644
index 0000000..2e105ff
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test11 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.txt b/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.txt
new file mode 100644
index 0000000..024bcb9
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Docker policy: test11 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.json b/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.json
new file mode 100644
index 0000000..677fb96
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["3072"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA host key (rsa-sha2-256) sizes"}, {"actual": ["3072"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA host key (rsa-sha2-512) sizes"}, {"actual": ["3072"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA host key (ssh-rsa) sizes"}], "host": "localhost", "passed": false, "policy": "Docker policy: test12 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.txt b/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.txt
new file mode 100644
index 0000000..6fb0561
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.txt
@@ -0,0 +1,17 @@
+Host: localhost:2222
+Policy: Docker policy: test12 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * RSA host key (rsa-sha2-256) sizes did not match.
+ - Expected: 4096
+ - Actual: 3072
+
+ * RSA host key (rsa-sha2-512) sizes did not match.
+ - Expected: 4096
+ - Actual: 3072
+
+ * RSA host key (ssh-rsa) sizes did not match.
+ - Expected: 4096
+ - Actual: 3072
+
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.json b/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.json
new file mode 100644
index 0000000..e412128
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test13 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.txt b/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.txt
new file mode 100644
index 0000000..b8b4b25
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Docker policy: test13 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.json b/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.json
new file mode 100644
index 0000000..e7a39f8
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["2048"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes"}], "host": "localhost", "passed": false, "policy": "Docker policy: test14 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.txt b/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.txt
new file mode 100644
index 0000000..2bb59fb
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker policy: test14 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes did not match.
+ - Expected: 4096
+ - Actual: 2048
+
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.json b/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.json
new file mode 100644
index 0000000..04620b2
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test6 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.txt b/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.txt
new file mode 100644
index 0000000..b0e9441
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Docker policy: test6 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_8.0p1_test1.json b/test/docker/expected_results/openssh_8.0p1_test1.json
new file mode 100644
index 0000000..cf610a3
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test1.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_8.0", "software": "OpenSSH_8.0"}, "compression": ["none", "zlib@openssh.com"], "enc": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "fingerprints": [{"hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519"}, {"hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9", "hash_alg": "MD5", "hostkey": "ssh-ed25519"}, {"hash": "nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "18:e2:51:fe:21:6c:78:d0:b8:cf:32:d4:bd:56:42:e1", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "curve25519-sha256"}, {"algorithm": "curve25519-sha256@libssh.org"}, {"algorithm": "ecdh-sha2-nistp256"}, {"algorithm": "ecdh-sha2-nistp384"}, {"algorithm": "ecdh-sha2-nistp521"}, {"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 2048}, {"algorithm": "diffie-hellman-group16-sha512"}, {"algorithm": "diffie-hellman-group18-sha512"}, {"algorithm": "diffie-hellman-group14-sha256"}, {"algorithm": "diffie-hellman-group14-sha1"}], "key": [{"algorithm": "rsa-sha2-512", "keysize": 3072}, {"algorithm": "rsa-sha2-256", "keysize": 3072}, {"algorithm": "ssh-rsa", "keysize": 3072}, {"algorithm": "ecdsa-sha2-nistp256"}, {"algorithm": "ssh-ed25519"}], "mac": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_8.0p1_test1.txt b/test/docker/expected_results/openssh_8.0p1_test1.txt
new file mode 100644
index 0000000..d7e45b1
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test1.txt
@@ -0,0 +1,85 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_8.0
+(gen) software: OpenSSH 8.0
+(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
+(gen) compression: enabled (zlib@openssh.com)
+
+# key exchange algorithms
+(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
+(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
+(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
+(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+
+# host-key algorithms
+(key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2
+(key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2
+(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
+ `- [warn] using weak random number generator could reveal the key
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
+
+# encryption algorithms (ciphers)
+(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
+ `- [info] default cipher since OpenSSH 6.9.
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
+(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
+
+# message authentication code algorithms
+(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 6.2
+(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 6.2
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+
+# fingerprints
+(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU
+(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244
+
+# algorithm recommendations (for OpenSSH 8.0)
+(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove 
+(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha2-256 -- mac algorithm to remove 
+(rec) -hmac-sha2-512 -- mac algorithm to remove 
+(rec) -umac-128@openssh.com -- mac algorithm to remove 
+(rec) -umac-64-etm@openssh.com -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_8.0p1_test2.json b/test/docker/expected_results/openssh_8.0p1_test2.json
new file mode 100644
index 0000000..fb323eb
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test2.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_8.0", "software": "OpenSSH_8.0"}, "compression": ["none", "zlib@openssh.com"], "enc": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "fingerprints": [{"hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519"}, {"hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9", "hash_alg": "MD5", "hostkey": "ssh-ed25519"}], "kex": [{"algorithm": "curve25519-sha256"}, {"algorithm": "curve25519-sha256@libssh.org"}, {"algorithm": "ecdh-sha2-nistp256"}, {"algorithm": "ecdh-sha2-nistp384"}, {"algorithm": "ecdh-sha2-nistp521"}, {"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 2048}, {"algorithm": "diffie-hellman-group16-sha512"}, {"algorithm": "diffie-hellman-group18-sha512"}, {"algorithm": "diffie-hellman-group14-sha256"}, {"algorithm": "diffie-hellman-group14-sha1"}], "key": [{"algorithm": "ssh-ed25519"}, {"algorithm": "ssh-ed25519-cert-v01@openssh.com"}], "mac": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_8.0p1_test2.txt b/test/docker/expected_results/openssh_8.0p1_test2.txt
new file mode 100644
index 0000000..a13be8a
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test2.txt
@@ -0,0 +1,77 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_8.0
+(gen) software: OpenSSH 8.0
+(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
+(gen) compression: enabled (zlib@openssh.com)
+
+# key exchange algorithms
+(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
+(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
+(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
+(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+
+# host-key algorithms
+(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
+(key) ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 6.5
+
+# encryption algorithms (ciphers)
+(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
+ `- [info] default cipher since OpenSSH 6.9.
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
+(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
+
+# message authentication code algorithms
+(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 6.2
+(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 6.2
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+
+# fingerprints
+(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU
+
+# algorithm recommendations (for OpenSSH 8.0)
+(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove 
+(rec) +rsa-sha2-256 -- key algorithm to append 
+(rec) +rsa-sha2-512 -- key algorithm to append 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha2-256 -- mac algorithm to remove 
+(rec) -hmac-sha2-512 -- mac algorithm to remove 
+(rec) -umac-128@openssh.com -- mac algorithm to remove 
+(rec) -umac-64-etm@openssh.com -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_8.0p1_test3.json b/test/docker/expected_results/openssh_8.0p1_test3.json
new file mode 100644
index 0000000..5728136
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test3.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_8.0", "software": "OpenSSH_8.0"}, "compression": ["none", "zlib@openssh.com"], "enc": ["chacha20-poly1305@openssh.com", "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr", "aes128-ctr"], "fingerprints": [{"hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519"}, {"hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9", "hash_alg": "MD5", "hostkey": "ssh-ed25519"}], "kex": [{"algorithm": "curve25519-sha256"}, {"algorithm": "curve25519-sha256@libssh.org"}, {"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 2048}], "key": [{"algorithm": "ssh-ed25519"}], "mac": ["hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "umac-128-etm@openssh.com"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_8.0p1_test3.txt b/test/docker/expected_results/openssh_8.0p1_test3.txt
new file mode 100644
index 0000000..5b20c3f
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test3.txt
@@ -0,0 +1,38 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_8.0
+(gen) software: OpenSSH 8.0
+(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
+(gen) compression: enabled (zlib@openssh.com)
+
+# key exchange algorithms
+(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
+(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
+(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4
+
+# host-key algorithms
+(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
+
+# encryption algorithms (ciphers)
+(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
+ `- [info] default cipher since OpenSSH 6.9.
