Merge branch 'topic/fox-ds/ssh-key-init-events' of github.com:fox-ds/zeek

* 'topic/fox-ds/ssh-key-init-events' of github.com:fox-ds/zeek:
  Added several events for detailed info on the SSH2 key init directions

* Straightened out the zeek:see lines in events.bif to be the same across all events.

testing/btest/scripts/base/protocols/ssh/ssh-reverse-connection.zeek

@@ -0,0 +1,12 @@
+# @TEST-EXEC: zeek -b -Cr $TRACES/ssh/reverse-ssh.pcap %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+@load base/protocols/ssh
+
+event ssh2_ecc_init(c: connection, is_orig: bool) {
+    ## If a machine sends out the initial key material for the handshake, this should come from the client.
+    ## In most cases, this client is the machine that set up the TCP connection. 
+    if ( ! is_orig ) {
+        print("Detected an ECC INIT not from the TCP client");
+    }
+}

testing/btest/scripts/base/protocols/ssh/ssh_dh_gex_direction.zeek

@@ -0,0 +1,8 @@
+# @TEST-EXEC: zeek -b -Cr $TRACES/ssh/sshguess.pcap %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+@load base/protocols/ssh
+
+event ssh2_dh_gex_init(c: connection, is_orig: bool) {
+    print("Found SSH2_DH_GEX_INIT event");
+}