Merged arthepsy/ssh-audit#47

2025-11-03 18:52:15 +01:00 · 2019-10-25 11:48:02 -04:00
parent f2e6f1a71c 8a3ae321f1
commit a401afd099
76 changed files with 5284 additions and 798 deletions
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -0,0 +1,37 @@
 version: '1.7.1.dev.{build}'
 build: off
 branches:
  only:
    - master
    - develop
 environment:
  matrix:
    - PYTHON: "C:\\Python26"
    - PYTHON: "C:\\Python26-x64"
    - PYTHON: "C:\\Python27"
    - PYTHON: "C:\\Python27-x64"
    - PYTHON: "C:\\Python33"
    - PYTHON: "C:\\Python33-x64"
    - PYTHON: "C:\\Python34"
    - PYTHON: "C:\\Python34-x64"
    - PYTHON: "C:\\Python35"
    - PYTHON: "C:\\Python35-x64"
    - PYTHON: "C:\\Python36"
    - PYTHON: "C:\\Python36-x64"
 matrix:
  fast_finish: true 
 cache:
  - '%LOCALAPPDATA%\pip\Cache'
  - .downloads -> .appveyor.yml
 install:
  - "cmd /c .\\test\\tools\\ci-win.cmd install"
 test_script:
  - "cmd /c .\\test\\tools\\ci-win.cmd test"
 on_failure:
  - ps: get-content .tox\*\log\*
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,11 @@
 *~
 *.pyc
-html/
+venv*/
-venv/
+.cache/
-.cache/
+.tox
 .coverage*
 reports/
 .scannerwork/
 pypi/sshaudit/LICENSE
 pypi/sshaudit/README.md
 pypi/sshaudit/sshaudit.py
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,18 +1,80 @@
 language: python
-python:
+sudo: false
-  - 2.6
+matrix:
-  - 2.7
+  include:
-  - 3.3
+    # (default)
-  - 3.4
+    - os: linux
-  - 3.5
+      python: 2.6
-  - pypy
+    - os: linux
-  - pypy3
+      python: 2.7
-install:
+      env: SQ=1
-  - pip install --upgrade pytest
+    - os: linux
-  - pip install --upgrade pytest-cov
+      python: 3.3
-  - pip install --upgrade coveralls
+    - os: linux
-script:
+      python: 3.4
-  - py.test --cov-report= --cov=ssh-audit -v test
+    - os: linux
-after_success:
+      python: 3.5
-  - coveralls
+    - os: linux
      python: 3.6
    - os: linux
      python: pypy
    - os: linux
      python: pypy3
    - os: linux
      python: 3.7-dev
    # Ubuntu 12.04
    - os: linux
      dist: precise
      language: generic
      env: PY_VER=py26,py27,py33,py34,py35,py36,pypy,pypy3 PY_ORIGIN=pyenv
    # Ubuntu 14.04
    - os: linux
      dist: trusty
      language: generic
      env: PY_VER=py26,py27,py33,py34,py35,py36,pypy,pypy3 PY_ORIGIN=pyenv
    # macOS 10.12 Sierra
    - os: osx
      osx_image: xcode8.3
      language: generic
      env: PY_VER=py26,py27,py33,py34,py35,py36,pypy,pypy3
    # Mac OS X 10.11 El Capitan
    - os: osx
      osx_image: xcode7.3
      language: generic
      env: PY_VER=py26,py27,py33,py34,py35,py36,pypy,pypy3
    # Mac OS X 10.10 Yosemite
    - os: osx
      osx_image: xcode6.4
      language: generic
      env: PY_VER=py26,py27,py33,py34,py35,py36,pypy,pypy3
  allow_failures:
    # PyPy3 on Travis CI is out of date
    - python: pypy3
    # Python nightly could fail
    - python: 3.7-dev
    - env: PY_VER=py37
    - env: PY_VER=py37/pyenv
    - env: PY_VER=py37 PY_ORIGIN=pyenv
  fast_finish: true
 cache:
  - pip
  - directories:
    - $HOME/.pyenv.cache
    - $HOME/.bin
 before_install:
  - source test/tools/ci-linux.sh
  - ci_step_before_install
 install:
  - ci_step_install
 script:
  - ci_step_script
 after_success:
  - ci_step_success
 after_failure:
  - ci_step_failure
--- a/4
+++ b/4
@@ -1,6 +1,8 @@
 The MIT License (MIT)
-Copyright (C) 2016 Andris Raugulis (moo@arthepsy.eu)
+Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu)
 Copyright (C) 2017-2019 Joe Testa (jtesta@positronsecurity.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@@ -1,10 +1,15 @@
 # ssh-audit
-[![build status](https://api.travis-ci.org/arthepsy/ssh-audit.svg)](https://travis-ci.org/arthepsy/ssh-audit)
+<!--
-[![coverage status](https://coveralls.io/repos/github/arthepsy/ssh-audit/badge.svg)](https://coveralls.io/github/arthepsy/ssh-audit)  
+[![travis build status](https://api.travis-ci.org/arthepsy/ssh-audit.svg?branch=develop)](https://travis-ci.org/arthepsy/ssh-audit)
-**ssh-audit** is a tool for ssh server auditing.  
+[![appveyor build status](https://ci.appveyor.com/api/projects/status/4m5r73m0r023edil/branch/develop?svg=true)](https://ci.appveyor.com/project/arthepsy/ssh-audit)
 [![codecov](https://codecov.io/gh/arthepsy/ssh-audit/branch/develop/graph/badge.svg)](https://codecov.io/gh/arthepsy/ssh-audit)
 [![Quality Gate](https://sonarqube.com/api/badges/gate?key=arthepsy-github%3Assh-audit%3Adevelop&template=ROUNDED)](https://sq.evolutiongaming.com/dashboard?id=arthepsy-github%3Assh-audit%3Adevelop)  
 -->
 **ssh-audit** is a tool for ssh server & client configuration auditing.
 ## Features
 - SSH1 and SSH2 protocol server support;
 - analyze SSH client configuration;
 - grab banner, recognize device or software and operating system, detect compression;
 - gather key-exchange, host-key, encryption and message authentication code algorithms;
 - output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
@@ -12,11 +17,11 @@
 - output security information (related issues, assigned CVE list, etc);
 - analyze SSH version compatibility based on algorithm information;
 - historical information from OpenSSH, Dropbear SSH and libssh;
- no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;
+- no dependencies
 ## Usage
 ```
-usage: ssh-audit.py [-1246pbnvl] <host>
+usage: ssh-audit.py [-1246pbcnvlt] <host>
   -1,  --ssh1             force ssh version 1 only
   -2,  --ssh2             force ssh version 2 only
@@ -24,19 +29,45 @@ usage: ssh-audit.py [-1246pbnvl] <host>
   -6,  --ipv6             enable IPv6 (order of precedence)
   -p,  --port=<port>      port to connect
   -b,  --batch            batch output
   -c,  --client-audit     starts a server on port 2222 to audit client
                               software config (use -p to change port)
   -n,  --no-colors        disable colors
   -v,  --verbose          verbose output
   -l,  --level=<level>    minimum output level (info|warn|fail)
-   
+   -t,  --timeout=<secs>   timeout (in seconds) for connection and reading
                               (default: 5)
 ```
 * if both IPv4 and IPv6 are used, order of precedence can be set by using either `-46` or `-64`.  
 * batch flag `-b` will output sections without header and without empty lines (implies verbose flag).  
 * verbose flag `-v` will prefix each line with section type and algorithm name.  
-### example
+### Server Audit Example
-![screenshot](https://cloud.githubusercontent.com/assets/7356025/19233757/3e09b168-8ef0-11e6-91b4-e880bacd0b8a.png)
+![screenshot](https://user-images.githubusercontent.com/2982011/64388792-317e6f80-d00e-11e9-826e-a4934769bb07.png)
 ### Client Audit Example
 TODO
 ## ChangeLog
 ### v2.1.0 (???)
 - Added client software auditing functionality (see `-c` / `--client-audit` option).
 - Fixed crash while scanning Solaris Sun_SSH.
 - Added 9 new key exchanges: `gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `gss-group14-sha1-`, `gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==`, `gss-group15-sha512-toWM5Slw5Ew8Mqkay+al2g==`, `diffie-hellman-group15-sha256`, `ecdh-sha2-1.3.132.0.10`, `curve448-sha512`.
 - Added 1 new host key type: `ecdsa-sha2-1.3.132.0.10`.
 - Added 4 new ciphers: `idea-cbc`, `serpent128-cbc`, `serpent192-cbc`, `serpent256-cbc`.
 - Added 6 new MACs: `hmac-sha2-256-96-etm@openssh.com`, `hmac-sha2-512-96-etm@openssh.com`, `hmac-ripemd`, `hmac-sha256-96@ssh.com`, `umac-32@openssh.com`, `umac-96@openssh.com`.
 ### v2.0.0 (2019-08-29)
 - Forked from https://github.com/arthepsy/ssh-audit (development was stalled, and developer went MIA).
 - Added RSA host key length test.
 - Added RSA certificate key length test.
 - Added Diffie-Hellman modulus size test.
 - Now outputs host key fingerprints for RSA and ED25519.
 - Added 5 new key exchanges: `sntrup4591761x25519-sha512@tinyssh.org`, `diffie-hellman-group-exchange-sha256@ssh.com`, `diffie-hellman-group-exchange-sha512@ssh.com`, `diffie-hellman-group16-sha256`, `diffie-hellman-group17-sha512`.
 - Added 3 new encryption algorithms: `des-cbc-ssh1`, `blowfish-ctr`, `twofish-ctr`.
 - Added 10 new MACs: `hmac-sha2-56`, `hmac-sha2-224`, `hmac-sha2-384`, `hmac-sha3-256`, `hmac-sha3-384`, `hmac-sha3-512`, `hmac-sha256`, `hmac-sha256@ssh.com`, `hmac-sha512`, `hmac-512@ssh.com`.
 - Added command line argument (-t / --timeout) for connection & reading timeouts.
 - Updated CVEs for libssh & Dropbear.
 ### v1.7.0 (2016-10-26)
 - implement options to allow specify IPv4/IPv6 usage and order of precedence
 - implement option to specify remote port (old behavior kept for compatibility)
--- a/docker_test.sh
+++ b/docker_test.sh
@@ -0,0 +1,490 @@
 #!/bin/bash
 #
 # This script will set up a docker image with multiple versions of OpenSSH, then
 # use it to run tests.
 #
 # For debugging purposes, here is a cheat sheet for manually running the docker image:
 #
 # docker run -p 2222:22 -it ssh-audit-test:X /bin/bash
 # docker run -p 2222:22 --security-opt seccomp:unconfined -it ssh-audit-test /debug.sh
 # docker run -d -p 2222:22 ssh-audit-test:X /openssh/sshd-5.6p1 -D -f /etc/ssh/sshd_config-5.6p1_test1
 # docker run -d -p 2222:22 ssh-audit-test:X /openssh/sshd-8.0p1 -D -f /etc/ssh/sshd_config-8.0p1_test1
 #
 # This is the docker tag for the image.  If this tag doesn't exist, then we assume the
 # image is out of date, and generate a new one with this tag.
 IMAGE_VERSION=3
 # This is the name of our docker image.
 IMAGE_NAME=ssh-audit-test
 # Terminal colors.
 CLR="\033[0m"
 RED="\033[0;31m"
 GREEN="\033[0;32m"
 REDB="\033[1;31m"   # Red + bold
 GREENB="\033[1;32m" # Green + bold
 # Returns 0 if current docker image exists.
 function check_if_docker_image_exists {
    images=`docker image ls | egrep "$IMAGE_NAME[[:space:]]+$IMAGE_VERSION"`
 }
 # Uncompresses and compiles the specified version of Dropbear.
 function compile_dropbear {
    version=$1
    compile 'Dropbear' $version
 }
 # Uncompresses and compiles the specified version of OpenSSH.
 function compile_openssh {
    version=$1
    compile 'OpenSSH' $version
 }
 # Uncompresses and compiles the specified version of TinySSH.
 function compile_tinyssh {
    version=$1
    compile 'TinySSH' $version
 }
 function compile {
    project=$1
    version=$2
    tarball=
    uncompress_options=
    source_dir=
    server_executable=
    if [[ $project == 'OpenSSH' ]]; then
 	tarball="openssh-${version}.tar.gz"
 	uncompress_options="xzf"
 	source_dir="openssh-${version}"
 	server_executable=sshd
    elif [[ $project == 'Dropbear' ]]; then
 	tarball="dropbear-${version}.tar.bz2"
 	uncompress_options="xjf"
 	source_dir="dropbear-${version}"
 	server_executable=dropbear
    elif [[ $project == 'TinySSH' ]]; then
 	tarball="${version}.tar.gz"
 	uncompress_options="xzf"
 	source_dir="tinyssh-${version}"
 	server_executable='build/bin/tinysshd'
    fi
    echo "Uncompressing ${project} ${version}..."
    tar $uncompress_options $tarball
    echo "Compiling ${project} ${version}..."
    pushd $source_dir > /dev/null
    # TinySSH has no configure script... only a Makefile.
    if [[ $project == 'TinySSH' ]]; then
 	make -j 10
    else
 	./configure && make -j 10
    fi
    if [[ ! -f $server_executable ]]; then
 	echo -e "${REDB}Error: ${server_executable} not built!${CLR}"
 	exit 1
    fi
    echo -e "\n${GREEN}Successfully built ${project} ${version}${CLR}\n"
    popd > /dev/null
 }
 # Creates a new docker image.
 function create_docker_image {
    # Create a new temporary directory.
    TMP_DIR=`mktemp -d /tmp/sshaudit-docker-XXXXXXXXXX`
    # Copy the Dockerfile and all files in the test/docker/ dir to our new temp directory.
    find test/docker/ -maxdepth 1 -type f | xargs cp -t $TMP_DIR
    # Make the temp directory our working directory for the duration of the build
    # process.
    pushd $TMP_DIR > /dev/null
    # Get the release keys.
    get_dropbear_release_key
    get_openssh_release_key
    get_tinyssh_release_key
    # Aside from checking the GPG signatures, we also compare against this known-good
    # SHA-256 hash just in case.
    get_openssh '4.0p1' '5adb9b2c2002650e15216bf94ed9db9541d9a17c96fcd876784861a8890bc92b'
    get_openssh '5.6p1' '538af53b2b8162c21a293bb004ae2bdb141abd250f61b4cea55244749f3c6c2b'
    get_openssh '8.0p1' 'bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68'
    get_dropbear '2019.78' '525965971272270995364a0eb01f35180d793182e63dd0b0c3eb0292291644a4'
    get_tinyssh '20190101' '554a9a94e53b370f0cd0c5fbbd322c34d1f695cbcea6a6a32dcb8c9f595b3fea'
    # Compile the versions of OpenSSH.
    compile_openssh '4.0p1'
    compile_openssh '5.6p1'
    compile_openssh '8.0p1'
    # Compile the versions of Dropbear.
    compile_dropbear '2019.78'
    # Compile the versions of TinySSH.
    compile_tinyssh '20190101'
    # Rename the default config files so we know they are our originals.
    mv openssh-4.0p1/sshd_config sshd_config-4.0p1_orig
    mv openssh-5.6p1/sshd_config sshd_config-5.6p1_orig
    mv openssh-8.0p1/sshd_config sshd_config-8.0p1_orig
    # Create the configurations for each test.
    #
    # OpenSSH v4.0p1
    #
    # Test 1: Basic test.
    create_openssh_config '4.0p1' 'test1' "HostKey /etc/ssh/ssh1_host_key\nHostKey /etc/ssh/ssh_host_rsa_key_1024\nHostKey /etc/ssh/ssh_host_dsa_key"
    #
    # OpenSSH v5.6p1
    #
    # Test 1: Basic test.
    create_openssh_config '5.6p1' 'test1' "HostKey /etc/ssh/ssh_host_rsa_key_1024\nHostKey /etc/ssh/ssh_host_dsa_key"
    # Test 2: RSA 1024 host key with RSA 1024 certificate.
    create_openssh_config '5.6p1' 'test2' "HostKey /etc/ssh/ssh_host_rsa_key_1024\nHostCertificate /etc/ssh/ssh_host_rsa_key_1024-cert_1024.pub"
    # Test 3: RSA 1024 host key with RSA 3072 certificate.
    create_openssh_config '5.6p1' 'test3' "HostKey /etc/ssh/ssh_host_rsa_key_1024\nHostCertificate /etc/ssh/ssh_host_rsa_key_1024-cert_3072.pub"
    # Test 4: RSA 3072 host key with RSA 1024 certificate.
    create_openssh_config '5.6p1' 'test4' "HostKey /etc/ssh/ssh_host_rsa_key_3072\nHostCertificate /etc/ssh/ssh_host_rsa_key_3072-cert_1024.pub"
    # Test 5: RSA 3072 host key with RSA 3072 certificate.
    create_openssh_config '5.6p1' 'test5' "HostKey /etc/ssh/ssh_host_rsa_key_3072\nHostCertificate /etc/ssh/ssh_host_rsa_key_3072-cert_3072.pub"
    #
    # OpenSSH v8.0p1
    #
    # Test 1: Basic test.
    create_openssh_config '8.0p1' 'test1' "HostKey /etc/ssh/ssh_host_rsa_key_3072\nHostKey /etc/ssh/ssh_host_ecdsa_key\nHostKey /etc/ssh/ssh_host_ed25519_key"
    # Test 2: ED25519 certificate test.
    create_openssh_config '8.0p1' 'test2' "HostKey /etc/ssh/ssh_host_ed25519_key\nHostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub"
    # Test 3: Hardened installation test.
    create_openssh_config '8.0p1' 'test3' "HostKey /etc/ssh/ssh_host_ed25519_key\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com"
    # Now build the docker image!
    docker build --tag $IMAGE_NAME:$IMAGE_VERSION .
