Johanna Amann 6023c8b906 SSH: make banner parsing more robust ... This change revamps SSH banner parsing. The previous behavior was both a bit too strict in some regards, and too permissive in other. Specifically, clients are now required to send a line starting with "SSH-" as the first line. This is in line with the RFC, as well with observed behavior. This also prevents the creation of `ssh.log` for non-SSH traffic on port 22. For the server side, we now accept text before the SSH banner. This previously led to a protocol violation but is allowed by the spec. New tests are added to cover these cases.		2025-03-18 16:19:33 +00:00
..
basic.test	GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev.	2019-05-01 21:43:45 +00:00
curve25519_kex.test	GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev.	2019-05-01 21:43:45 +00:00
fingerprints.zeek	Deprecate "ssh1_server_host_key" parameters *e* and *p*	2020-11-13 22:58:56 -08:00
half-duplex-client.zeek	ssh: Revert half-duplex robustness	2024-06-19 16:04:51 +02:00
half-duplex-server.zeek	ssh: Revert half-duplex robustness	2024-06-19 16:04:51 +02:00
http-port-22.test	SSH: make banner parsing more robust	2025-03-18 16:19:33 +00:00
one-auth-fail-only.test	General btest cleanup	2020-08-11 11:26:22 -07:00
pre-banner.test	SSH: make banner parsing more robust	2025-03-18 16:19:33 +00:00
set_version.zeek	Change SSH version field to be &optional.	2021-06-17 09:24:46 +02:00
ssh-reverse-connection.zeek	Added several events for detailed info on the SSH2 key init directions	2022-12-05 12:35:05 +01:00
ssh_dh_gex_direction.zeek	Added several events for detailed info on the SSH2 key init directions	2022-12-05 12:35:05 +01:00
ssh_segmented_encryption_transition.zeek	GH-566: fix cases where ssh_encrypted_packet event wasn't raised	2019-09-03 17:34:24 -07:00
ssh_version_199.zeek	[SSH] Handle SSH version 1.99	2020-11-14 15:33:34 +01:00