+(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
+(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+
+# message authentication code algorithms
+(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
+
+# fingerprints
+(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU
+
+# algorithm recommendations (for OpenSSH 8.0)
+(rec) +diffie-hellman-group14-sha256 -- kex algorithm to append 
+(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append 
+(rec) +diffie-hellman-group18-sha512 -- kex algorithm to append 
+(rec) +rsa-sha2-256 -- key algorithm to append 
+(rec) +rsa-sha2-512 -- key algorithm to append 
+
diff --git a/test/docker/expected_results/tinyssh_20190101_test1.json b/test/docker/expected_results/tinyssh_20190101_test1.json
new file mode 100644
index 0000000..6bf8f24
--- /dev/null
+++ b/test/docker/expected_results/tinyssh_20190101_test1.json
@@ -0,0 +1 @@
+{"banner": {"comments": "", "protocol": [2, 0], "raw": "", "software": "tinyssh_noversion"}, "compression": ["none"], "enc": ["chacha20-poly1305@openssh.com"], "fingerprints": [{"hash": "89ocln1x7KNqnMgWffGoYtD70ksJ4FrH7BMJHa7SrwU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519"}, {"hash": "dd:9c:6d:f9:b0:8c:af:fa:c2:65:81:5d:5d:56:f8:21", "hash_alg": "MD5", "hostkey": "ssh-ed25519"}], "kex": [{"algorithm": "curve25519-sha256"}, {"algorithm": "curve25519-sha256@libssh.org"}, {"algorithm": "sntrup4591761x25519-sha512@tinyssh.org"}], "key": [{"algorithm": "ssh-ed25519"}], "mac": ["hmac-sha2-256"], "target": "localhost"}
diff --git a/test/docker/expected_results/tinyssh_20190101_test1.txt b/test/docker/expected_results/tinyssh_20190101_test1.txt
new file mode 100644
index 0000000..9e833c6
--- /dev/null
+++ b/test/docker/expected_results/tinyssh_20190101_test1.txt
@@ -0,0 +1,25 @@
+# general
+(gen) software: TinySSH noversion
+(gen) compatibility: OpenSSH 8.0-8.4, Dropbear SSH 2018.76+
+(gen) compression: disabled
+
+# key exchange algorithms
+(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
+(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
+(kex) sntrup4591761x25519-sha512@tinyssh.org -- [warn] using experimental algorithm
+ `- [info] available since OpenSSH 8.0
+
+# host-key algorithms
+(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
+
+# encryption algorithms (ciphers)
+(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
+ `- [info] default cipher since OpenSSH 6.9.
+
+# message authentication code algorithms
+(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+
+# fingerprints
+(fin) ssh-ed25519: SHA256:89ocln1x7KNqnMgWffGoYtD70ksJ4FrH7BMJHa7SrwU
+
diff --git a/test/docker/host_ca_ed25519 b/test/docker/host_ca_ed25519
new file mode 100644
index 0000000..7b8c41b
--- /dev/null
+++ b/test/docker/host_ca_ed25519
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQAAAKAa0zr8GtM6
+/AAAAAtzc2gtZWQyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQ
+AAAEC/j/BpfmgaZqNMTkJXO4cKZBr31N5z33IRFjh5m6IDDhsz1andk9wLwh+G7oaM0Mlq
+gyDsrE7R6Xb6v0nflOW1AAAAHWpkb2dAbG9jYWxob3N0LndvbmRlcmxhbmQubG9s
+-----END OPENSSH PRIVATE KEY-----
diff --git a/test/docker/host_ca_ed25519.pub b/test/docker/host_ca_ed25519.pub
new file mode 100644
index 0000000..01e745f
--- /dev/null
+++ b/test/docker/host_ca_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsz1andk9wLwh+G7oaM0MlqgyDsrE7R6Xb6v0nflOW1 jdog@localhost.wonderland.lol
diff --git a/test/docker/host_ca_rsa_1024 b/test/docker/host_ca_rsa_1024
new file mode 100644
index 0000000..337b777
--- /dev/null
+++ b/test/docker/host_ca_rsa_1024
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS
+6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8Su
+dBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQIDAQAB
+AoGBANALOUXRcP1tTtOP4+In/709dsONKyDBhPavGMFGsWtyIavBcbxU+bBzrq1j
+3WJFCmi99xxAjjqMNInxhMgvSaoJtsiY0/FFxqRy6l/ZnRjI6hrVKR8whrPKVgBF
+pvbjeQIn9txeCYA8kwl/Si762u7byq+qvupE53xMP94J02KBAkEA/Q4+Hn1Rjblw
+VXynF+oXIq6iZy+8PW+Y/FIL8d31ehzfcssCMdFV6S3/wBoQkWby30oGC/xGmHGR
+6ffXGilByQJBAOn3NMrBPXNkaPeQtgV3tk4s1dRDQYhbqGNz6tcgThyyPdhJCmCy
+jgUEhLwAetsDI8/+3avWbo6/csOV+BvpYUkCQQDQyEp6L1z0+FV1QqY99dZmt/yn
+89t0OLnZG/xc7osU1/OHq3TBE3y1KU2D+j1HKdAiZ9l7VAYOykzf46qmG/n5AkEA
+2kWjfcjcIIw7lULvXZh6fuI7NwTr3V/Nb8MUA1EDLqhnJCG4SdAqyKmXf6Fe/HYo
+cgKPIaIykIAxfCCsULXg6QJAOxB0CKYJlopVBdjGMlGqOEneWTmb1A2INQDE2Una
+LkSd0Rr8OiEzDeemV7j3Ec4BH0HxGMnHDxMybZwoZRnRPw==
+-----END RSA PRIVATE KEY-----
diff --git a/test/docker/host_ca_rsa_1024.pub b/test/docker/host_ca_rsa_1024.pub
new file mode 100644
index 0000000..6d861d6
--- /dev/null
+++ b/test/docker/host_ca_rsa_1024.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8SudBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQ== jdog@localhost.wonderland.lol
diff --git a/test/docker/host_ca_rsa_3072 b/test/docker/host_ca_rsa_3072
new file mode 100644
index 0000000..dd04653
--- /dev/null
+++ b/test/docker/host_ca_rsa_3072
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEAqxQEIbj8w0TrBY1fDO81curijQrdLOUr8Vl8XECWc5QGd1Lk
+AG80NgdcCBPvjWxZSmYrKeqA78GUdN+KgycE0ztpxYSXKHZMaIM5Xe94BB+BocH9
+1vd/2iBzGeed1nV/zfAdq2AEHQj1TpII+a+z25yxv2PuwVTTwwo9I/6JgNq3evH4
+Hbwgr3SRfEEYZQ+YL8cOpBuNg1YZOR0k1yk23ZqAd92JybxZ4iCtOt7rcj2sFHzN
+u1U544wWBwIL5yZZKTgBhY4dqfT2Ep7IzR5HdsdrvQV9qC92GM1zDE+U3AwrVKjH
+s0YZq3jzcq/yvFDCcMMRz4/0pGFFU26oWma+n3vbAxKJoL+rhG8QM9+l2qFlLGsn
+M0kUXAJXsPKbygpaP8Z3U4eKgTuJ2GuS9eLIFnB7mrwD75V6GgN9q5mY89DfkVSk
+HaoqpY8pPdRkz9QAmMEuLtHmv29CVOpfX5v/rsm7wASAZqtUlmFu4rFGBLwvZbUl
+Wu02HmgBT47g6EIfAgMBAAECggGAKVCdKtO03yd+pomcodAHFWiaK7uq7FOwCAo3
+WUQT0Xe3FAwFmgFBF6cxV5YQ7RN0gN4poGbMmpoiUxNFLSU4KhcYFSZPJutiyn6e
+VQwm7L/7G2hw+AAvdSsPAPuJh6g6pC5Py/pVI/ns2/uyhTIkem3eEz18BF6LAXgw
+icfHx0GKu/tBk1TCg/zfwaUq0gUxGKC27XTl+QjK8JsUMY33fQ755Xiv9PMytcR0
+cVoyfBVewFffi1UqtMQ48ZpR65G743RxrP4/wcwsfD7n5LJLdyxQkh3gIMTJ8dd/
+R5V4FlueorRgjTbLTjGDxNrCAJ+locezhEEPXsPh2q0KiIXGyz2AMxaOqFmhU8oK
+aVVt8pWJ+YsrKIgc/A3s18ezO8uO5ZdtjQ+CWguduUGY7YgWezGLO1LPxhJC4d7b
+Q/xpeKveTRlcScAqOUzKgSuEhcvPgj8paUcRUoiXm4qiJBY5sXJks+YGp8BGksH0
+O94no+Ns2G58MlL+RyXk3JWrc6zRAoHBANdPplY2sIuIiiEBu95f1Qar1nCBHhB2
+i+HpnsUOdSlbxwMxoF8ffeN9N+DQqaqPu1RhFa5xbB2EUSujvOnL7b/RWqe1X9Po