    popd > /dev/null
    rm -rf $TMP_DIR
 }
 # Creates an OpenSSH configuration file for a specific test.
 function create_openssh_config {
    openssh_version=$1
    test_number=$2
    config_text=$3
    cp sshd_config-${openssh_version}_orig sshd_config-${openssh_version}_${test_number}
    echo -e "${config_text}" >> sshd_config-${openssh_version}_${test_number}
 }
 # Downloads the Dropbear release key and adds it to the local keyring.
 function get_dropbear_release_key {
    get_release_key 'Dropbear' 'https://matt.ucc.asn.au/dropbear/releases/dropbear-key-2015.asc' 'F29C6773' 'F734 7EF2 EE2E 07A2 6762  8CA9 4493 1494 F29C 6773'
 }
 # Downloads the OpenSSH release key and adds it to the local keyring.
 function get_openssh_release_key {
    get_release_key 'OpenSSH' 'https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc' '6D920D30' '59C2 118E D206 D927 E667  EBE3 D3E5 F56B 6D92 0D30'
 }
 # Downloads the TinySSH release key and adds it to the local keyring.
 function get_tinyssh_release_key {
    get_release_key 'TinySSH' '' '96939FF9' 'AADF 2EDF 5529 F170 2772  C8A2 DEC4 D246 931E F49B'
 }
 function get_release_key {
    project=$1
    key_url=$2
    key_id=$3
    release_key_fingerprint_expected=$4
    # The TinySSH release key isn't on any website, apparently.
    if [[ $project == 'TinySSH' ]]; then
 	gpg --recv-key $key_id
    else
 	echo -e "\nGetting ${project} release key...\n"
 	wget -O key.asc $2
 	echo -e "\nImporting ${project} release key...\n"
 	gpg --import key.asc
 	rm key.asc
    fi
    local release_key_fingerprint_actual=`gpg --fingerprint ${key_id}`
    if [[ $release_key_fingerprint_actual != *"$release_key_fingerprint_expected"* ]]; then
        echo -e "\n${REDB}Error: ${project} release key fingerprint does not match expected value!\n\tExpected: $release_key_fingerprint_expected\n\tActual: $release_key_fingerprint_actual\n\nTerminating.${CLR}"
        exit -1
    fi
    echo -e "\n\n${GREEN}${project} release key matches expected value.${CLR}\n"
 }
 # Downloads the specified version of Dropbear.
 function get_dropbear {
    version=$1
    tarball_checksum_expected=$2
    get_source 'Dropbear' $version $tarball_checksum_expected
 }
 # Downloads the specified version of OpenSSH.
 function get_openssh {
    version=$1
    tarball_checksum_expected=$2
    get_source 'OpenSSH' $version $tarball_checksum_expected
 }
 # Downloads the specified version of TinySSH.
 function get_tinyssh {
    version=$1
    tarball_checksum_expected=$2
    get_source 'TinySSH' $version $tarball_checksum_expected
 }
 function get_source {
    project=$1
    version=$2
    tarball_checksum_expected=$3
    base_url_source=
    base_url_sig=
    tarball=
    sig=
    signer=
    if [[ $project == 'OpenSSH' ]]; then
 	base_url_source='https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/'
 	base_url_sig=$base_url_source
 	tarball="openssh-${version}.tar.gz"
 	sig="${tarball}.asc"
 	signer="Damien Miller "
    elif [[ $project == 'Dropbear' ]]; then
 	base_url_source='https://matt.ucc.asn.au/dropbear/releases/'
 	base_url_sig=$base_url_source
 	tarball="dropbear-${version}.tar.bz2"
 	sig="${tarball}.asc"
 	signer="Dropbear SSH Release Signing <matt@ucc.asn.au>"
    elif [[ $project == 'TinySSH' ]]; then
 	base_url_source='https://github.com/janmojzis/tinyssh/archive/'
 	base_url_sig="https://github.com/janmojzis/tinyssh/releases/download/${version}/"
 	tarball="${version}.tar.gz"
 	sig="${tarball}.asc"
 	signer="Jan Mojžíš <jan.mojzis@gmail.com>"
    fi
    echo -e "\nGetting ${project} ${version} sources...\n"
    wget "${base_url_source}${tarball}"
    echo -e "\nGetting ${project} ${version} signature...\n"
    wget "${base_url_sig}${sig}"
    # Older OpenSSH releases were .sigs.
    if [[ ($project == 'OpenSSH') && (! -f $sig) ]]; then
 	wget ${base_url_sig}openssh-${version}.tar.gz.sig
 	sig=openssh-${version}.tar.gz.sig
    fi
    local gpg_verify=`gpg --verify ${sig} ${tarball} 2>&1`
    if [[ $gpg_verify != *"Good signature from \"${signer}"* ]]; then
        echo -e "\n\n${REDB}Error: ${project} signature invalid!\n$gpg_verify\n\nTerminating.${CLR}"
        exit -1
    fi
    # Check GPG's return value.  0 denotes a valid signature, and 1 is returned
    # on invalid signatures.
    if [[ $? != 0 ]]; then
        echo -e "\n\n${REDB}Error: ${project} signature invalid!  Verification returned code: $?\n\nTerminating.${CLR}"
        exit -1
    fi
    echo -e "${GREEN}Signature on ${project} sources verified.${CLR}\n"
    local checksum_actual=`sha256sum ${tarball} | cut -f1 -d" "`
    if [[ $checksum_actual != $tarball_checksum_expected ]]; then
        echo -e "${REDB}Error: ${project} checksum is invalid!\n  Expected: ${tarball_checksum_expected}\n  Actual:   ${checksum_actual}\n\n  Terminating.${CLR}"
        exit -1
    fi
 }
 # Runs a Dropbear test.  Upon failure, a diff between the expected and actual results
 # is shown, then the script immediately terminates.
 function run_dropbear_test {
    dropbear_version=$1
    test_number=$2
    options=$3
    run_test 'Dropbear' $dropbear_version $test_number "$options"
 }
 # Runs an OpenSSH test.  Upon failure, a diff between the expected and actual results
 # is shown, then the script immediately terminates.
 function run_openssh_test {
    openssh_version=$1
    test_number=$2
    run_test 'OpenSSH' $openssh_version $test_number ''
 }
 # Runs a TinySSH test.  Upon failure, a diff between the expected and actual results
 # is shown, then the script immediately terminates.
 function run_tinyssh_test {
    tinyssh_version=$1
    test_number=$2
    run_test 'TinySSH' $tinyssh_version $test_number ''
 }
 function run_test {
    server_type=$1
    version=$2
    test_number=$3
    options=$4
    server_exec=
    test_result=
    expected_result=
    test_name=
    if [[ $server_type == 'OpenSSH' ]]; then
 	server_exec="/openssh/sshd-${version} -D -f /etc/ssh/sshd_config-${version}_${test_number}"
 	test_result="${TEST_RESULT_DIR}/openssh_${version}_${test_number}.txt"
 	expected_result="test/docker/expected_results/openssh_${version}_${test_number}.txt"
 	test_name="OpenSSH ${version} ${test_number}"
 	options=
    elif [[ $server_type == 'Dropbear' ]]; then
 	server_exec="/dropbear/dropbear-${version} -F ${options}"
 	test_result="${TEST_RESULT_DIR}/dropbear_${version}_${test_number}.txt"
 	expected_result="test/docker/expected_results/dropbear_${version}_${test_number}.txt"
 	test_name="Dropbear ${version} ${test_number}"
    elif [[ $server_type == 'TinySSH' ]]; then
 	server_exec="/usr/bin/tcpserver -HRDl0 0.0.0.0 22 /tinysshd/tinyssh-20190101 -v /etc/tinyssh/"
 	test_result="${TEST_RESULT_DIR}/tinyssh_${version}_${test_number}.txt"
 	expected_result="test/docker/expected_results/tinyssh_${version}_${test_number}.txt"
 	test_name="TinySSH ${version} ${test_number}"
    fi
    cid=`docker run -d -p 2222:22 ${IMAGE_NAME}:${IMAGE_VERSION} ${server_exec}`
    if [[ $? != 0 ]]; then
 	echo -e "${REDB}Failed to run docker image! (exit code: $?)${CLR}"
 	exit 1
    fi
    ./ssh-audit.py localhost:2222 > $test_result
    if [[ $? != 0 ]]; then
 	echo -e "${REDB}Failed to run ssh-audit.py! (exit code: $?)${CLR}"
 	docker container stop $cid > /dev/null
 	exit 1
    fi
    docker container stop $cid > /dev/null
    if [[ $? != 0 ]]; then
       echo -e "${REDB}Failed to stop docker container ${cid}! (exit code: $?)${CLR}"
       exit 1
    fi
    # TinySSH outputs a random string in each banner, which breaks our test.  So
    # we need to filter out the banner part of the output so we get stable, repeatable
    # results.
    if [[ $server_type == 'TinySSH' ]]; then
 	grep -v "(gen) banner: " ${test_result} > "${test_result}.tmp"
 	mv "${test_result}.tmp" ${test_result}
    fi
    diff=`diff -u ${expected_result} ${test_result}`
    if [[ $? == 0 ]]; then
 	echo -e "${test_name} ${GREEN}passed${CLR}."
    else
 	echo -e "${test_name} ${REDB}FAILED${CLR}.\n\n${diff}\n"
 	exit 1
    fi
 }
 # First check if docker is functional.
 docker version > /dev/null
 if [[ $? != 0 ]]; then
    echo -e "${REDB}Error: 'docker version' command failed (error code: $?).  Is docker installed and functioning?${CLR}"
    exit 1
 fi
 # Check if the docker image is the most up-to-date version.  If not, create it.
 check_if_docker_image_exists
 if [[ $? == 0 ]]; then
    echo -e "\n${GREEN}Docker image $IMAGE_NAME:$IMAGE_VERSION already exists.${CLR}"
 else
    echo -e "\nCreating docker image $IMAGE_NAME:$IMAGE_VERSION..."
    create_docker_image
    echo -e "\n${GREEN}Done creating docker image!${CLR}"
 fi
 # Create a temporary directory to write test results to.
 TEST_RESULT_DIR=`mktemp -d /tmp/ssh-audit_test-results_XXXXXXXXXX`
 # Now run all the tests.
 echo -e "\nRunning tests..."
 run_openssh_test '4.0p1' 'test1'
 echo
 run_openssh_test '5.6p1' 'test1'
 run_openssh_test '5.6p1' 'test2'
 run_openssh_test '5.6p1' 'test3'
 run_openssh_test '5.6p1' 'test4'
 run_openssh_test '5.6p1' 'test5'
 echo
 run_openssh_test '8.0p1' 'test1'
 run_openssh_test '8.0p1' 'test2'
 run_openssh_test '8.0p1' 'test3'
 echo
 run_dropbear_test '2019.78' 'test1' '-r /etc/dropbear/dropbear_rsa_host_key_1024 -r /etc/dropbear/dropbear_dss_host_key -r /etc/dropbear/dropbear_ecdsa_host_key'
 echo
 run_tinyssh_test '20190101' 'test1'
 # The test functions above will terminate the script on failure, so if we reached here,
 # all tests are successful.
 echo -e "\n${GREENB}ALL TESTS PASS!${CLR}\n"
 rm -rf $TEST_RESULT_DIR
 exit 0
--- a/pypi/MANIFEST.in
+++ b/pypi/MANIFEST.in
@@ -0,0 +1 @@
 include sshaudit/LICENSE
--- a/pypi/Makefile
+++ b/pypi/Makefile
@@ -0,0 +1,14 @@
 all:
 	cp ../ssh-audit.py sshaudit/sshaudit.py
 	cp ../LICENSE sshaudit/LICENSE
 	cp ../README.md sshaudit/README.md
 	python3 setup.py sdist bdist_wheel
 uploadtest:
 	twine upload --repository-url https://test.pypi.org/legacy/ dist/*
 uploadprod:
 	twine upload dist/*
 clean:
 	rm -rf build/ dist/ *.egg-info/ sshaudit/sshaudit.py sshaudit/LICENSE sshaudit/README.md
--- a/pypi/setup.py
+++ b/pypi/setup.py
@@ -0,0 +1,38 @@
 # -*- coding: utf-8 -*-
 import re
 from setuptools import setup
 version = re.search('^VERSION\s*=\s*\'v(\d\.\d\.\d)\'', open('sshaudit/sshaudit.py').read(), re.M).group(1)
 print("\n\nPackaging ssh-audit v%s...\n\n" % version)
 with open("sshaudit/README.md", "rb") as f:
    long_descr = f.read().decode("utf-8")
 setup(
    name = "ssh-audit",
    packages = ["sshaudit"],
    license = 'MIT',
    entry_points = {
        "console_scripts": ['ssh-audit = sshaudit.sshaudit:main']
    },
    version = version,
    description = "An SSH server configuration security auditing tool",
    long_description = long_descr,
    long_description_content_type = "text/markdown",
    author = "Joe Testa",
    author_email = "jtesta@positronsecurity.com",
    url = "https://github.com/jtesta/ssh-audit",
    classifiers = [
        "Development Status :: 5 - Production/Stable",
        "Intended Audience :: Information Technology",
        "Intended Audience :: System Administrators",
        "License :: OSI Approved :: MIT License",
        "Operating System :: OS Independent",
        "Programming Language :: Python :: 3",
        "Topic :: Security",
        "Topic :: Security :: Cryptography"
    ])
--- a/pypi/sshaudit/init.py
+++ b/pypi/sshaudit/init.py
--- a/pypi/sshaudit/main.py
+++ b/pypi/sshaudit/main.py
@@ -0,0 +1,4 @@
 # -*- coding: utf-8 -*-
 from .sshaudit import main
 main()
--- a/ssh-audit.py
+++ b/ssh-audit.py
--- a/test/conftest.py
+++ b/test/conftest.py
@@ -40,6 +40,41 @@ def output_spy():
 	return _OutputSpy()
 class _VirtualGlobalSocket(object):
 	def __init__(self, vsocket):
 		self.vsocket = vsocket
 		self.addrinfodata = {}
 	# pylint: disable=unused-argument
 	def create_connection(self, address, timeout=0, source_address=None):
 		# pylint: disable=protected-access
 		return self.vsocket._connect(address, True)
 	# pylint: disable=unused-argument
 	def socket(self,
 	           family=socket.AF_INET,
 	           socktype=socket.SOCK_STREAM,
 	           proto=0,
 	           fileno=None):
 		return self.vsocket
 	def getaddrinfo(self, host, port, family=0, socktype=0, proto=0, flags=0):
 		key = '{0}#{1}'.format(host, port)
 		if key in self.addrinfodata:
 			data = self.addrinfodata[key]
 			if isinstance(data, Exception):
 				raise data
 			return data
 		if host == 'localhost':
 			r = []
 			if family in (0, socket.AF_INET):
 				r.append((socket.AF_INET, 1, 6, '', ('127.0.0.1', port)))
 			if family in (0, socket.AF_INET6):
 				r.append((socket.AF_INET6, 1, 6, '', ('::1', port)))
 			return r
 		return []
 class _VirtualSocket(object):
 	def __init__(self):
 		self.sock_address = ('127.0.0.1', 0)
@@ -49,6 +84,7 @@ class _VirtualSocket(object):
 		self.rdata = []
 		self.sdata = []
 		self.errors = {}
 		self.gsock = _VirtualGlobalSocket(self)
 	def _check_err(self, method):
 		method_error = self.errors.get(method)
@@ -113,18 +149,8 @@ class _VirtualSocket(object):
@pytest.fixture()
 def virtual_socket(monkeypatch):
 	vsocket = _VirtualSocket()
-	
+	gsock = vsocket.gsock
-	# pylint: disable=unused-argument
+	monkeypatch.setattr(socket, 'create_connection', gsock.create_connection)
-	def _socket(family=socket.AF_INET,
+	monkeypatch.setattr(socket, 'socket', gsock.socket)
-	            socktype=socket.SOCK_STREAM,
+	monkeypatch.setattr(socket, 'getaddrinfo', gsock.getaddrinfo)
 	            proto=0,
 	            fileno=None):
 		return vsocket
 	def _cc(address, timeout=0, source_address=None):
 		# pylint: disable=protected-access
 		return vsocket._connect(address, True)
 	monkeypatch.setattr(socket, 'create_connection', _cc)
 	monkeypatch.setattr(socket, 'socket', _socket)
 	return vsocket
--- a/test/coverage.sh
+++ b/test/coverage.sh
@@ -1,10 +0,0 @@
 #!/bin/sh
 _cdir=$(cd -- "$(dirname "$0")" && pwd)
 type py.test > /dev/null 2>&1
 if [ $? -ne 0 ]; then
 	echo "err: py.test (Python testing framework) not found."
 	exit 1
 fi
 cd -- "${_cdir}/.."
 mkdir -p html
 py.test -v --cov-report=html:html/coverage --cov=ssh-audit test
--- a/test/docker/.ed25519.sk
+++ b/test/docker/.ed25519.sk
@@ -0,0 +1 @@
 iܛ<EFBFBD><EFBFBD><EFBFBD><1C><><EFBFBD>V<EFBFBD>违<EFBFBD>Z/D<><<3C><>|S<>z<EFBFBD>=<3D>:<3A>1vu}<7D><><11>J<EFBFBD>ݷ<EFBFBD><DDB7>"<22>^Bb&U<><03>P<EFBFBD><50>
