GH-1264: Implement "ssh_server_host_key" event

This event provides host key fingerprints for both SSH1 and SSH2.
2025-10-02 06:38:20 +00:00 · 2020-11-13 21:48:29 -08:00 · 2020-11-13 21:48:29 -08:00 · bd40a97a78
commit bd40a97a78
parent 93469d811d
8 changed files with 97 additions and 16 deletions
--- a/testing/btest/scripts/base/protocols/ssh/fingerprints.zeek
+++ b/testing/btest/scripts/base/protocols/ssh/fingerprints.zeek
@ -0,0 +1,19 @@
+# @TEST-EXEC: zeek -r $TRACES/ssh/ssh1-ssh2-fingerprints.pcap %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+@load base/protocols/ssh
+
+event ssh2_server_host_key(c: connection, key: string)
+	{
+	print "ssh2 server host key fingerprint",  md5_hash(key);
+	}
+
+event ssh1_server_host_key(c: connection, p: string, e: string)
+	{
+	print "ssh1 server host key fingerprint", md5_hash(e + p);
+	}
+
+event ssh_server_host_key(c: connection, hash: string)
+	{
+	print "ssh server host key fingerprint", hash;
+	}