+UIt5UjXctNP/HYcQDyjXY+rV5SZhHDyv6TBYurNZlvlBivliDz82THPRtqVxed3B
+w2MeaSkKAQ8rA7PE+0j3TG+YtIij0mHOhNPJgEZ/XZ9MIQOGMycRJhwOlclBI5NP
+Ak6p30ArnU2fX4qMkU3i+wqUfXS1hhDihwKBwQDLaHWPIWPVbWdcCbYQTcUmFC3i
+xkxd0UuLcfS9csk61nvdFj7m8tMExX+3fIo/fHEtzDd98Alc1i6/f6ePl0CX6NDu
+QIWLryI1QQRQidHCdw0wQ3N3VD4ZXJHDeqBxogVAkA7A/1QeXwcXE/Xj2ZgyDwhL
+3+myjmvWtw9zJsXL0F3tpPzn+Mrf0KRkWOaluOw7hMMjVjrgu6g24HMWbHHVLRTx
+dlAI7tgxCAPe2SEi+1mzaVUZ8cfgqYqC3X66UakCgcEAopxtK7+yJi/A4pzEnnYS
+FS/CjMV3R0fA7aXbW0hIBCxkaW0Zib3m/eCcSxZMjZxwBpIsJctTtBcylprbGlgB
+/1TF+tNoxEo4Sp4eEL/XciTC0Da4vEewFrPklM/S26KfovvgRYPsGeP+aco9aahA
+pVhFcT36pBiq0DkvgucjValO6n5iqgDboYzbDDdttKCcgLc2Qgf/VUfRxy+bgm3Z
+MmdxiMXBcIfDXlW9XmGSNAWhyqnPM9uxbZQoC/Tsg+QRAoHANHMcFSsz9f2+8DGk
+27FiC76aUmZ1nJ9yTmO1CwDFOMHDsK+iyqSEmy9eDm8zqsko2flVuciicWjdJw4A
+o/sJceJbtYO3q9weAwNf3HCdQPq30OEjrfpwBNQk1fYR1xtDJXHADC4Kf8ZbKq0/
+81/Rad8McZwsQ5mL3xLXDgdKa5KwFa48dIhnr6y6JxHxb3wule5W7w62Ierhpjzc
+EEUoWSLFyrmKS7Ni1cnOTbFJZR7Q831Or2Dz/E9bYwFAQ0T5AoHAM4/zU+8rsbdD
+FvvhWsj7Ivfh6pxx1Tl1Wccaauea9AJayHht0FOzkycpJrH1E+6F5MzhkFFU1SUY
+60NZxzSZgbU0HBrJRcRFyo510iMcnctdTdyh8p7nweGoD0oqXzf6cHqrUep8Y8rQ
+gkSVhPE31+NGlPbwz+NOflcaaAWYiDC6wjVt1asaZq292SJD4DF1fAUkbQ2hxgyQ
++G/6y5ovrcGnh7q63RLhW1TRf8dD2D2Av9UgXDmWZAZ5n838FS+X
+-----END RSA PRIVATE KEY-----
diff --git a/test/docker/host_ca_rsa_3072.pub b/test/docker/host_ca_rsa_3072.pub
new file mode 100644
index 0000000..b728ed7
--- /dev/null
+++ b/test/docker/host_ca_rsa_3072.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrFAQhuPzDROsFjV8M7zVy6uKNCt0s5SvxWXxcQJZzlAZ3UuQAbzQ2B1wIE++NbFlKZisp6oDvwZR034qDJwTTO2nFhJcodkxogzld73gEH4Ghwf3W93/aIHMZ553WdX/N8B2rYAQdCPVOkgj5r7PbnLG/Y+7BVNPDCj0j/omA2rd68fgdvCCvdJF8QRhlD5gvxw6kG42DVhk5HSTXKTbdmoB33YnJvFniIK063utyPawUfM27VTnjjBYHAgvnJlkpOAGFjh2p9PYSnsjNHkd2x2u9BX2oL3YYzXMMT5TcDCtUqMezRhmrePNyr/K8UMJwwxHPj/SkYUVTbqhaZr6fe9sDEomgv6uEbxAz36XaoWUsayczSRRcAlew8pvKClo/xndTh4qBO4nYa5L14sgWcHuavAPvlXoaA32rmZjz0N+RVKQdqiqljyk91GTP1ACYwS4u0ea/b0JU6l9fm/+uybvABIBmq1SWYW7isUYEvC9ltSVa7TYeaAFPjuDoQh8= jdog@localhost.wonderland.lol
diff --git a/test/docker/moduli_1024 b/test/docker/moduli_1024
new file mode 100644
index 0000000..bd81dae
--- /dev/null
+++ b/test/docker/moduli_1024
@@ -0,0 +1,44 @@
+20190821035337 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08BE313B
+20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08C0B443
+20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08D1AF8B
+20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08E76DDB
+20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08E8F5D3
+20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08EE3F1B
+20190821035338 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08F28387
+20190821035339 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08F69A57
+20190821035339 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0903B157
+20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0905C973
+20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0909BCD3
+20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC090F4A2B
+20190821035340 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0933BC13
+20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09395757
+20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC093F40D7
+20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09478D4F
+20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0953A4D7
+20190821035340 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC095B5C7B
+20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09696573
+20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC096BA243
+20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC096F3903
+20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09850E4B
+20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC098A1C23
+20190821035341 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC098E08E7
+20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09A4FF7F
+20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09AE4707
+20190821035342 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09B4CE73
+20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09C60C6F
+20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09D2588F
+20190821035343 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A025067
+20190821035343 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A0E38EB
+20190821035343 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A213923
+20190821035344 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A390CA7
+20190821035344 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A3C7ADB
+20190821035344 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A44D497
+20190821035344 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A479B13
+20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A5EF01F
+20190821035345 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A615D43
+20190821035345 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A6BEADB
+20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A86309F
+20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A991E8F
+20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AA32C53
+20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AA9FAAB
+20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AAC42BB
diff --git a/test/docker/policies/policy_test1.txt b/test/docker/policies/policy_test1.txt
new file mode 100644
index 0000000..11d8e5c
--- /dev/null
+++ b/test/docker/policies/policy_test1.txt
@@ -0,0 +1,10 @@
+#
+# Docker policy: test1
+#
+
+name = "Docker policy: test1"
+version = 1
+host keys = ssh-rsa, ssh-dss
+key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
+ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
+macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
diff --git a/test/docker/policies/policy_test10.txt b/test/docker/policies/policy_test10.txt
new file mode 100644
index 0000000..82c821e
--- /dev/null
+++ b/test/docker/policies/policy_test10.txt
@@ -0,0 +1,39 @@
+#
+# Docker policy: test10
+#
+
+# The name of this policy (displayed in the output during scans). Must be in quotes.