--- a/test/docker/Dockerfile
+++ b/test/docker/Dockerfile
@@ -0,0 +1,32 @@
 FROM ubuntu:16.04
 COPY openssh-4.0p1/sshd /openssh/sshd-4.0p1
 COPY openssh-5.6p1/sshd /openssh/sshd-5.6p1
 COPY openssh-8.0p1/sshd /openssh/sshd-8.0p1
 COPY dropbear-2019.78/dropbear /dropbear/dropbear-2019.78
 COPY tinyssh-20190101/build/bin/tinysshd /tinysshd/tinyssh-20190101
 # Dropbear host keys.
 COPY dropbear_*_host_key* /etc/dropbear/
 # OpenSSH configs.
 COPY sshd_config* /etc/ssh/
 # OpenSSH host keys & moduli file.
 COPY ssh_host_* /etc/ssh/
 COPY ssh1_host_* /etc/ssh/
 COPY moduli_1024 /usr/local/etc/moduli
 # TinySSH host keys.
 COPY ed25519.pk /etc/tinyssh/
 COPY .ed25519.sk /etc/tinyssh/
 COPY debug.sh /debug.sh
 RUN apt update 2> /dev/null
 RUN apt install -y libssl-dev strace rsyslog ucspi-tcp 2> /dev/null
 RUN apt clean 2> /dev/null
 RUN useradd -s /bin/false sshd
 RUN mkdir /var/empty
 EXPOSE 22
--- a/test/docker/debug.sh
+++ b/test/docker/debug.sh
@@ -0,0 +1,9 @@
 #!/bin/bash
 # This script is run on in docker container.  It will enable logging for sshd in
 # /var/log/auth.log.
 /etc/init.d/rsyslog start
 sleep 1
 /openssh/sshd-5.6p1 -o LogLevel=DEBUG3 -f /etc/ssh/sshd_config-5.6p1_test1
 /bin/bash
--- a/test/docker/dropbear_dss_host_key
+++ b/test/docker/dropbear_dss_host_key
--- a/test/docker/dropbear_ecdsa_host_key
+++ b/test/docker/dropbear_ecdsa_host_key
--- a/test/docker/dropbear_rsa_host_key_1024
+++ b/test/docker/dropbear_rsa_host_key_1024
--- a/test/docker/dropbear_rsa_host_key_3072
+++ b/test/docker/dropbear_rsa_host_key_3072
--- a/test/docker/ed25519.pk
+++ b/test/docker/ed25519.pk
@@ -0,0 +1 @@
 1vu}<7D><><11>J<EFBFBD>ݷ<EFBFBD><DDB7>"<22>^Bb&U<><03>P<EFBFBD><50>
--- a/test/docker/expected_results/dropbear_2019.78_test1.txt
+++ b/test/docker/expected_results/dropbear_2019.78_test1.txt
@@ -0,0 +1,85 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-dropbear_2019.78[0m
 [0;32m(gen) software: Dropbear SSH 2019.78[0m
 [0;32m(gen) compatibility: OpenSSH 7.4+ (some functionality from 6.6), Dropbear SSH 2018.76+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m
 [0;36m# key exchange algorithms[0m
 [0;32m(kex) curve25519-sha256              -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m(kex) curve25519-sha256@libssh.org   -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
 [0;31m(kex) ecdh-sha2-nistp521             -- [fail] using weak elliptic curves[0m
                                     `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;31m(kex) ecdh-sha2-nistp384             -- [fail] using weak elliptic curves[0m
                                     `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;31m(kex) ecdh-sha2-nistp256             -- [fail] using weak elliptic curves[0m
                                     `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;32m(kex) diffie-hellman-group14-sha256  -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73[0m
 [0;33m(kex) diffie-hellman-group14-sha1    -- [warn] using weak hashing algorithm[0m
                                     `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;32m(kex) kexguess2@matt.ucc.asn.au      -- [info] available since Dropbear SSH 2013.57[0m
 [0;36m# host-key algorithms[0m
 [0;31m(key) ecdsa-sha2-nistp256            -- [fail] using weak elliptic curves[0m
 [0;33m                                     `- [warn] using weak random number generator could reveal the key[0m
                                     `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;31m(key) ssh-rsa (1024-bit)             -- [fail] using small 1024-bit modulus[0m
                                     `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
 [0;31m(key) ssh-dss                        -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
 [0;33m                                     `- [warn] using small 1024-bit modulus[0m
 [0;33m                                     `- [warn] using weak random number generator could reveal the key[0m
                                     `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) aes128-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes256-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;31m(enc) aes128-cbc                     -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                     `- [warn] using weak cipher mode[0m
                                     `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;31m(enc) aes256-cbc                     -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                     `- [warn] using weak cipher mode[0m
                                     `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
 [0;31m(enc) 3des-ctr                       -- [fail] using weak cipher[0m
                                     `- [info] available since Dropbear SSH 0.52
 [0;31m(enc) 3des-cbc                       -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                     `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm[0m
 [0;33m                                     `- [warn] using weak cipher[0m
 [0;33m                                     `- [warn] using weak cipher mode[0m
 [0;33m                                     `- [warn] using small 64-bit block size[0m
                                     `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;36m# message authentication code algorithms[0m
 [0;31m(mac) hmac-sha1-96                   -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                     `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                     `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                     `- [warn] using weak hashing algorithm[0m
                                     `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
 [0;33m(mac) hmac-sha1                      -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                     `- [warn] using weak hashing algorithm[0m
                                     `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) hmac-sha2-256                  -- [warn] using encrypt-and-MAC mode[0m
                                     `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-rsa: SHA256:CDfAU12pjQS7/91kg7gYacza0U/6PDbE04Ic3IpYxkM[0m
 [0;36m# algorithm recommendations (for Dropbear SSH 2019.78)[0m
 [0;31m(rec) !ssh-rsa                       -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) -3des-cbc                      -- enc algorithm to remove [0m
 [0;31m(rec) -3des-ctr                      -- enc algorithm to remove [0m
 [0;31m(rec) -aes128-cbc                    -- enc algorithm to remove [0m
 [0;31m(rec) -aes256-cbc                    -- enc algorithm to remove [0m
 [0;31m(rec) -ecdh-sha2-nistp256            -- kex algorithm to remove [0m
 [0;31m(rec) -ecdh-sha2-nistp384            -- kex algorithm to remove [0m
 [0;31m(rec) -ecdh-sha2-nistp521            -- kex algorithm to remove [0m
 [0;31m(rec) -ecdsa-sha2-nistp256           -- key algorithm to remove [0m
 [0;31m(rec) -hmac-sha1-96                  -- mac algorithm to remove [0m
 [0;31m(rec) -ssh-dss                       -- key algorithm to remove [0m
 [0;32m(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append [0m
 [0;32m(rec) +twofish128-ctr                -- enc algorithm to append [0m
 [0;32m(rec) +twofish256-ctr                -- enc algorithm to append [0m
 [0;33m(rec) -diffie-hellman-group14-sha1   -- kex algorithm to remove [0m
 [0;33m(rec) -hmac-sha1                     -- mac algorithm to remove [0m
 [0;36m# additional info[0m
 [0;33m(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>[0m
--- a/test/docker/expected_results/openssh_4.0p1_test1.txt
+++ b/test/docker/expected_results/openssh_4.0p1_test1.txt
@@ -0,0 +1,139 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-1.99-OpenSSH_4.0[0m
 [0;31m(gen) protocol SSH1 enabled[0m
 [0;32m(gen) software: OpenSSH 4.0[0m
 [0;32m(gen) compatibility: OpenSSH 3.9-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib)[0m
 [0;36m# security[0m
 [0;33m(cve) CVE-2016-3115                       -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2014-1692                       -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
 [0;33m(cve) CVE-2012-0814                       -- (CVSSv2: 3.5) leak data via debug messages[0m
 [0;33m(cve) CVE-2011-5000                       -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
 [0;33m(cve) CVE-2010-5107                       -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
 [0;33m(cve) CVE-2010-4755                       -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
 [0;33m(cve) CVE-2010-4478                       -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
 [0;33m(cve) CVE-2008-5161                       -- (CVSSv2: 2.6) recover plaintext data from ciphertext[0m
 [0;33m(cve) CVE-2008-4109                       -- (CVSSv2: 5.0) cause DoS via multiple login attempts (slot exhaustion)[0m
 [0;33m(cve) CVE-2008-1657                       -- (CVSSv2: 6.5) bypass command restrictions via modifying session file[0m
 [0;33m(cve) CVE-2008-1483                       -- (CVSSv2: 6.9) hijack forwarded X11 connections[0m
 [0;33m(cve) CVE-2007-4752                       -- (CVSSv2: 7.5) privilege escalation via causing an X client to be trusted[0m
 [0;33m(cve) CVE-2007-2243                       -- (CVSSv2: 5.0) discover valid usernames through different responses[0m
 [0;33m(cve) CVE-2006-5052                       -- (CVSSv2: 5.0) discover valid usernames through different responses[0m
 [0;31m(cve) CVE-2006-5051                       -- (CVSSv2: 9.3) cause DoS or execute arbitrary code (double free)[0m
 [0;33m(cve) CVE-2006-4924                       -- (CVSSv2: 7.8) cause DoS via crafted packet (CPU consumption)[0m
 [0;33m(cve) CVE-2006-0225                       -- (CVSSv2: 4.6) execute arbitrary code[0m
 [0;33m(cve) CVE-2005-2798                       -- (CVSSv2: 5.0) leak data about authentication credentials[0m
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
 [0;33m                                                    `- [warn] using weak hashing algorithm[0m
                                                    `- [info] available since OpenSSH 2.3.0
 [0;33m(kex) diffie-hellman-group14-sha1         -- [warn] using weak hashing algorithm[0m
                                          `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;31m(kex) diffie-hellman-group1-sha1          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                          `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack[0m
 [0;33m                                          `- [warn] using small 1024-bit modulus[0m
 [0;33m                                          `- [warn] using weak hashing algorithm[0m
                                          `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;36m# host-key algorithms[0m
 [0;31m(key) ssh-rsa (1024-bit)                  -- [fail] using small 1024-bit modulus[0m
                                          `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
 [0;31m(key) ssh-dss                             -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
 [0;33m                                          `- [warn] using small 1024-bit modulus[0m
 [0;33m                                          `- [warn] using weak random number generator could reveal the key[0m
                                          `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;36m# encryption algorithms (ciphers)[0m
 [0;31m(enc) aes128-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] using weak cipher mode[0m
                                          `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;31m(enc) 3des-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm[0m
 [0;33m                                          `- [warn] using weak cipher[0m
 [0;33m                                          `- [warn] using weak cipher mode[0m
 [0;33m                                          `- [warn] using small 64-bit block size[0m
                                          `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) blowfish-cbc                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                          `- [fail] disabled since Dropbear SSH 0.53[0m
 [0;33m                                          `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                          `- [warn] using weak cipher mode[0m
 [0;33m                                          `- [warn] using small 64-bit block size[0m
                                          `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) cast128-cbc                         -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                          `- [warn] using weak cipher mode[0m
 [0;33m                                          `- [warn] using small 64-bit block size[0m
                                          `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) arcfour                             -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                          `- [warn] using weak cipher[0m
                                          `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) aes192-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] using weak cipher mode[0m
                                          `- [info] available since OpenSSH 2.3.0
 [0;31m(enc) aes256-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] using weak cipher mode[0m
                                          `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
 [0;31m(enc) rijndael-cbc@lysator.liu.se         -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                          `- [warn] using weak cipher mode[0m
                                          `- [info] available since OpenSSH 2.3.0
 [0;32m(enc) aes128-ctr                          -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes192-ctr                          -- [info] available since OpenSSH 3.7[0m
 [0;32m(enc) aes256-ctr                          -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;36m# message authentication code algorithms[0m
 [0;31m(mac) hmac-md5                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                          `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                          `- [warn] using weak hashing algorithm[0m
                                          `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) hmac-sha1                           -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                          `- [warn] using weak hashing algorithm[0m
                                          `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;31m(mac) hmac-ripemd160                      -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                          `- [warn] using encrypt-and-MAC mode[0m
                                          `- [info] available since OpenSSH 2.5.0
 [0;31m(mac) hmac-ripemd160@openssh.com          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                          `- [warn] using encrypt-and-MAC mode[0m
                                          `- [info] available since OpenSSH 2.1.0
 [0;31m(mac) hmac-sha1-96                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                          `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                          `- [warn] using weak hashing algorithm[0m
                                          `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
 [0;31m(mac) hmac-md5-96                         -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                          `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                          `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                          `- [warn] using weak hashing algorithm[0m
                                          `- [info] available since OpenSSH 2.5.0
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4[0m
 [0;36m# algorithm recommendations (for OpenSSH 4.0)[0m
 [0;31m(rec) !ssh-rsa                            -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) -3des-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes128-cbc                         -- enc algorithm to remove [0m
 [0;31m(rec) -aes192-cbc                         -- enc algorithm to remove [0m
 [0;31m(rec) -aes256-cbc                         -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour                            -- enc algorithm to remove [0m
 [0;31m(rec) -blowfish-cbc                       -- enc algorithm to remove [0m
 [0;31m(rec) -cast128-cbc                        -- enc algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group1-sha1         -- kex algorithm to remove [0m
 [0;31m(rec) -hmac-md5                           -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-md5-96                        -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160                     -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160@openssh.com         -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-sha1-96                       -- mac algorithm to remove [0m
 [0;31m(rec) -rijndael-cbc@lysator.liu.se        -- enc algorithm to remove [0m
 [0;31m(rec) -ssh-dss                            -- key algorithm to remove [0m
 [0;36m# additional info[0m
 [0;33m(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>[0m
--- a/test/docker/expected_results/openssh_5.6p1_test1.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test1.txt
@@ -0,0 +1,148 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_5.6[0m
 [0;32m(gen) software: OpenSSH 5.6[0m
 [0;32m(gen) compatibility: OpenSSH 4.7-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m
 [0;36m# security[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
 [0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
 [0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
 [0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
 [0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
 [0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
 [0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
 [0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
 [0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
 [0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
 [0;33m                                                    `- [warn] using weak hashing algorithm[0m
                                                    `- [info] available since OpenSSH 2.3.0
 [0;33m(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;31m(kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                            `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack[0m
 [0;33m                                            `- [warn] using small 1024-bit modulus[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;36m# host-key algorithms[0m
 [0;31m(key) ssh-rsa (1024-bit)                    -- [fail] using small 1024-bit modulus[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
 [0;31m(key) ssh-dss                               -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
 [0;33m                                            `- [warn] using small 1024-bit modulus[0m
 [0;33m                                            `- [warn] using weak random number generator could reveal the key[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7[0m
 [0;32m(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;31m(enc) arcfour256                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 4.2
 [0;31m(enc) arcfour128                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 4.2
 [0;31m(enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;31m(enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                            `- [fail] disabled since Dropbear SSH 0.53[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
 [0;31m(enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
 [0;31m(enc) arcfour                               -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) rijndael-cbc@lysator.liu.se           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
 [0;36m# message authentication code algorithms[0m
 [0;31m(mac) hmac-md5                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using small 64-bit tag size[0m
                                            `- [info] available since OpenSSH 4.7
 [0;31m(mac) hmac-ripemd160                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.5.0
 [0;31m(mac) hmac-ripemd160@openssh.com            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(mac) hmac-sha1-96                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
 [0;31m(mac) hmac-md5-96                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4[0m
 [0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
 [0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) !ssh-rsa                              -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) -3des-cbc                             -- enc algorithm to remove [0m
 [0;31m(rec) -aes128-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes192-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes256-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour                              -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour128                           -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour256                           -- enc algorithm to remove [0m
 [0;31m(rec) -blowfish-cbc                         -- enc algorithm to remove [0m
 [0;31m(rec) -cast128-cbc                          -- enc algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove [0m
 [0;31m(rec) -hmac-md5                             -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-md5-96                          -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160                       -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160@openssh.com           -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-sha1-96                         -- mac algorithm to remove [0m
 [0;31m(rec) -rijndael-cbc@lysator.liu.se          -- enc algorithm to remove [0m
 [0;31m(rec) -ssh-dss                              -- key algorithm to remove [0m
 [0;33m(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove [0m
 [0;36m# additional info[0m
 [0;33m(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>[0m
--- a/test/docker/expected_results/openssh_5.6p1_test2.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test2.txt
@@ -0,0 +1,146 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_5.6[0m
 [0;32m(gen) software: OpenSSH 5.6[0m
 [0;32m(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m
 [0;36m# security[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
 [0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
 [0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
 [0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
 [0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
 [0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
 [0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
 [0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
 [0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
 [0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
 [0;33m                                                    `- [warn] using weak hashing algorithm[0m
                                                    `- [info] available since OpenSSH 2.3.0
 [0;33m(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;31m(kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                            `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack[0m
 [0;33m                                            `- [warn] using small 1024-bit modulus[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;36m# host-key algorithms[0m
 [0;31m(key) ssh-rsa (1024-bit)                    -- [fail] using small 1024-bit modulus[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
 [0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus[0m
                                                               `- [info] available since OpenSSH 5.6
 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7[0m
 [0;32m(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;31m(enc) arcfour256                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 4.2
 [0;31m(enc) arcfour128                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 4.2
 [0;31m(enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;31m(enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                            `- [fail] disabled since Dropbear SSH 0.53[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
 [0;31m(enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
 [0;31m(enc) arcfour                               -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) rijndael-cbc@lysator.liu.se           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
 [0;36m# message authentication code algorithms[0m
 [0;31m(mac) hmac-md5                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using small 64-bit tag size[0m
                                            `- [info] available since OpenSSH 4.7
 [0;31m(mac) hmac-ripemd160                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.5.0
 [0;31m(mac) hmac-ripemd160@openssh.com            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(mac) hmac-sha1-96                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
 [0;31m(mac) hmac-md5-96                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4[0m
 [0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
 [0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) !ssh-rsa                              -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) !ssh-rsa-cert-v01@openssh.com         -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) -3des-cbc                             -- enc algorithm to remove [0m
 [0;31m(rec) -aes128-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes192-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes256-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour                              -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour128                           -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour256                           -- enc algorithm to remove [0m
 [0;31m(rec) -blowfish-cbc                         -- enc algorithm to remove [0m
 [0;31m(rec) -cast128-cbc                          -- enc algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove [0m
 [0;31m(rec) -hmac-md5                             -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-md5-96                          -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160                       -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160@openssh.com           -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-sha1-96                         -- mac algorithm to remove [0m
 [0;31m(rec) -rijndael-cbc@lysator.liu.se          -- enc algorithm to remove [0m
 [0;33m(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove [0m
 [0;36m# additional info[0m
 [0;33m(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>[0m
--- a/test/docker/expected_results/openssh_5.6p1_test3.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test3.txt
@@ -0,0 +1,146 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_5.6[0m
 [0;32m(gen) software: OpenSSH 5.6[0m
 [0;32m(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m
 [0;36m# security[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
 [0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
 [0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
 [0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
 [0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
 [0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
 [0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
 [0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
 [0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
 [0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
 [0;33m                                                    `- [warn] using weak hashing algorithm[0m
                                                    `- [info] available since OpenSSH 2.3.0
 [0;33m(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;31m(kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                            `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack[0m
 [0;33m                                            `- [warn] using small 1024-bit modulus[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;36m# host-key algorithms[0m
 [0;31m(key) ssh-rsa (1024-bit)                    -- [fail] using small 1024-bit modulus[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
 [0;31m(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using small 1024-bit modulus[0m
                                                               `- [info] available since OpenSSH 5.6
 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7[0m
 [0;32m(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;31m(enc) arcfour256                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 4.2
 [0;31m(enc) arcfour128                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 4.2
 [0;31m(enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;31m(enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                            `- [fail] disabled since Dropbear SSH 0.53[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
 [0;31m(enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
 [0;31m(enc) arcfour                               -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) rijndael-cbc@lysator.liu.se           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
 [0;36m# message authentication code algorithms[0m
 [0;31m(mac) hmac-md5                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using small 64-bit tag size[0m
                                            `- [info] available since OpenSSH 4.7
 [0;31m(mac) hmac-ripemd160                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.5.0
 [0;31m(mac) hmac-ripemd160@openssh.com            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(mac) hmac-sha1-96                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
 [0;31m(mac) hmac-md5-96                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4[0m
 [0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
 [0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) !ssh-rsa                              -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) !ssh-rsa-cert-v01@openssh.com         -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) -3des-cbc                             -- enc algorithm to remove [0m
 [0;31m(rec) -aes128-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes192-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes256-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour                              -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour128                           -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour256                           -- enc algorithm to remove [0m
 [0;31m(rec) -blowfish-cbc                         -- enc algorithm to remove [0m
 [0;31m(rec) -cast128-cbc                          -- enc algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove [0m
 [0;31m(rec) -hmac-md5                             -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-md5-96                          -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160                       -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160@openssh.com           -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-sha1-96                         -- mac algorithm to remove [0m
 [0;31m(rec) -rijndael-cbc@lysator.liu.se          -- enc algorithm to remove [0m
 [0;33m(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove [0m
 [0;36m# additional info[0m
 [0;33m(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>[0m
--- a/test/docker/expected_results/openssh_5.6p1_test4.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test4.txt
@@ -0,0 +1,144 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_5.6[0m
 [0;32m(gen) software: OpenSSH 5.6[0m
 [0;32m(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m
 [0;36m# security[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
 [0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
 [0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
 [0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
 [0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
 [0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
 [0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
 [0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
 [0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
 [0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
 [0;33m                                                    `- [warn] using weak hashing algorithm[0m
                                                    `- [info] available since OpenSSH 2.3.0
 [0;33m(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;31m(kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                            `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack[0m
 [0;33m                                            `- [warn] using small 1024-bit modulus[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;36m# host-key algorithms[0m
 [0;32m(key) ssh-rsa (3072-bit)                    -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28[0m
 [0;31m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus[0m
                                                               `- [info] available since OpenSSH 5.6
 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7[0m
 [0;32m(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;31m(enc) arcfour256                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 4.2
 [0;31m(enc) arcfour128                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 4.2
 [0;31m(enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;31m(enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                            `- [fail] disabled since Dropbear SSH 0.53[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
 [0;31m(enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
 [0;31m(enc) arcfour                               -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) rijndael-cbc@lysator.liu.se           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
 [0;36m# message authentication code algorithms[0m
 [0;31m(mac) hmac-md5                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using small 64-bit tag size[0m
                                            `- [info] available since OpenSSH 4.7
 [0;31m(mac) hmac-ripemd160                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.5.0
 [0;31m(mac) hmac-ripemd160@openssh.com            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(mac) hmac-sha1-96                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
 [0;31m(mac) hmac-md5-96                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244[0m
 [0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
 [0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) !ssh-rsa-cert-v01@openssh.com         -- key algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) -3des-cbc                             -- enc algorithm to remove [0m
 [0;31m(rec) -aes128-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes192-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes256-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour                              -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour128                           -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour256                           -- enc algorithm to remove [0m
 [0;31m(rec) -blowfish-cbc                         -- enc algorithm to remove [0m
 [0;31m(rec) -cast128-cbc                          -- enc algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove [0m
 [0;31m(rec) -hmac-md5                             -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-md5-96                          -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160                       -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160@openssh.com           -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-sha1-96                         -- mac algorithm to remove [0m
 [0;31m(rec) -rijndael-cbc@lysator.liu.se          -- enc algorithm to remove [0m
 [0;33m(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove [0m
 [0;36m# additional info[0m
 [0;33m(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>[0m
--- a/test/docker/expected_results/openssh_5.6p1_test5.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test5.txt
@@ -0,0 +1,142 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_5.6[0m
 [0;32m(gen) software: OpenSSH 5.6[0m
 [0;32m(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m
 [0;36m# security[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
 [0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
 [0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
 [0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
 [0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
 [0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
 [0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
 [0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
 [0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
 [0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
 [0;33m                                                    `- [warn] using weak hashing algorithm[0m
                                                    `- [info] available since OpenSSH 2.3.0
 [0;33m(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;31m(kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                            `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack[0m
 [0;33m                                            `- [warn] using small 1024-bit modulus[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;36m# host-key algorithms[0m
 [0;32m(key) ssh-rsa (3072-bit)                    -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28[0m
 [0;32m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [info] available since OpenSSH 5.6[0m
 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7[0m
 [0;32m(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;31m(enc) arcfour256                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 4.2
 [0;31m(enc) arcfour128                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 4.2
 [0;31m(enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
 [0;31m(enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;31m                                            `- [fail] disabled since Dropbear SSH 0.53[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
 [0;31m(enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
 [0;33m                                            `- [warn] using small 64-bit block size[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
 [0;31m(enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
 [0;31m(enc) arcfour                               -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(enc) rijndael-cbc@lysator.liu.se           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using weak cipher mode[0m
                                            `- [info] available since OpenSSH 2.3.0
 [0;36m# message authentication code algorithms[0m
 [0;31m(mac) hmac-md5                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;33m(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using small 64-bit tag size[0m
                                            `- [info] available since OpenSSH 4.7
 [0;31m(mac) hmac-ripemd160                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.5.0
 [0;31m(mac) hmac-ripemd160@openssh.com            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 2.1.0
 [0;31m(mac) hmac-sha1-96                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
 [0;31m(mac) hmac-md5-96                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm[0m
 [0;33m                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm[0m
 [0;33m                                            `- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244[0m
 [0;36m# algorithm recommendations (for OpenSSH 5.6)[0m
 [0;31m(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) [0m
 [0;31m(rec) -3des-cbc                             -- enc algorithm to remove [0m
 [0;31m(rec) -aes128-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes192-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -aes256-cbc                           -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour                              -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour128                           -- enc algorithm to remove [0m
 [0;31m(rec) -arcfour256                           -- enc algorithm to remove [0m
 [0;31m(rec) -blowfish-cbc                         -- enc algorithm to remove [0m
 [0;31m(rec) -cast128-cbc                          -- enc algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove [0m
 [0;31m(rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove [0m
 [0;31m(rec) -hmac-md5                             -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-md5-96                          -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160                       -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-ripemd160@openssh.com           -- mac algorithm to remove [0m
 [0;31m(rec) -hmac-sha1-96                         -- mac algorithm to remove [0m
 [0;31m(rec) -rijndael-cbc@lysator.liu.se          -- enc algorithm to remove [0m
 [0;33m(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove [0m
 [0;36m# additional info[0m
 [0;33m(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>[0m
--- a/test/docker/expected_results/openssh_8.0p1_test1.txt
+++ b/test/docker/expected_results/openssh_8.0p1_test1.txt
@@ -0,0 +1,82 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_8.0[0m
 [0;32m(gen) software: OpenSSH 8.0[0m
 [0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m
 [0;36m# key exchange algorithms[0m
 [0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
 [0;31m(kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;31m(kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;31m(kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;32m(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4[0m
 [0;32m(kex) diffie-hellman-group16-sha512         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73[0m
 [0;32m(kex) diffie-hellman-group18-sha512         -- [info] available since OpenSSH 7.3[0m
 [0;32m(kex) diffie-hellman-group14-sha256         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73[0m
 [0;33m(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;36m# host-key algorithms[0m
 [0;32m(key) rsa-sha2-512 (3072-bit)               -- [info] available since OpenSSH 7.2[0m
 [0;32m(key) rsa-sha2-256 (3072-bit)               -- [info] available since OpenSSH 7.2[0m
 [0;32m(key) ssh-rsa (3072-bit)                    -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28[0m
 [0;31m(key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves[0m
 [0;33m                                            `- [warn] using weak random number generator could reveal the key[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;32m(key) ssh-ed25519                           -- [info] available since OpenSSH 6.5[0m
 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5[0m
                                            `- [info] default cipher since OpenSSH 6.9.
 [0;32m(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7[0m
 [0;32m(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2[0m
 [0;32m(enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2[0m
 [0;36m# message authentication code algorithms[0m
 [0;33m(mac) umac-64-etm@openssh.com               -- [warn] using small 64-bit tag size[0m
                                            `- [info] available since OpenSSH 6.2
 [0;32m(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2[0m
 [0;32m(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2[0m
 [0;32m(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2[0m
 [0;33m(mac) hmac-sha1-etm@openssh.com             -- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 6.2
 [0;33m(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using small 64-bit tag size[0m
                                            `- [info] available since OpenSSH 4.7
 [0;33m(mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 6.2
 [0;33m(mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
 [0;33m(mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
 [0;33m(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU[0m
 [0;32m(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244[0m
 [0;36m# algorithm recommendations (for OpenSSH 8.0)[0m
 [0;31m(rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove [0m
 [0;31m(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove [0m
 [0;31m(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove [0m
 [0;31m(rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove [0m
 [0;33m(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove [0m
 [0;33m(rec) -hmac-sha1                            -- mac algorithm to remove [0m
 [0;33m(rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove [0m
 [0;33m(rec) -hmac-sha2-256                        -- mac algorithm to remove [0m
 [0;33m(rec) -hmac-sha2-512                        -- mac algorithm to remove [0m
 [0;33m(rec) -umac-128@openssh.com                 -- mac algorithm to remove [0m
 [0;33m(rec) -umac-64-etm@openssh.com              -- mac algorithm to remove [0m
 [0;33m(rec) -umac-64@openssh.com                  -- mac algorithm to remove [0m
 [0;36m# additional info[0m
 [0;33m(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>[0m
--- a/test/docker/expected_results/openssh_8.0p1_test2.txt
+++ b/test/docker/expected_results/openssh_8.0p1_test2.txt
@@ -0,0 +1,78 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_8.0[0m
 [0;32m(gen) software: OpenSSH 8.0[0m
 [0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m
 [0;36m# key exchange algorithms[0m
 [0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
 [0;31m(kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;31m(kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;31m(kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 [0;32m(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4[0m
 [0;32m(kex) diffie-hellman-group16-sha512         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73[0m
 [0;32m(kex) diffie-hellman-group18-sha512         -- [info] available since OpenSSH 7.3[0m
 [0;32m(kex) diffie-hellman-group14-sha256         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73[0m
 [0;33m(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;36m# host-key algorithms[0m
 [0;32m(key) ssh-ed25519                           -- [info] available since OpenSSH 6.5[0m
 [0;32m(key) ssh-ed25519-cert-v01@openssh.com      -- [info] available since OpenSSH 6.5[0m
 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5[0m
                                            `- [info] default cipher since OpenSSH 6.9.
 [0;32m(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7[0m
 [0;32m(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2[0m
 [0;32m(enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2[0m
 [0;36m# message authentication code algorithms[0m
 [0;33m(mac) umac-64-etm@openssh.com               -- [warn] using small 64-bit tag size[0m
                                            `- [info] available since OpenSSH 6.2
 [0;32m(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2[0m
 [0;32m(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2[0m
 [0;32m(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2[0m
 [0;33m(mac) hmac-sha1-etm@openssh.com             -- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 6.2
 [0;33m(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using small 64-bit tag size[0m
                                            `- [info] available since OpenSSH 4.7
 [0;33m(mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 6.2
 [0;33m(mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
 [0;33m(mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode[0m
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
 [0;33m(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode[0m
 [0;33m                                            `- [warn] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU[0m
 [0;36m# algorithm recommendations (for OpenSSH 8.0)[0m
 [0;31m(rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove [0m
 [0;31m(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove [0m
 [0;31m(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove [0m
 [0;32m(rec) +rsa-sha2-256                         -- key algorithm to append [0m
 [0;32m(rec) +rsa-sha2-512                         -- key algorithm to append [0m
 [0;32m(rec) +ssh-rsa                              -- key algorithm to append [0m
 [0;33m(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove [0m
 [0;33m(rec) -hmac-sha1                            -- mac algorithm to remove [0m
 [0;33m(rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove [0m
 [0;33m(rec) -hmac-sha2-256                        -- mac algorithm to remove [0m
 [0;33m(rec) -hmac-sha2-512                        -- mac algorithm to remove [0m
 [0;33m(rec) -umac-128@openssh.com                 -- mac algorithm to remove [0m
 [0;33m(rec) -umac-64-etm@openssh.com              -- mac algorithm to remove [0m
 [0;33m(rec) -umac-64@openssh.com                  -- mac algorithm to remove [0m
 [0;36m# additional info[0m
 [0;33m(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>[0m
--- a/test/docker/expected_results/openssh_8.0p1_test3.txt
+++ b/test/docker/expected_results/openssh_8.0p1_test3.txt
@@ -0,0 +1,39 @@
 [0;36m# general[0m
 [0;32m(gen) banner: SSH-2.0-OpenSSH_8.0[0m
 [0;32m(gen) software: OpenSSH 8.0[0m
 [0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m
 [0;36m# key exchange algorithms[0m
 [0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
 [0;32m(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4[0m
 [0;36m# host-key algorithms[0m
 [0;32m(key) ssh-ed25519                           -- [info] available since OpenSSH 6.5[0m
 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5[0m
                                            `- [info] default cipher since OpenSSH 6.9.
 [0;32m(enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2[0m
 [0;32m(enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2[0m
 [0;32m(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;32m(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7[0m
 [0;32m(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m
 [0;36m# message authentication code algorithms[0m
 [0;32m(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2[0m
 [0;32m(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2[0m
 [0;32m(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2[0m
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU[0m
 [0;36m# algorithm recommendations (for OpenSSH 8.0)[0m
 [0;32m(rec) +diffie-hellman-group14-sha256        -- kex algorithm to append [0m
 [0;32m(rec) +diffie-hellman-group16-sha512        -- kex algorithm to append [0m
 [0;32m(rec) +diffie-hellman-group18-sha512        -- kex algorithm to append [0m
 [0;32m(rec) +rsa-sha2-256                         -- key algorithm to append [0m
 [0;32m(rec) +rsa-sha2-512                         -- key algorithm to append [0m
 [0;32m(rec) +ssh-rsa                              -- key algorithm to append [0m
--- a/test/docker/expected_results/tinyssh_20190101_test1.txt
+++ b/test/docker/expected_results/tinyssh_20190101_test1.txt
@@ -0,0 +1,25 @@
 [0;36m# general[0m
 [0;32m(gen) software: TinySSH noversion[0m
 [0;32m(gen) compatibility: OpenSSH 8.0+, Dropbear SSH 2018.76+[0m
 [0;32m(gen) compression: disabled[0m
 [0;36m# key exchange algorithms[0m
 [0;32m(kex) curve25519-sha256                       -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m(kex) curve25519-sha256@libssh.org            -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
 [0;33m(kex) sntrup4591761x25519-sha512@tinyssh.org  -- [warn] using experimental algorithm[0m
                                              `- [info] available since OpenSSH 8.0
 [0;36m# host-key algorithms[0m
 [0;32m(key) ssh-ed25519                             -- [info] available since OpenSSH 6.5[0m
 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) chacha20-poly1305@openssh.com           -- [info] available since OpenSSH 6.5[0m
                                              `- [info] default cipher since OpenSSH 6.9.
 [0;36m# message authentication code algorithms[0m
 [0;33m(mac) hmac-sha2-256                           -- [warn] using encrypt-and-MAC mode[0m
                                              `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
 [0;36m# fingerprints[0m
 [0;32m(fin) ssh-ed25519: SHA256:89ocln1x7KNqnMgWffGoYtD70ksJ4FrH7BMJHa7SrwU[0m
--- a/test/docker/host_ca_ed25519
+++ b/test/docker/host_ca_ed25519
@@ -0,0 +1,7 @@
 -----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
 QyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQAAAKAa0zr8GtM6
 /AAAAAtzc2gtZWQyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQ
 AAAEC/j/BpfmgaZqNMTkJXO4cKZBr31N5z33IRFjh5m6IDDhsz1andk9wLwh+G7oaM0Mlq
 gyDsrE7R6Xb6v0nflOW1AAAAHWpkb2dAbG9jYWxob3N0LndvbmRlcmxhbmQubG9s
 -----END OPENSSH PRIVATE KEY-----
--- a/test/docker/host_ca_ed25519.pub
+++ b/test/docker/host_ca_ed25519.pub
@@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsz1andk9wLwh+G7oaM0MlqgyDsrE7R6Xb6v0nflOW1 jdog@localhost.wonderland.lol
--- a/test/docker/host_ca_rsa_1024
+++ b/test/docker/host_ca_rsa_1024
@@ -0,0 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIICXgIBAAKBgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS
 6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8Su
 dBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQIDAQAB
 AoGBANALOUXRcP1tTtOP4+In/709dsONKyDBhPavGMFGsWtyIavBcbxU+bBzrq1j
 3WJFCmi99xxAjjqMNInxhMgvSaoJtsiY0/FFxqRy6l/ZnRjI6hrVKR8whrPKVgBF
 pvbjeQIn9txeCYA8kwl/Si762u7byq+qvupE53xMP94J02KBAkEA/Q4+Hn1Rjblw
 VXynF+oXIq6iZy+8PW+Y/FIL8d31ehzfcssCMdFV6S3/wBoQkWby30oGC/xGmHGR
 6ffXGilByQJBAOn3NMrBPXNkaPeQtgV3tk4s1dRDQYhbqGNz6tcgThyyPdhJCmCy
 jgUEhLwAetsDI8/+3avWbo6/csOV+BvpYUkCQQDQyEp6L1z0+FV1QqY99dZmt/yn
 89t0OLnZG/xc7osU1/OHq3TBE3y1KU2D+j1HKdAiZ9l7VAYOykzf46qmG/n5AkEA
 2kWjfcjcIIw7lULvXZh6fuI7NwTr3V/Nb8MUA1EDLqhnJCG4SdAqyKmXf6Fe/HYo
 cgKPIaIykIAxfCCsULXg6QJAOxB0CKYJlopVBdjGMlGqOEneWTmb1A2INQDE2Una
 LkSd0Rr8OiEzDeemV7j3Ec4BH0HxGMnHDxMybZwoZRnRPw==
 -----END RSA PRIVATE KEY-----
--- a/test/docker/host_ca_rsa_1024.pub
+++ b/test/docker/host_ca_rsa_1024.pub
@@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8SudBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQ== jdog@localhost.wonderland.lol
--- a/test/docker/host_ca_rsa_3072
+++ b/test/docker/host_ca_rsa_3072
@@ -0,0 +1,39 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIG4wIBAAKCAYEAqxQEIbj8w0TrBY1fDO81curijQrdLOUr8Vl8XECWc5QGd1Lk
 AG80NgdcCBPvjWxZSmYrKeqA78GUdN+KgycE0ztpxYSXKHZMaIM5Xe94BB+BocH9
 1vd/2iBzGeed1nV/zfAdq2AEHQj1TpII+a+z25yxv2PuwVTTwwo9I/6JgNq3evH4
 Hbwgr3SRfEEYZQ+YL8cOpBuNg1YZOR0k1yk23ZqAd92JybxZ4iCtOt7rcj2sFHzN
 u1U544wWBwIL5yZZKTgBhY4dqfT2Ep7IzR5HdsdrvQV9qC92GM1zDE+U3AwrVKjH
 s0YZq3jzcq/yvFDCcMMRz4/0pGFFU26oWma+n3vbAxKJoL+rhG8QM9+l2qFlLGsn
 M0kUXAJXsPKbygpaP8Z3U4eKgTuJ2GuS9eLIFnB7mrwD75V6GgN9q5mY89DfkVSk
 HaoqpY8pPdRkz9QAmMEuLtHmv29CVOpfX5v/rsm7wASAZqtUlmFu4rFGBLwvZbUl
 Wu02HmgBT47g6EIfAgMBAAECggGAKVCdKtO03yd+pomcodAHFWiaK7uq7FOwCAo3
 WUQT0Xe3FAwFmgFBF6cxV5YQ7RN0gN4poGbMmpoiUxNFLSU4KhcYFSZPJutiyn6e
 VQwm7L/7G2hw+AAvdSsPAPuJh6g6pC5Py/pVI/ns2/uyhTIkem3eEz18BF6LAXgw
 icfHx0GKu/tBk1TCg/zfwaUq0gUxGKC27XTl+QjK8JsUMY33fQ755Xiv9PMytcR0
 cVoyfBVewFffi1UqtMQ48ZpR65G743RxrP4/wcwsfD7n5LJLdyxQkh3gIMTJ8dd/
 R5V4FlueorRgjTbLTjGDxNrCAJ+locezhEEPXsPh2q0KiIXGyz2AMxaOqFmhU8oK
 aVVt8pWJ+YsrKIgc/A3s18ezO8uO5ZdtjQ+CWguduUGY7YgWezGLO1LPxhJC4d7b
 Q/xpeKveTRlcScAqOUzKgSuEhcvPgj8paUcRUoiXm4qiJBY5sXJks+YGp8BGksH0
 O94no+Ns2G58MlL+RyXk3JWrc6zRAoHBANdPplY2sIuIiiEBu95f1Qar1nCBHhB2
 i+HpnsUOdSlbxwMxoF8ffeN9N+DQqaqPu1RhFa5xbB2EUSujvOnL7b/RWqe1X9Po
 UIt5UjXctNP/HYcQDyjXY+rV5SZhHDyv6TBYurNZlvlBivliDz82THPRtqVxed3B
 w2MeaSkKAQ8rA7PE+0j3TG+YtIij0mHOhNPJgEZ/XZ9MIQOGMycRJhwOlclBI5NP
 Ak6p30ArnU2fX4qMkU3i+wqUfXS1hhDihwKBwQDLaHWPIWPVbWdcCbYQTcUmFC3i
 xkxd0UuLcfS9csk61nvdFj7m8tMExX+3fIo/fHEtzDd98Alc1i6/f6ePl0CX6NDu
 QIWLryI1QQRQidHCdw0wQ3N3VD4ZXJHDeqBxogVAkA7A/1QeXwcXE/Xj2ZgyDwhL
 3+myjmvWtw9zJsXL0F3tpPzn+Mrf0KRkWOaluOw7hMMjVjrgu6g24HMWbHHVLRTx
 dlAI7tgxCAPe2SEi+1mzaVUZ8cfgqYqC3X66UakCgcEAopxtK7+yJi/A4pzEnnYS
 FS/CjMV3R0fA7aXbW0hIBCxkaW0Zib3m/eCcSxZMjZxwBpIsJctTtBcylprbGlgB
 /1TF+tNoxEo4Sp4eEL/XciTC0Da4vEewFrPklM/S26KfovvgRYPsGeP+aco9aahA
 pVhFcT36pBiq0DkvgucjValO6n5iqgDboYzbDDdttKCcgLc2Qgf/VUfRxy+bgm3Z
 MmdxiMXBcIfDXlW9XmGSNAWhyqnPM9uxbZQoC/Tsg+QRAoHANHMcFSsz9f2+8DGk
 27FiC76aUmZ1nJ9yTmO1CwDFOMHDsK+iyqSEmy9eDm8zqsko2flVuciicWjdJw4A
 o/sJceJbtYO3q9weAwNf3HCdQPq30OEjrfpwBNQk1fYR1xtDJXHADC4Kf8ZbKq0/
 81/Rad8McZwsQ5mL3xLXDgdKa5KwFa48dIhnr6y6JxHxb3wule5W7w62Ierhpjzc
 EEUoWSLFyrmKS7Ni1cnOTbFJZR7Q831Or2Dz/E9bYwFAQ0T5AoHAM4/zU+8rsbdD
 FvvhWsj7Ivfh6pxx1Tl1Wccaauea9AJayHht0FOzkycpJrH1E+6F5MzhkFFU1SUY
 60NZxzSZgbU0HBrJRcRFyo510iMcnctdTdyh8p7nweGoD0oqXzf6cHqrUep8Y8rQ
 gkSVhPE31+NGlPbwz+NOflcaaAWYiDC6wjVt1asaZq292SJD4DF1fAUkbQ2hxgyQ
 +G/6y5ovrcGnh7q63RLhW1TRf8dD2D2Av9UgXDmWZAZ5n838FS+X
 -----END RSA PRIVATE KEY-----
--- a/test/docker/host_ca_rsa_3072.pub
+++ b/test/docker/host_ca_rsa_3072.pub