+name = "Docker poliicy: test10"
+
+# The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings.
+version = 1
+
+# The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal.
+# banner = "SSH-2.0-OpenSSH_5.6"
+
+# The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal.
+# header = "[]"
+
+# The compression options that must match exactly (order matters). Commented out to ignore by default.
+# compressions = none, zlib@openssh.com
+
+# RSA host key sizes.
+hostkey_size_rsa-sha2-256 = 3072
+hostkey_size_rsa-sha2-512 = 3072
+hostkey_size_ssh-rsa = 3072
+hostkey_size_ssh-rsa-cert-v01@openssh.com = 4096
+
+# RSA CA key sizes.
+cakey_size_ssh-rsa-cert-v01@openssh.com = 4096
+
+# The host key types that must match exactly (order matters).
+host keys = ssh-rsa, ssh-rsa-cert-v01@openssh.com
+
+# The key exchange algorithms that must match exactly (order matters).
+key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
+
+# The ciphers that must match exactly (order matters).
+ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
+
+# The MACs that must match exactly (order matters).
+macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
diff --git a/test/docker/policies/policy_test11.txt b/test/docker/policies/policy_test11.txt
new file mode 100644
index 0000000..d0fa4ae
--- /dev/null
+++ b/test/docker/policies/policy_test11.txt
@@ -0,0 +1,35 @@
+#
+# Docker policy: test11
+#
+
+# The name of this policy (displayed in the output during scans). Must be in quotes.
+name = "Docker policy: test11"
+
+# The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings.
+version = 1
+
+# The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal.
+# banner = "SSH-2.0-OpenSSH_8.0"
+
+# The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal.
+# header = "[]"
+
+# The compression options that must match exactly (order matters). Commented out to ignore by default.
+# compressions = none, zlib@openssh.com
+
+# RSA host key sizes.
+hostkey_size_rsa-sha2-256 = 3072
+hostkey_size_rsa-sha2-512 = 3072
+hostkey_size_ssh-rsa = 3072
+
+# The host key types that must match exactly (order matters).
+host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
+
+# The key exchange algorithms that must match exactly (order matters).
+key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
+
+# The ciphers that must match exactly (order matters).
+ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
+
+# The MACs that must match exactly (order matters).
+macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
diff --git a/test/docker/policies/policy_test12.txt b/test/docker/policies/policy_test12.txt
new file mode 100644
index 0000000..0b8a30b
--- /dev/null
+++ b/test/docker/policies/policy_test12.txt
@@ -0,0 +1,35 @@
+#
+# Docker policy: test12
+#
+
+# The name of this policy (displayed in the output during scans). Must be in quotes.
+name = "Docker policy: test12"
+
+# The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings.
+version = 1
+
+# The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal.
+# banner = "SSH-2.0-OpenSSH_8.0"
+
+# The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal.
+# header = "[]"
+
+# The compression options that must match exactly (order matters). Commented out to ignore by default.
+# compressions = none, zlib@openssh.com
+
+# RSA host key sizes.
+hostkey_size_rsa-sha2-256 = 4096
+hostkey_size_rsa-sha2-512 = 4096
+hostkey_size_ssh-rsa = 4096
+
+# The host key types that must match exactly (order matters).
+host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
+
+# The key exchange algorithms that must match exactly (order matters).
+key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
+
+# The ciphers that must match exactly (order matters).
+ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
+
+# The MACs that must match exactly (order matters).
+macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
diff --git a/test/docker/policies/policy_test13.txt b/test/docker/policies/policy_test13.txt
new file mode 100644
index 0000000..5e9bbd4
--- /dev/null
+++ b/test/docker/policies/policy_test13.txt
@@ -0,0 +1,38 @@
+#
+# Docker policy: test13
+#
+
+# The name of this policy (displayed in the output during scans). Must be in quotes.
+name = "Docker policy: test13"
+
+# The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings.
+version = 1
+
+# The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal.
+# banner = "SSH-2.0-OpenSSH_8.0"
+
+# The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal.
+# header = "[]"
+
+# The compression options that must match exactly (order matters). Commented out to ignore by default.
+# compressions = none, zlib@openssh.com
+
+# RSA host key sizes.
+hostkey_size_rsa-sha2-256 = 3072
+hostkey_size_rsa-sha2-512 = 3072
+hostkey_size_ssh-rsa = 3072
+
+# Group exchange DH modulus sizes.
+dh_modulus_size_diffie-hellman-group-exchange-sha256 = 2048
+
+# The host key types that must match exactly (order matters).
+host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
+
+# The key exchange algorithms that must match exactly (order matters).
+key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
+
+# The ciphers that must match exactly (order matters).
+ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
+
+# The MACs that must match exactly (order matters).
+macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
diff --git a/test/docker/policies/policy_test14.txt b/test/docker/policies/policy_test14.txt
new file mode 100644
index 0000000..ce1fec8
--- /dev/null
+++ b/test/docker/policies/policy_test14.txt
@@ -0,0 +1,38 @@
+#
+# Docker policy: test14
+#
+
+# The name of this policy (displayed in the output during scans). Must be in quotes.
+name = "Docker policy: test14"
+
+# The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings.
+version = 1
+
+# The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal.
+# banner = "SSH-2.0-OpenSSH_8.0"
+
+# The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal.
+# header = "[]"
+
+# The compression options that must match exactly (order matters). Commented out to ignore by default.
+# compressions = none, zlib@openssh.com
+
+# RSA host key sizes.
+hostkey_size_rsa-sha2-256 = 3072
+hostkey_size_rsa-sha2-512 = 3072
+hostkey_size_ssh-rsa = 3072
+
+# Group exchange DH modulus sizes.
+dh_modulus_size_diffie-hellman-group-exchange-sha256 = 4096
+
+# The host key types that must match exactly (order matters).
+host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
+
+# The key exchange algorithms that must match exactly (order matters).
+key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
+
+# The ciphers that must match exactly (order matters).
+ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
+
+# The MACs that must match exactly (order matters).
+macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
diff --git a/test/docker/policies/policy_test2.txt b/test/docker/policies/policy_test2.txt
new file mode 100644
index 0000000..2b7821c
--- /dev/null
+++ b/test/docker/policies/policy_test2.txt
@@ -0,0 +1,10 @@
+#
+# Docker policy: test2
+#
+
+name = "Docker policy: test2"
+version = 1
+host keys = ssh-rsa, ssh-dss
+key exchanges = kex_alg1, kex_alg2
+ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
+macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
diff --git a/test/docker/policies/policy_test3.txt b/test/docker/policies/policy_test3.txt
new file mode 100644
index 0000000..f4ff3a0
--- /dev/null
+++ b/test/docker/policies/policy_test3.txt
@@ -0,0 +1,10 @@
+#
+# Docker policy: test3
+#
+
+name = "Docker policy: test3"
+version = 1
+host keys = ssh-rsa, ssh-dss, key_alg1
+key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
+ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
+macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
diff --git a/test/docker/policies/policy_test4.txt b/test/docker/policies/policy_test4.txt
new file mode 100644
index 0000000..500d96f
--- /dev/null
+++ b/test/docker/policies/policy_test4.txt
@@ -0,0 +1,10 @@
+#
+# Docker policy: test4
+#
+
+name = "Docker policy: test4"
+version = 1
+host keys = ssh-rsa, ssh-dss
+key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
+ciphers = cipher_alg1, cipher_alg2
+macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
diff --git a/test/docker/policies/policy_test5.txt b/test/docker/policies/policy_test5.txt
new file mode 100644
index 0000000..6285814
--- /dev/null
+++ b/test/docker/policies/policy_test5.txt
@@ -0,0 +1,10 @@
+#
+# Docker policy: test5
+#
+
+name = "Docker policy: test5"
+version = 1
+host keys = ssh-rsa, ssh-dss
+key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
+ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
+macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac_alg1, hmac-md5-96
diff --git a/test/docker/policies/policy_test6.txt b/test/docker/policies/policy_test6.txt
new file mode 100644
index 0000000..0a4aacb
--- /dev/null
+++ b/test/docker/policies/policy_test6.txt
@@ -0,0 +1,12 @@
+#
+# Docker policy: test6
+#
+
+name = "Docker policy: test6"
+version = 1
+banner = "SSH-2.0-OpenSSH_8.0"
+compressions = none, zlib@openssh.com
+host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
+key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
+ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
+macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
diff --git a/test/docker/policies/policy_test7.txt b/test/docker/policies/policy_test7.txt
new file mode 100644
index 0000000..05cd27f
--- /dev/null
+++ b/test/docker/policies/policy_test7.txt
@@ -0,0 +1,39 @@
+#
+# Docker policy: test7
+#
+
+# The name of this policy (displayed in the output during scans). Must be in quotes.
+name = "Docker poliicy: test7"
+
+# The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings.
+version = 1
+
+# The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal.
+# banner = "SSH-2.0-OpenSSH_5.6"
+
+# The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal.
+# header = "[]"
+
+# The compression options that must match exactly (order matters). Commented out to ignore by default.
+# compressions = none, zlib@openssh.com
+
+# RSA host key sizes.
+hostkey_size_rsa-sha2-256 = 3072
+hostkey_size_rsa-sha2-512 = 3072
+hostkey_size_ssh-rsa = 3072
+hostkey_size_ssh-rsa-cert-v01@openssh.com = 3072
+
+# RSA CA key sizes.
+cakey_size_ssh-rsa-cert-v01@openssh.com = 1024
+
+# The host key types that must match exactly (order matters).
+host keys = ssh-rsa, ssh-rsa-cert-v01@openssh.com
+
+# The key exchange algorithms that must match exactly (order matters).
+key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
+
+# The ciphers that must match exactly (order matters).
+ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
+
+# The MACs that must match exactly (order matters).
+macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
diff --git a/test/docker/policies/policy_test8.txt b/test/docker/policies/policy_test8.txt
new file mode 100644
index 0000000..6268585
--- /dev/null
+++ b/test/docker/policies/policy_test8.txt
@@ -0,0 +1,39 @@
+#
+# Docker policy: test8
+#
+
+# The name of this policy (displayed in the output during scans). Must be in quotes.
+name = "Docker poliicy: test8"
+
+# The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings.
+version = 1
+
+# The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal.
+# banner = "SSH-2.0-OpenSSH_5.6"
+
+# The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal.
+# header = "[]"
+
+# The compression options that must match exactly (order matters). Commented out to ignore by default.
+# compressions = none, zlib@openssh.com
+
+# RSA host key sizes.
+hostkey_size_rsa-sha2-256 = 3072
+hostkey_size_rsa-sha2-512 = 3072
+hostkey_size_ssh-rsa = 3072
+hostkey_size_ssh-rsa-cert-v01@openssh.com = 3072
+
+# RSA CA key sizes.
+cakey_size_ssh-rsa-cert-v01@openssh.com = 2048
+
+# The host key types that must match exactly (order matters).
+host keys = ssh-rsa, ssh-rsa-cert-v01@openssh.com
+
+# The key exchange algorithms that must match exactly (order matters).
+key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
+
+# The ciphers that must match exactly (order matters).
+ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
+
+# The MACs that must match exactly (order matters).
+macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
diff --git a/test/docker/policies/policy_test9.txt b/test/docker/policies/policy_test9.txt
new file mode 100644
index 0000000..63652ce
--- /dev/null
+++ b/test/docker/policies/policy_test9.txt
@@ -0,0 +1,39 @@
+#
+# Docker policy: test9
+#
+
+# The name of this policy (displayed in the output during scans). Must be in quotes.
+name = "Docker poliicy: test9"
+
+# The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings.
+version = 1
+
+# The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal.
+# banner = "SSH-2.0-OpenSSH_5.6"
+
+# The header that must match exactly. Commented out to ignore headers, since variability in the header is sometimes normal.
+# header = "[]"
+
+# The compression options that must match exactly (order matters). Commented out to ignore by default.
+# compressions = none, zlib@openssh.com
+
+# RSA host key sizes.
+hostkey_size_rsa-sha2-256 = 3072
+hostkey_size_rsa-sha2-512 = 3072
+hostkey_size_ssh-rsa = 3072
+hostkey_size_ssh-rsa-cert-v01@openssh.com = 4096
+
+# RSA CA key sizes.
+cakey_size_ssh-rsa-cert-v01@openssh.com = 1024
+
+# The host key types that must match exactly (order matters).
+host keys = ssh-rsa, ssh-rsa-cert-v01@openssh.com
+
+# The key exchange algorithms that must match exactly (order matters).
+key exchanges = diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
+
+# The ciphers that must match exactly (order matters).
+ciphers = aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
+
+# The MACs that must match exactly (order matters).