@@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrFAQhuPzDROsFjV8M7zVy6uKNCt0s5SvxWXxcQJZzlAZ3UuQAbzQ2B1wIE++NbFlKZisp6oDvwZR034qDJwTTO2nFhJcodkxogzld73gEH4Ghwf3W93/aIHMZ553WdX/N8B2rYAQdCPVOkgj5r7PbnLG/Y+7BVNPDCj0j/omA2rd68fgdvCCvdJF8QRhlD5gvxw6kG42DVhk5HSTXKTbdmoB33YnJvFniIK063utyPawUfM27VTnjjBYHAgvnJlkpOAGFjh2p9PYSnsjNHkd2x2u9BX2oL3YYzXMMT5TcDCtUqMezRhmrePNyr/K8UMJwwxHPj/SkYUVTbqhaZr6fe9sDEomgv6uEbxAz36XaoWUsayczSRRcAlew8pvKClo/xndTh4qBO4nYa5L14sgWcHuavAPvlXoaA32rmZjz0N+RVKQdqiqljyk91GTP1ACYwS4u0ea/b0JU6l9fm/+uybvABIBmq1SWYW7isUYEvC9ltSVa7TYeaAFPjuDoQh8= jdog@localhost.wonderland.lol
--- a/test/docker/moduli_1024
+++ b/test/docker/moduli_1024
@@ -0,0 +1,44 @@
 20190821035337 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08BE313B
 20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08C0B443
 20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08D1AF8B
 20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08E76DDB
 20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08E8F5D3
 20190821035338 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08EE3F1B
 20190821035338 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08F28387
 20190821035339 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC08F69A57
 20190821035339 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0903B157
 20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0905C973
 20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0909BCD3
 20190821035339 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC090F4A2B
 20190821035340 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0933BC13
 20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09395757
 20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC093F40D7
 20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09478D4F
 20190821035340 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0953A4D7
 20190821035340 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC095B5C7B
 20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09696573
 20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC096BA243
 20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC096F3903
 20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09850E4B
 20190821035341 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC098A1C23
 20190821035341 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC098E08E7
 20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09A4FF7F
 20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09AE4707
 20190821035342 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09B4CE73
 20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09C60C6F
 20190821035342 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC09D2588F
 20190821035343 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A025067
 20190821035343 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A0E38EB
 20190821035343 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A213923
 20190821035344 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A390CA7
 20190821035344 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A3C7ADB
 20190821035344 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A44D497
 20190821035344 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A479B13
 20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A5EF01F
 20190821035345 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A615D43
 20190821035345 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A6BEADB
 20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A86309F
 20190821035345 2 6 100 1023 5 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0A991E8F
 20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AA32C53
 20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AA9FAAB
 20190821035346 2 6 100 1023 2 F0B5E9E385A451D4F46BD2E354B5FCAAC21CA960E5D3D11F877DD50541ED125161E4A5055D528D67E525115BBFAB0B2A4AB8CF5BA98A8BBA41803ED5D4CF766E9ECD39A8D8D914B6F346E0EB2BA6936082751676DCE5C4817EFC7A8105C2A094B22C25245BE13CA4085F2985D3B7A2636FF4018A7E4EA9840BF5FFBC0AAC42BB
--- a/test/docker/ssh1_host_key
+++ b/test/docker/ssh1_host_key
--- a/test/docker/ssh1_host_key.pub
+++ b/test/docker/ssh1_host_key.pub
@@ -0,0 +1 @@
 1024 35 150823875409720459951648542224727752099073441604930026287525797402159071426070997897033651155038337251362080634963146983947007228274330777134724953282680928153520263171933106732090266742784258910450489054624715996015082463159338507115031336180486071622718809324273851629938883104520608180885444242395900180011 root@ubuntu1604server
--- a/test/docker/ssh_host_dsa_key
+++ b/test/docker/ssh_host_dsa_key
@@ -0,0 +1,12 @@
 -----BEGIN DSA PRIVATE KEY-----
 MIIBugIBAAKBgQDth1eV+A8j191R0ey0dVXL2LGNGYM+a+PomSa7suK8xNCeVLKC
 YpQ6VSWpAf6FbRWev1UVo8IpbglwFZPcyFPK2G1H7p45ows2SN4CleszDD56e6W0
 3Plc+qMqSJ6LTjr4M5+HqTDOM3CS72d7MXUkfHQiagyrWQhXyc0kFsNJLwIVAKg7
 b5+NiIZzpg5IEH0tlYFQpuhBAoGAGcbq79QqNNZRuPCE/F05sCoTRGCmFnDjCuCg
 WN7wNRotjMz/S3pHtCCeuTT1jT6Hy0ZFHftv0t/GF8GBRgeokUbS4ytHpOkFWcTz
 8oFguDL44nq8eNfSY6bzEl84qsgEe4HP93mB4FR1ZUUgI4b7gCBOYEFl3yPiH7H1
 p7Z9E1oCgYAl1UPQkeRhElz+AgEbNsnMKu1+6O3/z95D1Wvv4OEwAImbytlBaC7p
 kwJElJNsMMfGqCC8OHdJ0e4VQQUwk/GOhD0MFhVQHBtVZYbiWmVkpfHf1ouUQg3f
 1IZmz2SSt6cPPEu+BEQ/Sn3mFRJ5XSTHLtnI0HJeDND5u1+6p1nXawIURv3Maige
 oxmfqC24VoROJEq+sew=
 -----END DSA PRIVATE KEY-----
--- a/test/docker/ssh_host_dsa_key.pub
+++ b/test/docker/ssh_host_dsa_key.pub
@@ -0,0 +1 @@
 ssh-dss AAAAB3NzaC1kc3MAAACBAO2HV5X4DyPX3VHR7LR1VcvYsY0Zgz5r4+iZJruy4rzE0J5UsoJilDpVJakB/oVtFZ6/VRWjwiluCXAVk9zIU8rYbUfunjmjCzZI3gKV6zMMPnp7pbTc+Vz6oypInotOOvgzn4epMM4zcJLvZ3sxdSR8dCJqDKtZCFfJzSQWw0kvAAAAFQCoO2+fjYiGc6YOSBB9LZWBUKboQQAAAIAZxurv1Co01lG48IT8XTmwKhNEYKYWcOMK4KBY3vA1Gi2MzP9Leke0IJ65NPWNPofLRkUd+2/S38YXwYFGB6iRRtLjK0ek6QVZxPPygWC4Mvjierx419JjpvMSXziqyAR7gc/3eYHgVHVlRSAjhvuAIE5gQWXfI+IfsfWntn0TWgAAAIAl1UPQkeRhElz+AgEbNsnMKu1+6O3/z95D1Wvv4OEwAImbytlBaC7pkwJElJNsMMfGqCC8OHdJ0e4VQQUwk/GOhD0MFhVQHBtVZYbiWmVkpfHf1ouUQg3f1IZmz2SSt6cPPEu+BEQ/Sn3mFRJ5XSTHLtnI0HJeDND5u1+6p1nXaw==
--- a/test/docker/ssh_host_ecdsa_key
+++ b/test/docker/ssh_host_ecdsa_key
@@ -0,0 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
 MHcCAQEEICq/YV5QenL0uW5g5tCjY3EWs+UBFmskY+Jjt2vd2aEmoAoGCCqGSM49
 AwEHoUQDQgAEdYSxDVUjOpW479L/nRDiAdxRB5Kuy2bgkP/LA2pnWPcGIWmFa4QU
 YN2U3JsFKcLIcx5cvTehQfgrHDnaSKVdKA==
 -----END EC PRIVATE KEY-----
--- a/test/docker/ssh_host_ecdsa_key.pub
+++ b/test/docker/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHWEsQ1VIzqVuO/S/50Q4gHcUQeSrstm4JD/ywNqZ1j3BiFphWuEFGDdlNybBSnCyHMeXL03oUH4Kxw52kilXSg=
--- a/test/docker/ssh_host_ed25519_key
+++ b/test/docker/ssh_host_ed25519_key
@@ -0,0 +1,7 @@
 -----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
 QyNTUxOQAAACC/9RD2Ao95ODDIH8i11ekTALut8AUNqWoQx0jHlP4xygAAAKDiqVOs4qlT
 rAAAAAtzc2gtZWQyNTUxOQAAACC/9RD2Ao95ODDIH8i11ekTALut8AUNqWoQx0jHlP4xyg
 AAAECTmHGkq0Qea0QqTJYMXL0bpxVU7mhgwYninfVWxrA017/1EPYCj3k4MMgfyLXV6RMA
 u63wBQ2pahDHSMeU/jHKAAAAHWpkb2dAbG9jYWxob3N0LndvbmRlcmxhbmQubG9s
 -----END OPENSSH PRIVATE KEY-----
--- a/test/docker/ssh_host_ed25519_key-cert.pub
+++ b/test/docker/ssh_host_ed25519_key-cert.pub
@@ -0,0 +1 @@
 ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIO1W0I8tD0c4LypvHY1XNch3BQCw9Yy28/4KmAYql80DAAAAIL/1EPYCj3k4MMgfyLXV6RMAu63wBQ2pahDHSMeU/jHKAAAAAAAAAAAAAAACAAAABHRlc3QAAAAIAAAABHRlc3QAAAAAXV7hvAAAAACBa2YhAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQAAAFMAAAALc3NoLWVkMjU1MTkAAABAW60bCSeIG4Ta+57zgkSbW4LIGCxtOuJJ+pP3i3S0xJJfHGnOtXbg0NQm7pulNl/wd01kgJO9A7RjbhTh7TV1AA== ssh_host_ed25519_key.pub
--- a/test/docker/ssh_host_ed25519_key.pub
+++ b/test/docker/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/1EPYCj3k4MMgfyLXV6RMAu63wBQ2pahDHSMeU/jHK
--- a/test/docker/ssh_host_rsa_key_1024
+++ b/test/docker/ssh_host_rsa_key_1024
@@ -0,0 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIICXgIBAAKBgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ4
 0toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6J
 WHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQIDAQAB
 AoGATGZ16s5NqDsWJ4B9k3xx/2wZZ+BGzl6a7D0habq97XLn8HGoK6UqTBFk6lnO
 WSy0hZBPrNq0AzqCDJY7RrfuZqgVAu/+HEFuXencgt8Z//ueYBaGK8yAC+OrMnDG
 LbSoIGRq8saaFtCzt47c+uSVsrhJ4TvK5gbceZuD/2uw10ECQQD79T0j+YWsLISK
 PKvYHqEXSMPN6b+lK9hRPLoF9NMksNLSjuxxhkYHz+hJPVNT+wPtRMAYmMdPXfKa
 FjuErXVFAkEA4ZgJIOeJ7OHfqGEgd29m36yFy0UaUJ+cmYuJzHAYWgW3TOanqpZm
 A8EENuXvH0DtYRVytv4m/cIRVVPxWtXzsQJBALXlQUOEc0VuSi1GScVXr3KQ3JL+
 ipWixqM3VRDRw9D8Ouc5uWbnygz/wrGFLXA2ioozlP7s5Q7eQzOMk2FgnIUCQQCz
 j5QUgLcjuVWQbF6vMhisCGImPUaIzcKT5KE1/DMl1E7mAuGJwlRIwKVeHP6L3d4T
 3EKGrRzT9lhdlocRSiLBAkEAi3xI0MOZp4xGviPc1C1TKuqdJSr8fHwbtLozwNQO
 nnF6m5S72JzZEThDBZS9zcdBp9EFpTvUGzx/O0GI454eoA==
 -----END RSA PRIVATE KEY-----
--- a/test/docker/ssh_host_rsa_key_1024-cert_1024.pub
+++ b/test/docker/ssh_host_rsa_key_1024-cert_1024.pub
@@ -0,0 +1 @@
 ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgFqxXSa9HTqCw5YW3DdIwVREPGxI+i56w32RnHWRg0NoAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQAAAAAAAAAAAAAAAgAAAAR0ZXN0AAAACAAAAAR0ZXN0AAAAAF1evHgAAAAAgWtAtQAAAAAAAAAAAAAAAAAAAJcAAAAHc3NoLXJzYQAAAAMBAAEAAACBAOdGU3cAWdR7aUV/lcb1SFcuv/086u41MVsy3TOuM5RKOYBLuFLqkO/lUROhPoNpHURBRhqpIykdjNmG4Irna+vJ06blcVsnvvXav0zJlBSGhVnHxK50EfNUMhU7eNwwxYiWt9YEydRpQcSqmbLzxjuAoNrZNbEmDX6GDnUqoetRAAAAjwAAAAdzc2gtcnNhAAAAgFRc2g0eWXGmqSa6Z8rcMPHf4rNMornEHSnTzZ8Rdh4YBhDa9xMRRy6puaWPDzXxOfZh7eSjCwrzUMEXTgCIO4oX62xm/6kUnAmKhXle0+inR/hdPg03daE0SBJ4spBT49lJ4WIW38RKFNzjmYg70rTPAnP8oM/F3CC1GV117/Vv ssh_host_rsa_key_1024.pub
--- a/test/docker/ssh_host_rsa_key_1024-cert_3072.pub
+++ b/test/docker/ssh_host_rsa_key_1024-cert_3072.pub
@@ -0,0 +1 @@
 ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgrJGcfyW8V6VWGT7lD1ardj2RtTP8TOjmLRNbuoGkyZQAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQAAAAAAAAAAAAAAAgAAAAR0ZXN0AAAACAAAAAR0ZXN0AAAAAF1evHgAAAAAgWtA7gAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAKsUBCG4/MNE6wWNXwzvNXLq4o0K3SzlK/FZfFxAlnOUBndS5ABvNDYHXAgT741sWUpmKynqgO/BlHTfioMnBNM7acWElyh2TGiDOV3veAQfgaHB/db3f9ogcxnnndZ1f83wHatgBB0I9U6SCPmvs9ucsb9j7sFU08MKPSP+iYDat3rx+B28IK90kXxBGGUPmC/HDqQbjYNWGTkdJNcpNt2agHfdicm8WeIgrTre63I9rBR8zbtVOeOMFgcCC+cmWSk4AYWOHan09hKeyM0eR3bHa70FfagvdhjNcwxPlNwMK1Sox7NGGat483Kv8rxQwnDDEc+P9KRhRVNuqFpmvp972wMSiaC/q4RvEDPfpdqhZSxrJzNJFFwCV7Dym8oKWj/Gd1OHioE7idhrkvXiyBZwe5q8A++VehoDfauZmPPQ35FUpB2qKqWPKT3UZM/UAJjBLi7R5r9vQlTqX1+b/67Ju8AEgGarVJZhbuKxRgS8L2W1JVrtNh5oAU+O4OhCHwAAAY8AAAAHc3NoLXJzYQAAAYCO78ONpHp+EGWDqDLb/GPFDH32o6oaRRrIH/Bhvg1FOi5XngnHTdU7xWdnJqNE2Sl6VOrg0sTCMYcX9fZ8tVREnCo3aF7Iwow5Br67QYKayRzHANQqHaVK46lpI1gz81V00u54tX1F8oEUqm6sRmFKFuklt6CjfbR+tnpj7DrfeOTKEBOGJP2uU0jMsJr2DrBeXrzONjIJtIJ1AxWjXd2LeIWO2C6yTkcN5ggThMMaeu6QuuBPpC2PN2COfu+Mgto9g103+/SS4Wa8CzinZZn2Xe1isUxI8QRNrShy4Hl/bIZQL7mi/0rxkfw+fA7IzMk462V99gPVSp+/jK0sbUJoC3QeeglS5hWodjW+VGZfgweGQ+AE/OxkNSv+kDPMYEkjfOf4qhxS5QFvButLt6zp2UNbE5+OWvYpdjO9/DOa0ro+wCw07+dVKIcDpU2csiCcJvQ/HmKAmhch7jOHa0WaxSX0tt0xTPJWTvr6E4WZOgEnk9AvWmrKjF5tEzGYwTU= ssh_host_rsa_key_1024.pub
--- a/test/docker/ssh_host_rsa_key_1024.pub
+++ b/test/docker/ssh_host_rsa_key_1024.pub
@@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDeCC1U7VqVg9AfrfWrXACiW6pzYOuP8tim68z+YN/dUU7JhFZ40toteQkLcJBAD2miQ6ZJYkjVfhQ4FRFeOW5vcN0UYHn8ttb2mKdGJdt24ZYY5Z6JWHQhPOpSgtWyUv6RnxU2ligEeaoPaiepUUOhoyLf4WcF7voVCAKZNqeTtQ==
--- a/test/docker/ssh_host_rsa_key_3072
+++ b/test/docker/ssh_host_rsa_key_3072
@@ -0,0 +1,39 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIG5AIBAAKCAYEAzhHp7eFnrQAJqOd7aihyQyIDKgxCF7H51Q3Ft3+8af+lX3Ol
 Ie77Gi5GNNM+eRB4OzG+CBslxN5I3pM//sZ+gyylA1VuWZZkOlgtbOHutIkO2ldk
 XtoGidla0VAxLcUcUK6cCmqwBTT31Hp4Qimp2zyeg/l5q0DhWKguY13lrm5b3YZY
 rj7CW3Ktzxf8SbYz6du8KF0dHCWilzq+FLeGzXr7Yul5njVF5njkGvZ9duQ0qiVR
 zqZkrkLEWgQlCM0T+PyUbvedL1MfDZPHGh7ZhU0snOvJRsxAr31tlknq+WwauZYd
 DzJf1g1URcM65UwEsPlfgOW3ZoZogR1v57Im+KdsKhq2B3snEtJgdQh06JyO0ur4
 uUXo1mMtvBFhiptUtwP4g9v/IN4neeK+wBRom46m2Q1bMUBPneBOa8r2SY/3ynrz
 XuVIWFOQtF60aJ+BNqvgUVCKOmz1KzoJwTqGm+EFaKM5z+UQWjIbSE3Ge4X5hXtk
 Ou52v+tyDUk6boZLAgMBAAECggGAdrhxWmA7N7tG1W2Pd6iXs7+brRTk2vvpYGqP
 11kbNsJXBzf8EiG5vuqb/gEaA+uOKSRORCNHzjT2LG0POHwpFO+aneIRMkHnuolk
 mk9ME+zGhtpEdDUOAUsc/GxD+QePeZgvQ/0VLdrHUT3BnPSd7DXvaT9IbnZxnX8/
 QnYtRiJEgMrOuoxjswXNxvsdmWYEYJ38uBB1Hes80f3A1vSpECbjP6gdLh2pCM/r
 MvGBdQaipMfdar4IUTEcKHQs1fY3mlAxnWRjYCqJPmq10d3NrdUrHb2zBE1HCC4h
 aj2ycTxFhDJqGV6Y2AboHqh2c7lPJ+R2UjI9mIpALZSviHB1POcpWCAGA3NKjri9
 8jgxl3bj03ikJNfCuvlqRTa8at63W2zZTMRsxamoiO023uUOEMNBPwWXP/rVhQ8g
 ufih0SY44j0EMPIuu2PoQV4ZSOtDw8xdPrchVCa078/pP5cRa4uV0bl2K4as+cYC
 BhjEq2Org3ulDW2n6Mz5ZS7NbAkxAoHBAP/bgPGKX7rfrHa5MRHIgbLSmZtUoF51
 YGelc8ytRx6UT6wriJ1jQRXiI5mZlIXyVxMpIz9s4+h59kF+LpZuNLc3vTYpPOQn
 RUDBVY6+SPC5MancL7bfBoHahpWEJuJB/WUE7eWvQM03/LsBtU6Nq+R632t5KdqF
 A4y86qgD1vIjcBWvySLFJZGOCoNbj7ZinoBUO3ueYK6SUj8xH6TAqOJsTPvquRT3
 AFBpFBmrVc24wW7wTiLkQOhkIQs1J/ZhYwKBwQDOL07qF8wsoQBBTTXkZ59BCauz
 R8kfqe5oUBwsmGJdiIHX6gutBA07sSwzVekIvCCkJFXk3TxLoBSMHEZEIdnS+HVt
 gMIacYuhbh+XztdY0kadH/SMbVQD/2LZcL99vcZPq1QF3cHb0Buip5+fyAYjoEc7
 oVgvewD/TwdNcMjos/kMNh6l04kLi6vQG3WhoSBPWaoB669ppBNXSrWKe43nXVi6
 EvjGEiL+HCCnmD6LiD6p797Owu9AChP6fXInD/kCgcEAiLP3SRbt3yLzOtvn4+CF
 q83qVJv6s31zbO1x2cIbZbNIfm0kKTOG6vJQoxjzyj2ZWJt6QcEkZGoFsSiCK83m
 TJ5zciTGbACvd9HUrNfukO/iISeMNuEi0O65Sdm6DNnFUdw4X6grr3pihmh7PuVj
 GkisZvft7Nt08hVeKzch+W4FzRCHHxTG5eZGp7icKI64sUhQH9SXQ67aUvkkNxrZ
 IWFMIK1hBlqSyGPcYXqx9aDpeSTcGrhqFcCqBxr3pySRAoHAfJNO3delEC3yxoHN
 FwSYzyX1rOuplE0K89G7RCKKBDNPKFKL3Wx+Rluk9htpIlLwcdxWXWJiZNsCrykC
 N3YwcuyVnqTWIj4KfG3Z/tIFgPADpDnDevkvcv7iDbi2qlV4NXix2p2C3LnfiKY4
 psSnGO1lPJ0eeAmcr6VjJyIG8bqTthIY8F5gBi7Mj3+X0iFVMTxeoKxzHqP435wP
 Fe3S7kCTNFH0J1Cb/eamwDwXRhz6p5h7iXd0MMAmFAmpZ/qZAoHBAPDSIvk2ocf1
 FVW8pKtKOJFIs8iQVIaOLKwPJVP8/JsB1+7mQx5KMoROb5pNpX2edN4vvG0CgqpJ
 KekleqpH6nQCqYGFZ1BDhORElNILxeJHcNl0eAG++IJ2PfIpTZV30edDqMm0x7EI
 8POZWAx809VzcYbE2jsgpN/EuiaG30EAI5yNvyzmZRCyQykH+eltHlCx17MWBxRQ
 bb2UUfpdInTMS2vyrvkeUACkC1DGYdBVVBqqPTkHZg+Kcbs8ntQqEQ==
 -----END RSA PRIVATE KEY-----
--- a/test/docker/ssh_host_rsa_key_3072-cert_1024.pub
+++ b/test/docker/ssh_host_rsa_key_3072-cert_1024.pub
@@ -0,0 +1 @@
 ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgGHz1JwF/1IcxW3pdQtpqbUjIHaFuk0cR/+l50vG+9hIAAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhksAAAAAAAAAAAAAAAIAAAAEdGVzdAAAAAgAAAAEdGVzdAAAAABdXry0AAAAAIFrQR8AAAAAAAAAAAAAAAAAAACXAAAAB3NzaC1yc2EAAAADAQABAAAAgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8SudBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQAAAI8AAAAHc3NoLXJzYQAAAIB4HaEexgQ9T6rScEbiHZx+suCaYXI7ywLYyoSEO48K8o+MmO83UTLtpPa3DXlT8hSYL8Aq6Bb5AMkDawsgsC484owPqObT/5ndLG/fctNBFcCTSL0ftte+A8xH0pZaGRoKbdxxgMqX4ubrCXpbMLGF9aAeh7MRa756XzqGlsCiSA== ssh_host_rsa_key_3072.pub