+macs = hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
diff --git a/test/docker/ssh1_host_key b/test/docker/ssh1_host_key
new file mode 100644
index 0000000..c98971c
--- /dev/null
+++ b/test/docker/ssh1_host_key
Binary files differ
diff --git a/test/docker/ssh1_host_key.pub b/test/docker/ssh1_host_key.pub
new file mode 100644
index 0000000..b66c66f
--- /dev/null
+++ b/test/docker/ssh1_host_key.pub
@@ -0,0 +1 @@
+1024 35 150823875409720459951648542224727752099073441604930026287525797402159071426070997897033651155038337251362080634963146983947007228274330777134724953282680928153520263171933106732090266742784258910450489054624715996015082463159338507115031336180486071622718809324273851629938883104520608180885444242395900180011 root@ubuntu1604server
diff --git a/test/docker/ssh_host_dsa_key b/test/docker/ssh_host_dsa_key
new file mode 100644
index 0000000..ecd47f9
--- /dev/null
+++ b/test/docker/ssh_host_dsa_key
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQDth1eV+A8j191R0ey0dVXL2LGNGYM+a+PomSa7suK8xNCeVLKC
+YpQ6VSWpAf6FbRWev1UVo8IpbglwFZPcyFPK2G1H7p45ows2SN4CleszDD56e6W0
+3Plc+qMqSJ6LTjr4M5+HqTDOM3CS72d7MXUkfHQiagyrWQhXyc0kFsNJLwIVAKg7
+b5+NiIZzpg5IEH0tlYFQpuhBAoGAGcbq79QqNNZRuPCE/F05sCoTRGCmFnDjCuCg
+WN7wNRotjMz/S3pHtCCeuTT1jT6Hy0ZFHftv0t/GF8GBRgeokUbS4ytHpOkFWcTz
+8oFguDL44nq8eNfSY6bzEl84qsgEe4HP93mB4FR1ZUUgI4b7gCBOYEFl3yPiH7H1
+p7Z9E1oCgYAl1UPQkeRhElz+AgEbNsnMKu1+6O3/z95D1Wvv4OEwAImbytlBaC7p
+kwJElJNsMMfGqCC8OHdJ0e4VQQUwk/GOhD0MFhVQHBtVZYbiWmVkpfHf1ouUQg3f
+1IZmz2SSt6cPPEu+BEQ/Sn3mFRJ5XSTHLtnI0HJeDND5u1+6p1nXawIURv3Maige
+oxmfqC24VoROJEq+sew=
+-----END DSA PRIVATE KEY-----
diff --git a/test/docker/ssh_host_dsa_key.pub b/test/docker/ssh_host_dsa_key.pub
new file mode 100644
index 0000000..a32a5a0
--- /dev/null
+++ b/test/docker/ssh_host_dsa_key.pub
@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBAO2HV5X4DyPX3VHR7LR1VcvYsY0Zgz5r4+iZJruy4rzE0J5UsoJilDpVJakB/oVtFZ6/VRWjwiluCXAVk9zIU8rYbUfunjmjCzZI3gKV6zMMPnp7pbTc+Vz6oypInotOOvgzn4epMM4zcJLvZ3sxdSR8dCJqDKtZCFfJzSQWw0kvAAAAFQCoO2+fjYiGc6YOSBB9LZWBUKboQQAAAIAZxurv1Co01lG48IT8XTmwKhNEYKYWcOMK4KBY3vA1Gi2MzP9Leke0IJ65NPWNPofLRkUd+2/S38YXwYFGB6iRRtLjK0ek6QVZxPPygWC4Mvjierx419JjpvMSXziqyAR7gc/3eYHgVHVlRSAjhvuAIE5gQWXfI+IfsfWntn0TWgAAAIAl1UPQkeRhElz+AgEbNsnMKu1+6O3/z95D1Wvv4OEwAImbytlBaC7pkwJElJNsMMfGqCC8OHdJ0e4VQQUwk/GOhD0MFhVQHBtVZYbiWmVkpfHf1ouUQg3f1IZmz2SSt6cPPEu+BEQ/Sn3mFRJ5XSTHLtnI0HJeDND5u1+6p1nXaw==
diff --git a/test/docker/ssh_host_ecdsa_key b/test/docker/ssh_host_ecdsa_key
new file mode 100644
index 0000000..69eea7b
--- /dev/null
+++ b/test/docker/ssh_host_ecdsa_key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEICq/YV5QenL0uW5g5tCjY3EWs+UBFmskY+Jjt2vd2aEmoAoGCCqGSM49
+AwEHoUQDQgAEdYSxDVUjOpW479L/nRDiAdxRB5Kuy2bgkP/LA2pnWPcGIWmFa4QU
+YN2U3JsFKcLIcx5cvTehQfgrHDnaSKVdKA==
+-----END EC PRIVATE KEY-----
diff --git a/test/docker/ssh_host_ecdsa_key.pub b/test/docker/ssh_host_ecdsa_key.pub
new file mode 100644
index 0000000..4e17058
--- /dev/null
+++ b/test/docker/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHWEsQ1VIzqVuO/S/50Q4gHcUQeSrstm4JD/ywNqZ1j3BiFphWuEFGDdlNybBSnCyHMeXL03oUH4Kxw52kilXSg=
diff --git a/test/docker/ssh_host_ed25519_key b/test/docker/ssh_host_ed25519_key
new file mode 100644
index 0000000..3388574
--- /dev/null
+++ b/test/docker/ssh_host_ed25519_key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACC/9RD2Ao95ODDIH8i11ekTALut8AUNqWoQx0jHlP4xygAAAKDiqVOs4qlT
+rAAAAAtzc2gtZWQyNTUxOQAAACC/9RD2Ao95ODDIH8i11ekTALut8AUNqWoQx0jHlP4xyg
+AAAECTmHGkq0Qea0QqTJYMXL0bpxVU7mhgwYninfVWxrA017/1EPYCj3k4MMgfyLXV6RMA
+u63wBQ2pahDHSMeU/jHKAAAAHWpkb2dAbG9jYWxob3N0LndvbmRlcmxhbmQubG9s
+-----END OPENSSH PRIVATE KEY-----
diff --git a/test/docker/ssh_host_ed25519_key-cert.pub b/test/docker/ssh_host_ed25519_key-cert.pub
new file mode 100644
index 0000000..8eef563
--- /dev/null
+++ b/test/docker/ssh_host_ed25519_key-cert.pub
@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIO1W0I8tD0c4LypvHY1XNch3BQCw9Yy28/4KmAYql80DAAAAIL/1EPYCj3k4MMgfyLXV6RMAu63wBQ2pahDHSMeU/jHKAAAAAAAAAAAAAAACAAAABHRlc3QAAAAIAAAABHRlc3QAAAAAXV7hvAAAAACBa2YhAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQAAAFMAAAALc3NoLWVkMjU1MTkAAABAW60bCSeIG4Ta+57zgkSbW4LIGCxtOuJJ+pP3i3S0xJJfHGnOtXbg0NQm7pulNl/wd01kgJO9A7RjbhTh7TV1AA== ssh_host_ed25519_key.pub
diff --git a/test/docker/ssh_host_ed25519_key.pub b/test/docker/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..e56a56a
--- /dev/null
+++ b/test/docker/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/1EPYCj3k4MMgfyLXV6RMAu63wBQ2pahDHSMeU/jHK
diff --git a/test/docker/ssh_host_rsa_key_1024 b/test/docker/ssh_host_rsa_key_1024
new file mode 100644
index 0000000..e9023b6
--- /dev/null
+++ b/test/docker/ssh_host_rsa_key_1024
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ4
+0toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6J
+WHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQIDAQAB
+AoGATGZ16s5NqDsWJ4B9k3xx/2wZZ+BGzl6a7D0habq97XLn8HGoK6UqTBFk6lnO
+WSy0hZBPrNq0AzqCDJY7RrfuZqgVAu/+HEFuXencgt8Z//ueYBaGK8yAC+OrMnDG
+LbSoIGRq8saaFtCzt47c+uSVsrhJ4TvK5gbceZuD/2uw10ECQQD79T0j+YWsLISK
+PKvYHqEXSMPN6b+lK9hRPLoF9NMksNLSjuxxhkYHz+hJPVNT+wPtRMAYmMdPXfKa
+FjuErXVFAkEA4ZgJIOeJ7OHfqGEgd29m36yFy0UaUJ+cmYuJzHAYWgW3TOanqpZm
+A8EENuXvH0DtYRVytv4m/cIRVVPxWtXzsQJBALXlQUOEc0VuSi1GScVXr3KQ3JL+
+ipWixqM3VRDRw9D8Ouc5uWbnygz/wrGFLXA2ioozlP7s5Q7eQzOMk2FgnIUCQQCz
+j5QUgLcjuVWQbF6vMhisCGImPUaIzcKT5KE1/DMl1E7mAuGJwlRIwKVeHP6L3d4T
+3EKGrRzT9lhdlocRSiLBAkEAi3xI0MOZp4xGviPc1C1TKuqdJSr8fHwbtLozwNQO
+nnF6m5S72JzZEThDBZS9zcdBp9EFpTvUGzx/O0GI454eoA==
+-----END RSA PRIVATE KEY-----
diff --git a/test/docker/ssh_host_rsa_key_1024-cert_1024.pub b/test/docker/ssh_host_rsa_key_1024-cert_1024.pub
new file mode 100644
index 0000000..17c7738
--- /dev/null
+++ b/test/docker/ssh_host_rsa_key_1024-cert_1024.pub
@@ -0,0 +1 @@
+ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgFqxXSa9HTqCw5YW3DdIwVREPGxI+i56w32RnHWRg0NoAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQAAAAAAAAAAAAAAAgAAAAR0ZXN0AAAACAAAAAR0ZXN0AAAAAF1evHgAAAAAgWtAtQAAAAAAAAAAAAAAAAAAAJcAAAAHc3NoLXJzYQAAAAMBAAEAAACBAOdGU3cAWdR7aUV/lcb1SFcuv/086u41MVsy3TOuM5RKOYBLuFLqkO/lUROhPoNpHURBRhqpIykdjNmG4Irna+vJ06blcVsnvvXav0zJlBSGhVnHxK50EfNUMhU7eNwwxYiWt9YEydRpQcSqmbLzxjuAoNrZNbEmDX6GDnUqoetRAAAAjwAAAAdzc2gtcnNhAAAAgFRc2g0eWXGmqSa6Z8rcMPHf4rNMornEHSnTzZ8Rdh4YBhDa9xMRRy6puaWPDzXxOfZh7eSjCwrzUMEXTgCIO4oX62xm/6kUnAmKhXle0+inR/hdPg03daE0SBJ4spBT49lJ4WIW38RKFNzjmYg70rTPAnP8oM/F3CC1GV117/Vv ssh_host_rsa_key_1024.pub
diff --git a/test/docker/ssh_host_rsa_key_1024-cert_3072.pub b/test/docker/ssh_host_rsa_key_1024-cert_3072.pub
new file mode 100644
index 0000000..ea0160a
--- /dev/null
+++ b/test/docker/ssh_host_rsa_key_1024-cert_3072.pub
@@ -0,0 +1 @@
+ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgrJGcfyW8V6VWGT7lD1ardj2RtTP8TOjmLRNbuoGkyZQAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQAAAAAAAAAAAAAAAgAAAAR0ZXN0AAAACAAAAAR0ZXN0AAAAAF1evHgAAAAAgWtA7gAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAKsUBCG4/MNE6wWNXwzvNXLq4o0K3SzlK/FZfFxAlnOUBndS5ABvNDYHXAgT741sWUpmKynqgO/BlHTfioMnBNM7acWElyh2TGiDOV3veAQfgaHB/db3f9ogcxnnndZ1f83wHatgBB0I9U6SCPmvs9ucsb9j7sFU08MKPSP+iYDat3rx+B28IK90kXxBGGUPmC/HDqQbjYNWGTkdJNcpNt2agHfdicm8WeIgrTre63I9rBR8zbtVOeOMFgcCC+cmWSk4AYWOHan09hKeyM0eR3bHa70FfagvdhjNcwxPlNwMK1Sox7NGGat483Kv8rxQwnDDEc+P9KRhRVNuqFpmvp972wMSiaC/q4RvEDPfpdqhZSxrJzNJFFwCV7Dym8oKWj/Gd1OHioE7idhrkvXiyBZwe5q8A++VehoDfauZmPPQ35FUpB2qKqWPKT3UZM/UAJjBLi7R5r9vQlTqX1+b/67Ju8AEgGarVJZhbuKxRgS8L2W1JVrtNh5oAU+O4OhCHwAAAY8AAAAHc3NoLXJzYQAAAYCO78ONpHp+EGWDqDLb/GPFDH32o6oaRRrIH/Bhvg1FOi5XngnHTdU7xWdnJqNE2Sl6VOrg0sTCMYcX9fZ8tVREnCo3aF7Iwow5Br67QYKayRzHANQqHaVK46lpI1gz81V00u54tX1F8oEUqm6sRmFKFuklt6CjfbR+tnpj7DrfeOTKEBOGJP2uU0jMsJr2DrBeXrzONjIJtIJ1AxWjXd2LeIWO2C6yTkcN5ggThMMaeu6QuuBPpC2PN2COfu+Mgto9g103+/SS4Wa8CzinZZn2Xe1isUxI8QRNrShy4Hl/bIZQL7mi/0rxkfw+fA7IzMk462V99gPVSp+/jK0sbUJoC3QeeglS5hWodjW+VGZfgweGQ+AE/OxkNSv+kDPMYEkjfOf4qhxS5QFvButLt6zp2UNbE5+OWvYpdjO9/DOa0ro+wCw07+dVKIcDpU2csiCcJvQ/HmKAmhch7jOHa0WaxSX0tt0xTPJWTvr6E4WZOgEnk9AvWmrKjF5tEzGYwTU= ssh_host_rsa_key_1024.pub
diff --git a/test/docker/ssh_host_rsa_key_1024.pub b/test/docker/ssh_host_rsa_key_1024.pub
new file mode 100644
index 0000000..1da6065
--- /dev/null
+++ b/test/docker/ssh_host_rsa_key_1024.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQ==
diff --git a/test/docker/ssh_host_rsa_key_3072 b/test/docker/ssh_host_rsa_key_3072
new file mode 100644
index 0000000..3a2c719
--- /dev/null
+++ b/test/docker/ssh_host_rsa_key_3072
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEAzhHp7eFnrQAJqOd7aihyQyIDKgxCF7H51Q3Ft3+8af+lX3Ol
+Ie77Gi5GNNM+eRB4OzG+CBslxN5I3pM//sZ+gyylA1VuWZZkOlgtbOHutIkO2ldk
+XtoGidla0VAxLcUcUK6cCmqwBTT31Hp4Qimp2zyeg/l5q0DhWKguY13lrm5b3YZY
+rj7CW3Ktzxf8SbYz6du8KF0dHCWilzq+FLeGzXr7Yul5njVF5njkGvZ9duQ0qiVR
+zqZkrkLEWgQlCM0T+PyUbvedL1MfDZPHGh7ZhU0snOvJRsxAr31tlknq+WwauZYd
+DzJf1g1URcM65UwEsPlfgOW3ZoZogR1v57Im+KdsKhq2B3snEtJgdQh06JyO0ur4
+uUXo1mMtvBFhiptUtwP4g9v/IN4neeK+wBRom46m2Q1bMUBPneBOa8r2SY/3ynrz
+XuVIWFOQtF60aJ+BNqvgUVCKOmz1KzoJwTqGm+EFaKM5z+UQWjIbSE3Ge4X5hXtk
+Ou52v+tyDUk6boZLAgMBAAECggGAdrhxWmA7N7tG1W2Pd6iXs7+brRTk2vvpYGqP
+11kbNsJXBzf8EiG5vuqb/gEaA+uOKSRORCNHzjT2LG0POHwpFO+aneIRMkHnuolk