--- a/test/docker/ssh_host_rsa_key_3072-cert_3072.pub
+++ b/test/docker/ssh_host_rsa_key_3072-cert_3072.pub
@@ -0,0 +1 @@
 ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg9MVX4OlkEy3p9eC+JJp8h7j76EmI46EY/RXxCGSWTC0AAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhksAAAAAAAAAAAAAAAIAAAAEdGVzdAAAAAgAAAAEdGVzdAAAAABdXr0sAAAAAIFrQWwAAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCrFAQhuPzDROsFjV8M7zVy6uKNCt0s5SvxWXxcQJZzlAZ3UuQAbzQ2B1wIE++NbFlKZisp6oDvwZR034qDJwTTO2nFhJcodkxogzld73gEH4Ghwf3W93/aIHMZ553WdX/N8B2rYAQdCPVOkgj5r7PbnLG/Y+7BVNPDCj0j/omA2rd68fgdvCCvdJF8QRhlD5gvxw6kG42DVhk5HSTXKTbdmoB33YnJvFniIK063utyPawUfM27VTnjjBYHAgvnJlkpOAGFjh2p9PYSnsjNHkd2x2u9BX2oL3YYzXMMT5TcDCtUqMezRhmrePNyr/K8UMJwwxHPj/SkYUVTbqhaZr6fe9sDEomgv6uEbxAz36XaoWUsayczSRRcAlew8pvKClo/xndTh4qBO4nYa5L14sgWcHuavAPvlXoaA32rmZjz0N+RVKQdqiqljyk91GTP1ACYwS4u0ea/b0JU6l9fm/+uybvABIBmq1SWYW7isUYEvC9ltSVa7TYeaAFPjuDoQh8AAAGPAAAAB3NzaC1yc2EAAAGAG8tCiBMSq3Of3Gmcrid2IfPmaaemYivgEEuK8ubq1rznF0vtR07/NUQ7WVzfJhUSeG0gtJ3A1ey60NjcBn0DHao4Q3ATIXnkSOIKjNolZ2urqYv9fT1LAC4I5XWGzK2aKK0NEqAYr06YPtcGOBQk5+3GPAWSJ4eQycKRz5BSuMYbKaVxU0kGSvbavG07ZntMQhia/lILyq84PjXh/JlRVpIqY+LAS0qwqkUR3gWMTmvYvYI7fXU84ReVB1ut75bY7Xx0DXHPl1Zc2MNDLGcKsByZtoO9ueZRyOlZMUJcVP5fK+OUuZKjMbCaaJnV55BQ78/rftIPYsTEEO2Sf9WT86ADa3k4S0pyWqlTxBzZcDWNt+fZFNm9wcqcYS32nDKtfixcDN8E/IJIWY7aoabPqoYnKUVQBOcIEnZf1HqsKUVmF44Dp9mKhefUs3BtcdK63j/lNXzzMrPwZQAreJqH/uV3TgYBLjMPl++ctX6tCe6Hv5zFKNhnOCSBSzcsCgIU ssh_host_rsa_key_3072.pub
--- a/test/docker/ssh_host_rsa_key_3072.pub
+++ b/test/docker/ssh_host_rsa_key_3072.pub
@@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOEent4WetAAmo53tqKHJDIgMqDEIXsfnVDcW3f7xp/6Vfc6Uh7vsaLkY00z55EHg7Mb4IGyXE3kjekz/+xn6DLKUDVW5ZlmQ6WC1s4e60iQ7aV2Re2gaJ2VrRUDEtxRxQrpwKarAFNPfUenhCKanbPJ6D+XmrQOFYqC5jXeWublvdhliuPsJbcq3PF/xJtjPp27woXR0cJaKXOr4Ut4bNevti6XmeNUXmeOQa9n125DSqJVHOpmSuQsRaBCUIzRP4/JRu950vUx8Nk8caHtmFTSyc68lGzECvfW2WSer5bBq5lh0PMl/WDVRFwzrlTASw+V+A5bdmhmiBHW/nsib4p2wqGrYHeycS0mB1CHTonI7S6vi5RejWYy28EWGKm1S3A/iD2/8g3id54r7AFGibjqbZDVsxQE+d4E5ryvZJj/fKevNe5UhYU5C0XrRon4E2q+BRUIo6bPUrOgnBOoab4QVooznP5RBaMhtITcZ7hfmFe2Q67na/63INSTpuhks=
--- a/test/mypy-py2.sh
+++ b/test/mypy-py2.sh
@@ -1,10 +0,0 @@
 #!/bin/sh
 _cdir=$(cd -- "$(dirname "$0")" && pwd)
 type mypy > /dev/null 2>&1
 if [ $? -ne 0 ]; then
 	echo "err: mypy (Optional Static Typing for Python) not found."
 	exit 1
 fi
 _htmldir="${_cdir}/../html/mypy-py2"
 mkdir -p "${_htmldir}"
 mypy --python-version 2.7 --config-file "${_cdir}/mypy.ini" --html-report "${_htmldir}" "${_cdir}/../ssh-audit.py"
--- a/test/mypy-py3.sh
+++ b/test/mypy-py3.sh
@@ -1,10 +0,0 @@
 #!/bin/sh
 _cdir=$(cd -- "$(dirname "$0")" && pwd)
 type mypy > /dev/null 2>&1
 if [ $? -ne 0 ]; then
 	echo "err: mypy (Optional Static Typing for Python) not found."
 	exit 1
 fi
 _htmldir="${_cdir}/../html/mypy-py3"
 mkdir -p "${_htmldir}"
 mypy --python-version 3.5 --config-file "${_cdir}/mypy.ini" --html-report "${_htmldir}" "${_cdir}/../ssh-audit.py"
--- a/test/mypy.ini
+++ b/test/mypy.ini
@@ -1,9 +0,0 @@
 [mypy]
 silent_imports = True
 disallow_untyped_calls = True
 disallow_untyped_defs = True
 check_untyped_defs = True
 disallow-subclassing-any = True
 warn-incomplete-stub = True
 warn-redundant-casts = True
--- a/test/prospector.sh
+++ b/test/prospector.sh
@@ -1,13 +0,0 @@
 #!/bin/sh
 _cdir=$(cd -- "$(dirname "$0")" && pwd)
 type prospector > /dev/null 2>&1
 if [ $? -ne 0 ]; then
 	echo "err: prospector (Python Static Analysis) not found."
 	exit 1
 fi
 if [ X"$1" == X"" ]; then
 	_file="${_cdir}/../ssh-audit.py"
 else
 	_file="$1"
 fi
 prospector -E --profile-path "${_cdir}" -P prospector "${_file}"
--- a/test/prospector.yml
+++ b/test/prospector.yml
@@ -1,42 +0,0 @@
 strictness: veryhigh
 doc-warnings: false
 pylint:
    disable:
        - multiple-imports
        - invalid-name
        - trailing-whitespace
    options:
        max-args: 8 # default: 5
        max-locals: 20 # default: 15
        max-returns: 6
        max-branches: 15 # default: 12
        max-statements: 60 # default: 50
        max-parents: 7
        max-attributes: 8 # default: 7
        min-public-methods: 1 # default: 2
        max-public-methods: 20
        max-bool-expr: 5
        max-nested-blocks: 6 # default: 5
        max-line-length: 80 # default: 100
        ignore-long-lines: ^\s*(#\s+type:\s+.*|[A-Z0-9_]+\s+=\s+.*|('.*':\s+)?\[.*\],?)$
        max-module-lines: 2500 # default: 10000
 pep8:
    disable:
        - W191 # indentation contains tabs
        - W293 # blank line contains whitespace
        - E101 # indentation contains mixed spaces and tabs
        - E401 # multiple imports on one line
        - E501 # line too long
        - E221 # multiple spaces before operator
 pyflakes:
    disable:
        - F401 # module imported but unused
        - F821 # undefined name
 mccabe:
    options:
        max-complexity: 15
--- a/test/stubs/colorama.pyi
+++ b/test/stubs/colorama.pyi
@@ -0,0 +1,6 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 from typing import Optional
 def init(autoreset: bool = False, convert: Optional[bool] = None, strip: Optional[bool] = None, wrap: bool = True) -> None: ...
--- a/test/test_auditconf.py
+++ b/test/test_auditconf.py
@@ -10,8 +10,8 @@ class TestAuditConf(object):
 		self.AuditConf = ssh_audit.AuditConf
 		self.usage = ssh_audit.usage
-	@classmethod
+	@staticmethod
-	def _test_conf(cls, conf, **kwargs):
+	def _test_conf(conf, **kwargs):
 		options = {
 			'host': None,
 			'port': 22,
@@ -20,7 +20,7 @@ class TestAuditConf(object):
 			'batch': False,
 			'colors': True,
 			'verbose': False,
-			'minlevel': 'info',
+			'level': 'info',
 			'ipv4': True,
 			'ipv6': True,
 			'ipvo': ()
@@ -34,7 +34,7 @@ class TestAuditConf(object):
 		assert conf.batch is options['batch']
 		assert conf.colors is options['colors']
 		assert conf.verbose is options['verbose']
-		assert conf.minlevel == options['minlevel']
+		assert conf.level == options['level']
 		assert conf.ipv4 == options['ipv4']
 		assert conf.ipv6 == options['ipv6']
 		assert conf.ipvo == options['ipvo']
@@ -115,14 +115,14 @@ class TestAuditConf(object):
 		conf.ipvo = (4, 4, 4, 6, 6)
 		assert conf.ipvo == (4, 6)
-	def test_audit_conf_minlevel(self):
+	def test_audit_conf_level(self):
 		conf = self.AuditConf()
 		for level in ['info', 'warn', 'fail']:
-			conf.minlevel = level
+			conf.level = level
-			assert conf.minlevel == level
+			assert conf.level == level
 		for level in ['head', 'good', 'unknown', None]:
 			with pytest.raises(ValueError) as excinfo:
-				conf.minlevel = level
+				conf.level = level
 			excinfo.match(r'.*invalid level.*')
 	def test_audit_conf_cmdline(self):
@@ -148,6 +148,14 @@ class TestAuditConf(object):
 		self._test_conf(conf, host='localhost', port=2222)
 		conf = c('-p 2222 localhost')
 		self._test_conf(conf, host='localhost', port=2222)
 		conf = c('2001:4860:4860::8888')
 		self._test_conf(conf, host='2001:4860:4860::8888')
 		conf = c('[2001:4860:4860::8888]:22')
 		self._test_conf(conf, host='2001:4860:4860::8888')
 		conf = c('[2001:4860:4860::8888]:2222')
 		self._test_conf(conf, host='2001:4860:4860::8888', port=2222)
 		conf = c('-p 2222 2001:4860:4860::8888')
 		self._test_conf(conf, host='2001:4860:4860::8888', port=2222)
 		with pytest.raises(SystemExit):
 			conf = c('localhost:')
 		with pytest.raises(SystemExit):
@@ -183,10 +191,10 @@ class TestAuditConf(object):
 		conf = c('-v localhost')
 		self._test_conf(conf, host='localhost', verbose=True)
 		conf = c('-l info localhost')
-		self._test_conf(conf, host='localhost', minlevel='info')
+		self._test_conf(conf, host='localhost', level='info')
 		conf = c('-l warn localhost')
-		self._test_conf(conf, host='localhost', minlevel='warn')
+		self._test_conf(conf, host='localhost', level='warn')
 		conf = c('-l fail localhost')
-		self._test_conf(conf, host='localhost', minlevel='fail')
+		self._test_conf(conf, host='localhost', level='fail')
 		with pytest.raises(SystemExit):
 			conf = c('-l something localhost')
--- a/test/test_errors.py
+++ b/test/test_errors.py
@@ -1,6 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 import socket
 import errno
 import pytest
@@ -17,46 +18,99 @@ class TestErrors(object):
 		conf.batch = True
 		return conf
 	def _audit(self, spy, conf=None, sysexit=True):
 		if conf is None:
 			conf = self._conf()
 		spy.begin()
 		if sysexit:
 			with pytest.raises(SystemExit):
 				self.audit(conf)
 		else:
 			self.audit(conf)
 		lines = spy.flush()
 		return lines
 	def test_connection_unresolved(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.gsock.addrinfodata['localhost#22'] = []
 		lines = self._audit(output_spy)
 		assert len(lines) == 1
 		assert 'has no DNS records' in lines[-1]
 	def test_connection_refused(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
-		vsocket.errors['connect'] = socket.error(61, 'Connection refused')
+		vsocket.errors['connect'] = socket.error(errno.ECONNREFUSED, 'Connection refused')
-		output_spy.begin()
+		lines = self._audit(output_spy)
 		with pytest.raises(SystemExit):
 			self.audit(self._conf())
 		lines = output_spy.flush()
 		assert len(lines) == 1
 		assert 'Connection refused' in lines[-1]
-	def test_connection_closed_before_banner(self, output_spy, virtual_socket):
+	def test_connection_timeout(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
-		vsocket.rdata.append(socket.error(54, 'Connection reset by peer'))
+		vsocket.errors['connect'] = socket.timeout('timed out')
-		output_spy.begin()
+		lines = self._audit(output_spy)
-		with pytest.raises(SystemExit):
+		assert len(lines) == 1
-			self.audit(self._conf())
+		assert 'timed out' in lines[-1]
-		lines = output_spy.flush()
+	
 	def test_recv_empty(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		lines = self._audit(output_spy)
 		assert len(lines) == 1
 		assert 'did not receive banner' in lines[-1]
 	def test_recv_timeout(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.rdata.append(socket.timeout('timed out'))
 		lines = self._audit(output_spy)
 		assert len(lines) == 1
 		assert 'did not receive banner' in lines[-1]
 		assert 'timed out' in lines[-1]
 	def test_recv_retry_till_timeout(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.rdata.append(socket.error(errno.EAGAIN, 'Resource temporarily unavailable'))
 		vsocket.rdata.append(socket.error(errno.EWOULDBLOCK, 'Resource temporarily unavailable'))
 		vsocket.rdata.append(socket.error(errno.EAGAIN, 'Resource temporarily unavailable'))
 		vsocket.rdata.append(socket.timeout('timed out'))
 		lines = self._audit(output_spy)
 		assert len(lines) == 1
 		assert 'did not receive banner' in lines[-1]
 		assert 'timed out' in lines[-1]
 	def test_recv_retry_till_reset(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.rdata.append(socket.error(errno.EAGAIN, 'Resource temporarily unavailable'))
 		vsocket.rdata.append(socket.error(errno.EWOULDBLOCK, 'Resource temporarily unavailable'))
 		vsocket.rdata.append(socket.error(errno.EAGAIN, 'Resource temporarily unavailable'))
 		vsocket.rdata.append(socket.error(errno.ECONNRESET, 'Connection reset by peer'))
 		lines = self._audit(output_spy)
 		assert len(lines) == 1
 		assert 'did not receive banner' in lines[-1]
 		assert 'reset by peer' in lines[-1]
 	def test_connection_closed_before_banner(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.rdata.append(socket.error(errno.ECONNRESET, 'Connection reset by peer'))
 		lines = self._audit(output_spy)
 		assert len(lines) == 1
 		assert 'did not receive banner' in lines[-1]
 		assert 'reset by peer' in lines[-1]
 	def test_connection_closed_after_header(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.rdata.append(b'header line 1\n')
 		vsocket.rdata.append(b'\n')
 		vsocket.rdata.append(b'header line 2\n')
-		vsocket.rdata.append(socket.error(54, 'Connection reset by peer'))
+		vsocket.rdata.append(socket.error(errno.ECONNRESET, 'Connection reset by peer'))
-		output_spy.begin()
+		lines = self._audit(output_spy)
 		with pytest.raises(SystemExit):
 			self.audit(self._conf())
 		lines = output_spy.flush()
 		assert len(lines) == 3
 		assert 'did not receive banner' in lines[-1]
 		assert 'reset by peer' in lines[-1]
 	def test_connection_closed_after_banner(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.rdata.append(b'SSH-2.0-ssh-audit-test\r\n')
 		vsocket.rdata.append(socket.error(54, 'Connection reset by peer'))
-		output_spy.begin()
+		lines = self._audit(output_spy)
 		with pytest.raises(SystemExit):
 			self.audit(self._conf())
 		lines = output_spy.flush()
 		assert len(lines) == 2
 		assert 'error reading packet' in lines[-1]
 		assert 'reset by peer' in lines[-1]
@@ -64,10 +118,7 @@ class TestErrors(object):
 	def test_empty_data_after_banner(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.rdata.append(b'SSH-2.0-ssh-audit-test\r\n')
-		output_spy.begin()
+		lines = self._audit(output_spy)
 		with pytest.raises(SystemExit):
 			self.audit(self._conf())
 		lines = output_spy.flush()
 		assert len(lines) == 2
 		assert 'error reading packet' in lines[-1]
 		assert 'empty' in lines[-1]
@@ -76,10 +127,7 @@ class TestErrors(object):
 		vsocket = virtual_socket
 		vsocket.rdata.append(b'SSH-2.0-ssh-audit-test\r\n')
 		vsocket.rdata.append(b'xxx\n')
-		output_spy.begin()
+		lines = self._audit(output_spy)
 		with pytest.raises(SystemExit):
 			self.audit(self._conf())
 		lines = output_spy.flush()
 		assert len(lines) == 2
 		assert 'error reading packet' in lines[-1]
 		assert 'xxx' in lines[-1]
@@ -87,10 +135,7 @@ class TestErrors(object):
 	def test_non_ascii_banner(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.rdata.append(b'SSH-2.0-ssh-audit-test\xc3\xbc\r\n')
-		output_spy.begin()
+		lines = self._audit(output_spy)
 		with pytest.raises(SystemExit):
 			self.audit(self._conf())
 		lines = output_spy.flush()
 		assert len(lines) == 3
 		assert 'error reading packet' in lines[-1]
 		assert 'ASCII' in lines[-2]
@@ -100,10 +145,7 @@ class TestErrors(object):
 		vsocket = virtual_socket
 		vsocket.rdata.append(b'SSH-2.0-ssh-audit-test\r\n')
 		vsocket.rdata.append(b'\x81\xff\n')
-		output_spy.begin()
+		lines = self._audit(output_spy)
 		with pytest.raises(SystemExit):
 			self.audit(self._conf())
 		lines = output_spy.flush()
 		assert len(lines) == 2
 		assert 'error reading packet' in lines[-1]
 		assert '\\x81\\xff' in lines[-1]
@@ -112,12 +154,9 @@ class TestErrors(object):
 		vsocket = virtual_socket
 		vsocket.rdata.append(b'SSH-1.3-ssh-audit-test\r\n')
 		vsocket.rdata.append(b'Protocol major versions differ.\n')
-		output_spy.begin()
+		conf = self._conf()
-		with pytest.raises(SystemExit):
+		conf.ssh1, conf.ssh2 = True, False
-			conf = self._conf()
+		lines = self._audit(output_spy, conf)
 			conf.ssh1, conf.ssh2 = True, False
 			self.audit(conf)
 		lines = output_spy.flush()
 		assert len(lines) == 3
 		assert 'error reading packet' in lines[-1]
 		assert 'major versions differ' in lines[-1]
--- a/test/test_output.py
+++ b/test/test_output.py
@@ -41,13 +41,13 @@ class TestOutput(object):
 		out = self.Output()
 		# default: on
 		assert out.batch is False
-		assert out.colors is True
+		assert out.use_colors is True
-		assert out.minlevel == 'info'
+		assert out.level == 'info'
 	def test_output_colors(self, output_spy):
 		out = self.Output()
 		# test without colors
-		out.colors = False
+		out.use_colors = False
 		output_spy.begin()
 		out.info('info color')
 		assert output_spy.flush() == [u'info color']
@@ -66,7 +66,7 @@ class TestOutput(object):
 		if not out.colors_supported:
 			return
 		# test with colors
-		out.colors = True
+		out.use_colors = True
 		output_spy.begin()
 		out.info('info color')
 		assert output_spy.flush() == [u'info color']
@@ -93,29 +93,29 @@ class TestOutput(object):
 	def test_output_levels(self):
 		out = self.Output()
-		assert out.getlevel('info') == 0
+		assert out.get_level('info') == 0
-		assert out.getlevel('good') == 0
+		assert out.get_level('good') == 0
-		assert out.getlevel('warn') == 1
+		assert out.get_level('warn') == 1
-		assert out.getlevel('fail') == 2
+		assert out.get_level('fail') == 2
-		assert out.getlevel('unknown') > 2
+		assert out.get_level('unknown') > 2
-	def test_output_minlevel_property(self):
+	def test_output_level_property(self):
 		out = self.Output()
-		out.minlevel = 'info'
+		out.level = 'info'
-		assert out.minlevel == 'info'
+		assert out.level == 'info'
-		out.minlevel = 'good'
+		out.level = 'good'
-		assert out.minlevel == 'info'
+		assert out.level == 'info'
-		out.minlevel = 'warn'
+		out.level = 'warn'
-		assert out.minlevel == 'warn'
+		assert out.level == 'warn'
-		out.minlevel = 'fail'
+		out.level = 'fail'
-		assert out.minlevel == 'fail'
+		assert out.level == 'fail'
-		out.minlevel = 'invalid level'
+		out.level = 'invalid level'
-		assert out.minlevel == 'unknown'
+		assert out.level == 'unknown'
-	def test_output_minlevel(self, output_spy):
+	def test_output_level(self, output_spy):
 		out = self.Output()
 		# visible: all
-		out.minlevel = 'info'
+		out.level = 'info'
 		output_spy.begin()
 		out.info('info color')
 		out.head('head color')
@@ -124,7 +124,7 @@ class TestOutput(object):
 		out.fail('fail color')
 		assert len(output_spy.flush()) == 5
 		# visible: head, warn, fail
-		out.minlevel = 'warn'
+		out.level = 'warn'
 		output_spy.begin()
 		out.info('info color')
 		out.head('head color')
@@ -133,7 +133,7 @@ class TestOutput(object):
 		out.fail('fail color')
 		assert len(output_spy.flush()) == 3
 		# visible: head, fail
-		out.minlevel = 'fail'
+		out.level = 'fail'
 		output_spy.begin()
 		out.info('info color')
 		out.head('head color')
@@ -142,7 +142,7 @@ class TestOutput(object):
 		out.fail('fail color')
 		assert len(output_spy.flush()) == 2
 		# visible: head
-		out.minlevel = 'invalid level'
+		out.level = 'invalid level'
 		output_spy.begin()
 		out.info('info color')
 		out.head('head color')
@@ -155,7 +155,7 @@ class TestOutput(object):
 		out = self.Output()
 		# visible: all
 		output_spy.begin()
-		out.minlevel = 'info'
+		out.level = 'info'
 		out.batch = False
 		out.info('info color')
 		out.head('head color')
@@ -165,7 +165,7 @@ class TestOutput(object):
 		assert len(output_spy.flush()) == 5
 		# visible: all except head
 		output_spy.begin()
-		out.minlevel = 'info'
+		out.level = 'info'
 		out.batch = True
 		out.info('info color')
 		out.head('head color')
--- a/test/test_resolve.py
+++ b/test/test_resolve.py
@@ -0,0 +1,85 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 import socket
 import pytest
 # pylint: disable=attribute-defined-outside-init,protected-access
 class TestResolve(object):
 	@pytest.fixture(autouse=True)
 	def init(self, ssh_audit):
 		self.AuditConf = ssh_audit.AuditConf
 		self.audit = ssh_audit.audit
 		self.ssh = ssh_audit.SSH
 	def _conf(self):
 		conf = self.AuditConf('localhost', 22)
 		conf.colors = False
 		conf.batch = True
 		return conf
 	def test_resolve_error(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.gsock.addrinfodata['localhost#22'] = socket.gaierror(8, 'hostname nor servname provided, or not known')
 		s = self.ssh.Socket('localhost', 22)
 		conf = self._conf()
 		output_spy.begin()
 		with pytest.raises(SystemExit):
 			r = list(s._resolve(conf.ipvo))
 		lines = output_spy.flush()
 		assert len(lines) == 1
 		assert 'hostname nor servname provided' in lines[-1]
 	def test_resolve_hostname_without_records(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
 		vsocket.gsock.addrinfodata['localhost#22'] = []
 		s = self.ssh.Socket('localhost', 22)
 		conf = self._conf()
 		output_spy.begin()
 		r = list(s._resolve(conf.ipvo))
 		assert len(r) == 0
 	def test_resolve_ipv4(self, virtual_socket):
 		vsocket = virtual_socket
 		conf = self._conf()
 		conf.ipv4 = True
 		s = self.ssh.Socket('localhost', 22)
 		r = list(s._resolve(conf.ipvo))
 		assert len(r) == 1
 		assert r[0] == (socket.AF_INET, ('127.0.0.1', 22))
 	def test_resolve_ipv6(self, virtual_socket):
 		vsocket = virtual_socket
 		s = self.ssh.Socket('localhost', 22)
 		conf = self._conf()
 		conf.ipv6 = True
 		r = list(s._resolve(conf.ipvo))
 		assert len(r) == 1
 		assert r[0] == (socket.AF_INET6, ('::1', 22))
 	def test_resolve_ipv46_both(self, virtual_socket):
 		vsocket = virtual_socket
 		s = self.ssh.Socket('localhost', 22)
 		conf = self._conf()
 		r = list(s._resolve(conf.ipvo))
 		assert len(r) == 2
 		assert r[0] == (socket.AF_INET, ('127.0.0.1', 22))
 		assert r[1] == (socket.AF_INET6, ('::1', 22))
 	def test_resolve_ipv46_order(self, virtual_socket):
 		vsocket = virtual_socket
 		s = self.ssh.Socket('localhost', 22)
 		conf = self._conf()
 		conf.ipv4 = True
 		conf.ipv6 = True
 		r = list(s._resolve(conf.ipvo))
 		assert len(r) == 2
 		assert r[0] == (socket.AF_INET, ('127.0.0.1', 22))
 		assert r[1] == (socket.AF_INET6, ('::1', 22))
 		conf = self._conf()
 		conf.ipv6 = True
 		conf.ipv4 = True
 		r = list(s._resolve(conf.ipvo))
 		assert len(r) == 2
 		assert r[0] == (socket.AF_INET6, ('::1', 22))
 		assert r[1] == (socket.AF_INET, ('127.0.0.1', 22))
--- a/test/test_socket.py
+++ b/test/test_socket.py
@@ -0,0 +1,41 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 import socket
 import pytest
 # pylint: disable=attribute-defined-outside-init
 class TestSocket(object):
 	@pytest.fixture(autouse=True)
 	def init(self, ssh_audit):
 		self.ssh = ssh_audit.SSH
 	def test_invalid_host(self, virtual_socket):
 		with pytest.raises(ValueError):
 			s = self.ssh.Socket(None, 22)
 	def test_invalid_port(self, virtual_socket):
 		with pytest.raises(ValueError):
 			s = self.ssh.Socket('localhost', 'abc')
 		with pytest.raises(ValueError):
 			s = self.ssh.Socket('localhost', -1)
 		with pytest.raises(ValueError):
 			s = self.ssh.Socket('localhost', 0)
 		with pytest.raises(ValueError):
 			s = self.ssh.Socket('localhost', 65536)
 	def test_not_connected_socket(self, virtual_socket):
 		sock = self.ssh.Socket('localhost', 22)
 		banner, header, err = sock.get_banner()
 		assert banner is None
 		assert len(header) == 0
 		assert err == 'not connected'
 		s, e = sock.recv()
 		assert s == -1
 		assert e == 'not connected'
 		s, e = sock.send('nothing')
 		assert s == -1
 		assert e == 'not connected'
 		s, e = sock.send_packet()
 		assert s == -1
 		assert e == 'not connected'
--- a/test/test_software.py
+++ b/test/test_software.py
@@ -168,17 +168,17 @@ class TestSoftware(object):
 		assert s.display(True) == str(s)
 		assert s.display(False) == str(s)
 		assert repr(s) == '<Software(product=libssh, version=0.2)>'
-		s = ps('SSH-2.0-libssh-0.7.3')
+		s = ps('SSH-2.0-libssh-0.7.4')
 		assert s.vendor is None
 		assert s.product == 'libssh'
-		assert s.version == '0.7.3'
+		assert s.version == '0.7.4'
 		assert s.patch is None
 		assert s.os is None
-		assert str(s) == 'libssh 0.7.3'
+		assert str(s) == 'libssh 0.7.4'
 		assert str(s) == s.display()
 		assert s.display(True) == str(s)
 		assert s.display(False) == str(s)
-		assert repr(s) == '<Software(product=libssh, version=0.7.3)>'
+		assert repr(s) == '<Software(product=libssh, version=0.7.4)>'
 	def test_romsshell_software(self):
 		ps = lambda x: self.ssh.Software.parse(self.ssh.Banner.parse(x))  # noqa
--- a/test/test_ssh1.py
+++ b/test/test_ssh1.py
@@ -66,34 +66,51 @@ class TestSSH1(object):
 		assert fp.md5 == 'MD5:9d:26:f8:39:fc:20:9d:9b:ca:cc:4a:0f:e1:93:f5:96'
 		assert fp.sha256 == 'SHA256:vZdx3mhzbvVJmn08t/ruv8WDhJ9jfKYsCTuSzot+QIs'
-	def test_pkm_read(self):
+	def _assert_pkm_keys(self, pkm, skey, hkey):
-		pkm = self.ssh1.PublicKeyMessage.parse(self._pkm_payload())
+		b, e, m = skey
 		assert pkm is not None
 		assert pkm.cookie == b'\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
 		b, e, m = self._server_key()
 		assert pkm.server_key_bits == b
 		assert pkm.server_key_public_exponent == e
 		assert pkm.server_key_public_modulus == m
-		b, e, m = self._host_key()
+		b, e, m = hkey
 		assert pkm.host_key_bits == b
 		assert pkm.host_key_public_exponent == e
 		assert pkm.host_key_public_modulus == m
-		fp = self.ssh.Fingerprint(pkm.host_key_fingerprint_data)
+	
 	def _assert_pkm_fields(self, pkm, skey, hkey):
 		assert pkm is not None
 		assert pkm.cookie == b'\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
 		self._assert_pkm_keys(pkm, skey, hkey)
 		assert pkm.protocol_flags == 2
 		assert pkm.supported_ciphers_mask == 72
 		assert pkm.supported_ciphers == ['3des', 'blowfish']
 		assert pkm.supported_authentications_mask == 36
 		assert pkm.supported_authentications == ['rsa', 'tis']
 		fp = self.ssh.Fingerprint(pkm.host_key_fingerprint_data)
 		assert fp.md5 == 'MD5:9d:26:f8:39:fc:20:9d:9b:ca:cc:4a:0f:e1:93:f5:96'
 		assert fp.sha256 == 'SHA256:vZdx3mhzbvVJmn08t/ruv8WDhJ9jfKYsCTuSzot+QIs'
 	def test_pkm_init(self):
 		cookie = b'\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
 		pflags, cmask, amask = 2, 72, 36
 		skey, hkey = self._server_key(), self._host_key()
 		pkm = self.ssh1.PublicKeyMessage(cookie, skey, hkey, pflags, cmask, amask)
 		self._assert_pkm_fields(pkm, skey, hkey)
 		for skey2 in ([], [0], [0,1], [0,1,2,3]):
 			with pytest.raises(ValueError):
 				pkm = self.ssh1.PublicKeyMessage(cookie, skey2, hkey, pflags, cmask, amask)
 		for hkey2 in ([], [0], [0,1], [0,1,2,3]):
 			with pytest.raises(ValueError):
 				print(hkey2)
 				pkm = self.ssh1.PublicKeyMessage(cookie, skey, hkey2, pflags, cmask, amask)
 	def test_pkm_read(self):
 		pkm = self.ssh1.PublicKeyMessage.parse(self._pkm_payload())
 		self._assert_pkm_fields(pkm, self._server_key(), self._host_key())
 	def test_pkm_payload(self):
 		cookie = b'\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
-		skey = self._server_key()
+		skey, hkey = self._server_key(), self._host_key()
-		hkey = self._host_key()
+		pflags, cmask, amask = 2, 72, 36
 		pflags = 2
 		cmask = 72
 		amask = 36
 		pkm1 = self.ssh1.PublicKeyMessage(cookie, skey, hkey, pflags, cmask, amask)
 		pkm2 = self.ssh1.PublicKeyMessage.parse(self._pkm_payload())
 		assert pkm1.payload == pkm2.payload
@@ -108,7 +125,7 @@ class TestSSH1(object):
 		output_spy.begin()
 		self.audit(self._conf())
 		lines = output_spy.flush()
-		assert len(lines) == 10
+		assert len(lines) == 13
 	def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket):
 		vsocket = virtual_socket
@@ -121,7 +138,7 @@ class TestSSH1(object):
 		with pytest.raises(SystemExit):
 			self.audit(self._conf())
 		lines = output_spy.flush()
-		assert len(lines) == 4
+		assert len(lines) == 7
 		assert 'unknown message' in lines[-1]
 	def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket):
--- a/test/test_ssh_algorithm.py
+++ b/test/test_ssh_algorithm.py
@@ -0,0 +1,164 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 import pytest
 # pylint: disable=attribute-defined-outside-init
 class TestSSHAlgorithm(object):
 	@pytest.fixture(autouse=True)
 	def init(self, ssh_audit):
 		self.ssh = ssh_audit.SSH
 	def _tf(self, v, s=None):
 		return self.ssh.Algorithm.Timeframe().update(v, s)
 	def test_get_ssh_version(self):
 		def ver(v):
 			return self.ssh.Algorithm.get_ssh_version(v)
 		assert ver('7.5') == ('OpenSSH', '7.5', False)
 		assert ver('7.5C') == ('OpenSSH', '7.5', True)
 		assert ver('d2016.74') == ('Dropbear SSH', '2016.74', False)
 		assert ver('l10.7.4') == ('libssh', '0.7.4', False)
 		assert ver('')[1] == ''
 	def test_get_since_text(self):
 		def gst(v):
 			return self.ssh.Algorithm.get_since_text(v)
 		assert gst(['7.5']) == 'available since OpenSSH 7.5'
 		assert gst(['7.5C']) == 'available since OpenSSH 7.5 (client only)'
 		assert gst(['7.5,']) == 'available since OpenSSH 7.5'
 		assert gst(['d2016.73']) == 'available since Dropbear SSH 2016.73'
 		assert gst(['7.5,d2016.73']) == 'available since OpenSSH 7.5, Dropbear SSH 2016.73'
 		assert gst(['l10.7.4']) is None
 		assert gst([]) is None
 	def test_timeframe_creation(self):
 		# pylint: disable=line-too-long,too-many-statements
 		def cmp_tf(v, s, r):
 			assert str(self._tf(v, s)) == str(r)
 		cmp_tf(['6.2'], None, {'OpenSSH': ['6.2', None, '6.2', None]})
 		cmp_tf(['6.2'], True, {'OpenSSH': ['6.2', None, None, None]})