+mk9ME+zGhtpEdDUOAUsc/GxD+QePeZgvQ/0VLdrHUT3BnPSd7DXvaT9IbnZxnX8/
+QnYtRiJEgMrOuoxjswXNxvsdmWYEYJ38uBB1Hes80f3A1vSpECbjP6gdLh2pCM/r
+MvGBdQaipMfdar4IUTEcKHQs1fY3mlAxnWRjYCqJPmq10d3NrdUrHb2zBE1HCC4h
+aj2ycTxFhDJqGV6Y2AboHqh2c7lPJ+R2UjI9mIpALZSviHB1POcpWCAGA3NKjri9
+8jgxl3bj03ikJNfCuvlqRTa8at63W2zZTMRsxamoiO023uUOEMNBPwWXP/rVhQ8g
+ufih0SY44j0EMPIuu2PoQV4ZSOtDw8xdPrchVCa078/pP5cRa4uV0bl2K4as+cYC
+BhjEq2Org3ulDW2n6Mz5ZS7NbAkxAoHBAP/bgPGKX7rfrHa5MRHIgbLSmZtUoF51
+YGelc8ytRx6UT6wriJ1jQRXiI5mZlIXyVxMpIz9s4+h59kF+LpZuNLc3vTYpPOQn
+RUDBVY6+SPC5MancL7bfBoHahpWEJuJB/WUE7eWvQM03/LsBtU6Nq+R632t5KdqF
+A4y86qgD1vIjcBWvySLFJZGOCoNbj7ZinoBUO3ueYK6SUj8xH6TAqOJsTPvquRT3
+AFBpFBmrVc24wW7wTiLkQOhkIQs1J/ZhYwKBwQDOL07qF8wsoQBBTTXkZ59BCauz
+R8kfqe5oUBwsmGJdiIHX6gutBA07sSwzVekIvCCkJFXk3TxLoBSMHEZEIdnS+HVt
+gMIacYuhbh+XztdY0kadH/SMbVQD/2LZcL99vcZPq1QF3cHb0Buip5+fyAYjoEc7
+oVgvewD/TwdNcMjos/kMNh6l04kLi6vQG3WhoSBPWaoB669ppBNXSrWKe43nXVi6
+EvjGEiL+HCCnmD6LiD6p797Owu9AChP6fXInD/kCgcEAiLP3SRbt3yLzOtvn4+CF
+q83qVJv6s31zbO1x2cIbZbNIfm0kKTOG6vJQoxjzyj2ZWJt6QcEkZGoFsSiCK83m
+TJ5zciTGbACvd9HUrNfukO/iISeMNuEi0O65Sdm6DNnFUdw4X6grr3pihmh7PuVj
+GkisZvft7Nt08hVeKzch+W4FzRCHHxTG5eZGp7icKI64sUhQH9SXQ67aUvkkNxrZ
+IWFMIK1hBlqSyGPcYXqx9aDpeSTcGrhqFcCqBxr3pySRAoHAfJNO3delEC3yxoHN
+FwSYzyX1rOuplE0K89G7RCKKBDNPKFKL3Wx+Rluk9htpIlLwcdxWXWJiZNsCrykC
+N3YwcuyVnqTWIj4KfG3Z/tIFgPADpDnDevkvcv7iDbi2qlV4NXix2p2C3LnfiKY4
+psSnGO1lPJ0eeAmcr6VjJyIG8bqTthIY8F5gBi7Mj3+X0iFVMTxeoKxzHqP435wP
+Fe3S7kCTNFH0J1Cb/eamwDwXRhz6p5h7iXd0MMAmFAmpZ/qZAoHBAPDSIvk2ocf1
+FVW8pKtKOJFIs8iQVIaOLKwPJVP8/JsB1+7mQx5KMoROb5pNpX2edN4vvG0CgqpJ
+KekleqpH6nQCqYGFZ1BDhORElNILxeJHcNl0eAG++IJ2PfIpTZV30edDqMm0x7EI
+8POZWAx809VzcYbE2jsgpN/EuiaG30EAI5yNvyzmZRCyQykH+eltHlCx17MWBxRQ
+bb2UUfpdInTMS2vyrvkeUACkC1DGYdBVVBqqPTkHZg+Kcbs8ntQqEQ==
+-----END RSA PRIVATE KEY-----
diff --git a/test/docker/ssh_host_rsa_key_3072-cert_1024.pub b/test/docker/ssh_host_rsa_key_3072-cert_1024.pub
new file mode 100644
index 0000000..da6b9ec
--- /dev/null
+++ b/test/docker/ssh_host_rsa_key_3072-cert_1024.pub
@@ -0,0 +1 @@
+ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgGHz1JwF/1IcxW3pdQtpqbUjIHaFuk0cR/+l50vG+9hIAAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhksAAAAAAAAAAAAAAAIAAAAEdGVzdAAAAAgAAAAEdGVzdAAAAABdXry0AAAAAIFrQR8AAAAAAAAAAAAAAAAAAACXAAAAB3NzaC1yc2EAAAADAQABAAAAgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8SudBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQAAAI8AAAAHc3NoLXJzYQAAAIB4HaEexgQ9T6rScEbiHZx+suCaYXI7ywLYyoSEO48K8o+MmO83UTLtpPa3DXlT8hSYL8Aq6Bb5AMkDawsgsC484owPqObT/5ndLG/fctNBFcCTSL0ftte+A8xH0pZaGRoKbdxxgMqX4ubrCXpbMLGF9aAeh7MRa756XzqGlsCiSA== ssh_host_rsa_key_3072.pub
diff --git a/test/docker/ssh_host_rsa_key_3072-cert_3072.pub b/test/docker/ssh_host_rsa_key_3072-cert_3072.pub
new file mode 100644
index 0000000..78f49ea
--- /dev/null
+++ b/test/docker/ssh_host_rsa_key_3072-cert_3072.pub
@@ -0,0 +1 @@
+ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg9MVX4OlkEy3p9eC+JJp8h7j76EmI46EY/RXxCGSWTC0AAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhksAAAAAAAAAAAAAAAIAAAAEdGVzdAAAAAgAAAAEdGVzdAAAAABdXr0sAAAAAIFrQWwAAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCrFAQhuPzDROsFjV8M7zVy6uKNCt0s5SvxWXxcQJZzlAZ3UuQAbzQ2B1wIE++NbFlKZisp6oDvwZR034qDJwTTO2nFhJcodkxogzld73gEH4Ghwf3W93/aIHMZ553WdX/N8B2rYAQdCPVOkgj5r7PbnLG/Y+7BVNPDCj0j/omA2rd68fgdvCCvdJF8QRhlD5gvxw6kG42DVhk5HSTXKTbdmoB33YnJvFniIK063utyPawUfM27VTnjjBYHAgvnJlkpOAGFjh2p9PYSnsjNHkd2x2u9BX2oL3YYzXMMT5TcDCtUqMezRhmrePNyr/K8UMJwwxHPj/SkYUVTbqhaZr6fe9sDEomgv6uEbxAz36XaoWUsayczSRRcAlew8pvKClo/xndTh4qBO4nYa5L14sgWcHuavAPvlXoaA32rmZjz0N+RVKQdqiqljyk91GTP1ACYwS4u0ea/b0JU6l9fm/+uybvABIBmq1SWYW7isUYEvC9ltSVa7TYeaAFPjuDoQh8AAAGPAAAAB3NzaC1yc2EAAAGAG8tCiBMSq3Of3Gmcrid2IfPmaaemYivgEEuK8ubq1rznF0vtR07/NUQ7WVzfJhUSeG0gtJ3A1ey60NjcBn0DHao4Q3ATIXnkSOIKjNolZ2urqYv9fT1LAC4I5XWGzK2aKK0NEqAYr06YPtcGOBQk5+3GPAWSJ4eQycKRz5BSuMYbKaVxU0kGSvbavG07ZntMQhia/lILyq84PjXh/JlRVpIqY+LAS0qwqkUR3gWMTmvYvYI7fXU84ReVB1ut75bY7Xx0DXHPl1Zc2MNDLGcKsByZtoO9ueZRyOlZMUJcVP5fK+OUuZKjMbCaaJnV55BQ78/rftIPYsTEEO2Sf9WT86ADa3k4S0pyWqlTxBzZcDWNt+fZFNm9wcqcYS32nDKtfixcDN8E/IJIWY7aoabPqoYnKUVQBOcIEnZf1HqsKUVmF44Dp9mKhefUs3BtcdK63j/lNXzzMrPwZQAreJqH/uV3TgYBLjMPl++ctX6tCe6Hv5zFKNhnOCSBSzcsCgIU ssh_host_rsa_key_3072.pub
diff --git a/test/docker/ssh_host_rsa_key_3072.pub b/test/docker/ssh_host_rsa_key_3072.pub
new file mode 100644
index 0000000..ad83cd1
--- /dev/null
+++ b/test/docker/ssh_host_rsa_key_3072.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhks=
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-12 11:06:13 +0000