 		cmp_tf(['6.2'], False, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.2C'], None, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.2C'], True, {})
 		cmp_tf(['6.2C'], False, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.1,6.2C'], None, {'OpenSSH': ['6.1', None, '6.2', None]})
 		cmp_tf(['6.1,6.2C'], True, {'OpenSSH': ['6.1', None, None, None]})
 		cmp_tf(['6.1,6.2C'], False, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.2C,6.1'], None, {'OpenSSH': ['6.1', None, '6.2', None]})
 		cmp_tf(['6.2C,6.1'], True, {'OpenSSH': ['6.1', None, None, None]})
 		cmp_tf(['6.2C,6.1'], False, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.3,6.2C'], None, {'OpenSSH': ['6.3', None, '6.2', None]})
 		cmp_tf(['6.3,6.2C'], True, {'OpenSSH': ['6.3', None, None, None]})
 		cmp_tf(['6.3,6.2C'], False, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.2C,6.3'], None, {'OpenSSH': ['6.3', None, '6.2', None]})
 		cmp_tf(['6.2C,6.3'], True, {'OpenSSH': ['6.3', None, None, None]})
 		cmp_tf(['6.2C,6.3'], False, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.2', '6.6'], None, {'OpenSSH': ['6.2', '6.6', '6.2', '6.6']})
 		cmp_tf(['6.2', '6.6'], True, {'OpenSSH': ['6.2', '6.6', None, None]})
 		cmp_tf(['6.2', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']})
 		cmp_tf(['6.2C', '6.6'], None, {'OpenSSH': [None, '6.6', '6.2', '6.6']})
 		cmp_tf(['6.2C', '6.6'], True, {'OpenSSH': [None, '6.6', None, None]})
 		cmp_tf(['6.2C', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']})
 		cmp_tf(['6.1,6.2C', '6.6'], None, {'OpenSSH': ['6.1', '6.6', '6.2', '6.6']})
 		cmp_tf(['6.1,6.2C', '6.6'], True, {'OpenSSH': ['6.1', '6.6', None, None]})
 		cmp_tf(['6.1,6.2C', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']})
 		cmp_tf(['6.2C,6.1', '6.6'], None, {'OpenSSH': ['6.1', '6.6', '6.2', '6.6']})
 		cmp_tf(['6.2C,6.1', '6.6'], True, {'OpenSSH': ['6.1', '6.6', None, None]})
 		cmp_tf(['6.2C,6.1', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']})
 		cmp_tf(['6.3,6.2C', '6.6'], None, {'OpenSSH': ['6.3', '6.6', '6.2', '6.6']})
 		cmp_tf(['6.3,6.2C', '6.6'], True, {'OpenSSH': ['6.3', '6.6', None, None]})
 		cmp_tf(['6.3,6.2C', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']})
 		cmp_tf(['6.2C,6.3', '6.6'], None, {'OpenSSH': ['6.3', '6.6', '6.2', '6.6']})
 		cmp_tf(['6.2C,6.3', '6.6'], True, {'OpenSSH': ['6.3', '6.6', None, None]})
 		cmp_tf(['6.2C,6.3', '6.6'], False, {'OpenSSH': [None, None, '6.2', '6.6']})
 		cmp_tf(['6.2', '6.6', None], None, {'OpenSSH': ['6.2', '6.6', '6.2', None]})
 		cmp_tf(['6.2', '6.6', None], True, {'OpenSSH': ['6.2', '6.6', None, None]})
 		cmp_tf(['6.2', '6.6', None], False, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.2C', '6.6', None], None, {'OpenSSH': [None, '6.6', '6.2', None]})
 		cmp_tf(['6.2C', '6.6', None], True, {'OpenSSH': [None, '6.6', None, None]})
 		cmp_tf(['6.2C', '6.6', None], False, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.1,6.2C', '6.6', None], None, {'OpenSSH': ['6.1', '6.6', '6.2', None]})
 		cmp_tf(['6.1,6.2C', '6.6', None], True, {'OpenSSH': ['6.1', '6.6', None, None]})
 		cmp_tf(['6.1,6.2C', '6.6', None], False, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.2C,6.1', '6.6', None], None, {'OpenSSH': ['6.1', '6.6', '6.2', None]})
 		cmp_tf(['6.2C,6.1', '6.6', None], True, {'OpenSSH': ['6.1', '6.6', None, None]})
 		cmp_tf(['6.2C,6.1', '6.6', None], False, {'OpenSSH': [None, None, '6.2', None]})
 		cmp_tf(['6.2,6.3C', '6.6', None], None, {'OpenSSH': ['6.2', '6.6', '6.3', None]})
 		cmp_tf(['6.2,6.3C', '6.6', None], True, {'OpenSSH': ['6.2', '6.6', None, None]})
 		cmp_tf(['6.2,6.3C', '6.6', None], False, {'OpenSSH': [None, None, '6.3', None]})
 		cmp_tf(['6.3C,6.2', '6.6', None], None, {'OpenSSH': ['6.2', '6.6', '6.3', None]})
 		cmp_tf(['6.3C,6.2', '6.6', None], True, {'OpenSSH': ['6.2', '6.6', None, None]})
 		cmp_tf(['6.3C,6.2', '6.6', None], False, {'OpenSSH': [None, None, '6.3', None]})
 		cmp_tf(['6.2', '6.6', '7.1'], None, {'OpenSSH': ['6.2', '6.6', '6.2', '7.1']})
 		cmp_tf(['6.2', '6.6', '7.1'], True, {'OpenSSH': ['6.2', '6.6', None, None]})
 		cmp_tf(['6.2', '6.6', '7.1'], False, {'OpenSSH': [None, None, '6.2', '7.1']})
 		cmp_tf(['6.1,6.2C', '6.6', '7.1'], None, {'OpenSSH': ['6.1', '6.6', '6.2', '7.1']})
 		cmp_tf(['6.1,6.2C', '6.6', '7.1'], True, {'OpenSSH': ['6.1', '6.6', None, None]})
 		cmp_tf(['6.1,6.2C', '6.6', '7.1'], False, {'OpenSSH': [None, None, '6.2', '7.1']})
 		cmp_tf(['6.2C,6.1', '6.6', '7.1'], None, {'OpenSSH': ['6.1', '6.6', '6.2', '7.1']})
 		cmp_tf(['6.2C,6.1', '6.6', '7.1'], True, {'OpenSSH': ['6.1', '6.6', None, None]})
 		cmp_tf(['6.2C,6.1', '6.6', '7.1'], False, {'OpenSSH': [None, None, '6.2', '7.1']})
 		cmp_tf(['6.2,6.3C', '6.6', '7.1'], None, {'OpenSSH': ['6.2', '6.6', '6.3', '7.1']})
 		cmp_tf(['6.2,6.3C', '6.6', '7.1'], True, {'OpenSSH': ['6.2', '6.6', None, None]})
 		cmp_tf(['6.2,6.3C', '6.6', '7.1'], False, {'OpenSSH': [None, None, '6.3', '7.1']})
 		cmp_tf(['6.3C,6.2', '6.6', '7.1'], None, {'OpenSSH': ['6.2', '6.6', '6.3', '7.1']})
 		cmp_tf(['6.3C,6.2', '6.6', '7.1'], True, {'OpenSSH': ['6.2', '6.6', None, None]})
 		cmp_tf(['6.3C,6.2', '6.6', '7.1'], False, {'OpenSSH': [None, None, '6.3', '7.1']})
 		tf1 = self._tf(['6.1,d2016.72,6.2C', '6.6,d2016.73', '7.1,d2016.74'])
 		tf2 = self._tf(['d2016.72,6.2C,6.1', 'd2016.73,6.6', 'd2016.74,7.1'])
 		tf3 = self._tf(['d2016.72,6.2C,6.1', '6.6,d2016.73', '7.1,d2016.74'])
 		# check without caring for output order
 		ov = "'OpenSSH': ['6.1', '6.6', '6.2', '7.1']"
 		dv = "'Dropbear SSH': ['2016.72', '2016.73', '2016.72', '2016.74']"
 		assert len(str(tf1)) == len(str(tf2)) == len(str(tf3))
 		assert ov in str(tf1) and ov in str(tf2) and ov in str(tf3)
 		assert dv in str(tf1) and dv in str(tf2) and dv in str(tf3)
 		assert ov in repr(tf1) and ov in repr(tf2) and ov in repr(tf3)
 		assert dv in repr(tf1) and dv in repr(tf2) and dv in repr(tf3)
 	def test_timeframe_object(self):
 		tf = self._tf(['6.1,6.2C', '6.6', '7.1'])
 		assert 'OpenSSH' in tf
 		assert 'Dropbear SSH' not in tf
 		assert 'libssh' not in tf
 		assert 'unknown' not in tf
 		assert tf['OpenSSH'] == ('6.1', '6.6', '6.2', '7.1')
 		assert tf['Dropbear SSH'] == (None, None, None, None)
 		assert tf['libssh'] == (None, None, None, None)
 		assert tf['unknown'] == (None, None, None, None)
 		assert tf.get_from('OpenSSH', True) == '6.1'
 		assert tf.get_till('OpenSSH', True) == '6.6'
 		assert tf.get_from('OpenSSH', False) == '6.2'
 		assert tf.get_till('OpenSSH', False) == '7.1'
 		tf = self._tf(['6.1,d2016.72,6.2C', '6.6,d2016.73', '7.1,d2016.74'])
 		assert 'OpenSSH' in tf
 		assert 'Dropbear SSH' in tf
 		assert 'libssh' not in tf
 		assert 'unknown' not in tf
 		assert tf['OpenSSH'] == ('6.1', '6.6', '6.2', '7.1')
 		assert tf['Dropbear SSH'] == ('2016.72', '2016.73', '2016.72', '2016.74')
 		assert tf['libssh'] == (None, None, None, None)
 		assert tf['unknown'] == (None, None, None, None)
 		assert tf.get_from('OpenSSH', True) == '6.1'
 		assert tf.get_till('OpenSSH', True) == '6.6'
 		assert tf.get_from('OpenSSH', False) == '6.2'
 		assert tf.get_till('OpenSSH', False) == '7.1'
 		assert tf.get_from('Dropbear SSH', True) == '2016.72'
 		assert tf.get_till('Dropbear SSH', True) == '2016.73'
 		assert tf.get_from('Dropbear SSH', False) == '2016.72'
 		assert tf.get_till('Dropbear SSH', False) == '2016.74'
 		ov = "'OpenSSH': ['6.1', '6.6', '6.2', '7.1']"
 		dv = "'Dropbear SSH': ['2016.72', '2016.73', '2016.72', '2016.74']"
 		assert ov in str(tf)
 		assert dv in str(tf)
 		assert ov in repr(tf)
 		assert dv in repr(tf)
--- a/test/test_utils.py
+++ b/test/test_utils.py
@@ -0,0 +1,218 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 import sys
 import pytest
 # pylint: disable=attribute-defined-outside-init
 class TestUtils(object):
 	@pytest.fixture(autouse=True)
 	def init(self, ssh_audit):
 		self.utils = ssh_audit.Utils
 		self.PY3 = sys.version_info >= (3,)
 	def test_to_bytes_py2(self):
 		if self.PY3:
 			return
 		# binary_type (native str, bytes as str)
 		assert self.utils.to_bytes('fran\xc3\xa7ais') == 'fran\xc3\xa7ais'
 		assert self.utils.to_bytes(b'fran\xc3\xa7ais') == 'fran\xc3\xa7ais'
 		# text_type (unicode)
 		assert self.utils.to_bytes(u'fran\xe7ais') == 'fran\xc3\xa7ais'
 		# other
 		with pytest.raises(TypeError):
 			self.utils.to_bytes(123)
 	def test_to_bytes_py3(self):
 		if not self.PY3:
 			return
 		# binary_type (bytes)
 		assert self.utils.to_bytes(b'fran\xc3\xa7ais') == b'fran\xc3\xa7ais'
 		# text_type (native str as unicode, unicode)
 		assert self.utils.to_bytes('fran\xe7ais') == b'fran\xc3\xa7ais'
 		assert self.utils.to_bytes(u'fran\xe7ais') == b'fran\xc3\xa7ais'
 		# other
 		with pytest.raises(TypeError):
 			self.utils.to_bytes(123)
 	def test_to_utext_py2(self):
 		if self.PY3:
 			return
 		# binary_type (native str, bytes as str)
 		assert self.utils.to_utext('fran\xc3\xa7ais') == u'fran\xe7ais'
 		assert self.utils.to_utext(b'fran\xc3\xa7ais') == u'fran\xe7ais'
 		# text_type (unicode)
 		assert self.utils.to_utext(u'fran\xe7ais') == u'fran\xe7ais'
 		# other
 		with pytest.raises(TypeError):
 			self.utils.to_utext(123)
 	def test_to_utext_py3(self):
 		if not self.PY3:
 			return
 		# binary_type (bytes)
 		assert self.utils.to_utext(b'fran\xc3\xa7ais') == u'fran\xe7ais'
 		# text_type (native str as unicode, unicode)
 		assert self.utils.to_utext('fran\xe7ais') == 'fran\xe7ais'
 		assert self.utils.to_utext(u'fran\xe7ais') == u'fran\xe7ais'
 		# other
 		with pytest.raises(TypeError):
 			self.utils.to_utext(123)
 	def test_to_ntext_py2(self):
 		if self.PY3:
 			return
 		# str (native str, bytes as str)
 		assert self.utils.to_ntext('fran\xc3\xa7ais') == 'fran\xc3\xa7ais'
 		assert self.utils.to_ntext(b'fran\xc3\xa7ais') == 'fran\xc3\xa7ais'
 		# text_type (unicode)
 		assert self.utils.to_ntext(u'fran\xe7ais') == 'fran\xc3\xa7ais'
 		# other
 		with pytest.raises(TypeError):
 			self.utils.to_ntext(123)
 	def test_to_ntext_py3(self):
 		if not self.PY3:
 			return
 		# str (native str)
 		assert self.utils.to_ntext('fran\xc3\xa7ais') == 'fran\xc3\xa7ais'
 		assert self.utils.to_ntext(u'fran\xe7ais') == 'fran\xe7ais'
 		# binary_type (bytes)
 		assert self.utils.to_ntext(b'fran\xc3\xa7ais') == 'fran\xe7ais'
 		# other
 		with pytest.raises(TypeError):
 			self.utils.to_ntext(123)
 	def test_is_ascii_py2(self):
 		if self.PY3:
 			return
 		# text_type (unicode)
 		assert self.utils.is_ascii(u'francais') is True
 		assert self.utils.is_ascii(u'fran\xe7ais') is False
 		# str
 		assert self.utils.is_ascii('francais') is True
 		assert self.utils.is_ascii('fran\xc3\xa7ais') is False
 		# other
 		assert self.utils.is_ascii(123) is False
 	def test_is_ascii_py3(self):
 		if not self.PY3:
 			return
 		# text_type (str)
 		assert self.utils.is_ascii('francais') is True
 		assert self.utils.is_ascii(u'francais') is True
 		assert self.utils.is_ascii('fran\xe7ais') is False
 		assert self.utils.is_ascii(u'fran\xe7ais') is False
 		# other
 		assert self.utils.is_ascii(123) is False
 	def test_to_ascii_py2(self):
 		if self.PY3:
 			return
 		# text_type (unicode)
 		assert self.utils.to_ascii(u'francais') == 'francais'
 		assert self.utils.to_ascii(u'fran\xe7ais') == 'fran?ais'
 		assert self.utils.to_ascii(u'fran\xe7ais', 'ignore') == 'franais'
 		# str
 		assert self.utils.to_ascii('francais') == 'francais'
 		assert self.utils.to_ascii('fran\xc3\xa7ais') == 'fran??ais'
 		assert self.utils.to_ascii('fran\xc3\xa7ais', 'ignore') == 'franais'
 		with pytest.raises(TypeError):
 			self.utils.to_ascii(123)
 	def test_to_ascii_py3(self):
 		if not self.PY3:
 			return
 		# text_type (str)
 		assert self.utils.to_ascii('francais') == 'francais'
 		assert self.utils.to_ascii(u'francais') == 'francais'
 		assert self.utils.to_ascii('fran\xe7ais') == 'fran?ais'
 		assert self.utils.to_ascii('fran\xe7ais', 'ignore') == 'franais'
 		assert self.utils.to_ascii(u'fran\xe7ais') == 'fran?ais'
 		assert self.utils.to_ascii(u'fran\xe7ais', 'ignore') == 'franais'
 		with pytest.raises(TypeError):
 			self.utils.to_ascii(123)
 	def test_is_print_ascii_py2(self):
 		if self.PY3:
 			return
 		# text_type (unicode)
 		assert self.utils.is_print_ascii(u'francais') is True
 		assert self.utils.is_print_ascii(u'francais\n') is False
 		assert self.utils.is_print_ascii(u'fran\xe7ais') is False
 		assert self.utils.is_print_ascii(u'fran\xe7ais\n') is False
 		# str
 		assert self.utils.is_print_ascii('francais') is True
 		assert self.utils.is_print_ascii('francais\n') is False
 		assert self.utils.is_print_ascii('fran\xc3\xa7ais') is False
 		# other
 		assert self.utils.is_print_ascii(123) is False
 	def test_is_print_ascii_py3(self):
 		if not self.PY3:
 			return
 		# text_type (str)
 		assert self.utils.is_print_ascii('francais') is True
 		assert self.utils.is_print_ascii('francais\n') is False
 		assert self.utils.is_print_ascii(u'francais') is True
 		assert self.utils.is_print_ascii(u'francais\n') is False
 		assert self.utils.is_print_ascii('fran\xe7ais') is False
 		assert self.utils.is_print_ascii(u'fran\xe7ais') is False
 		# other
 		assert self.utils.is_print_ascii(123) is False
 	def test_to_print_ascii_py2(self):
 		if self.PY3:
 			return
 		# text_type (unicode)
 		assert self.utils.to_print_ascii(u'francais') == 'francais'
 		assert self.utils.to_print_ascii(u'francais\n') == 'francais?'
 		assert self.utils.to_print_ascii(u'fran\xe7ais') == 'fran?ais'
 		assert self.utils.to_print_ascii(u'fran\xe7ais\n') == 'fran?ais?'
 		assert self.utils.to_print_ascii(u'fran\xe7ais', 'ignore') == 'franais'
 		assert self.utils.to_print_ascii(u'fran\xe7ais\n', 'ignore') == 'franais'
 		# str
 		assert self.utils.to_print_ascii('francais') == 'francais'
 		assert self.utils.to_print_ascii('francais\n') == 'francais?'
 		assert self.utils.to_print_ascii('fran\xc3\xa7ais') == 'fran??ais'
 		assert self.utils.to_print_ascii('fran\xc3\xa7ais\n') == 'fran??ais?'
 		assert self.utils.to_print_ascii('fran\xc3\xa7ais', 'ignore') == 'franais'
 		assert self.utils.to_print_ascii('fran\xc3\xa7ais\n', 'ignore') == 'franais'
 		with pytest.raises(TypeError):
 			self.utils.to_print_ascii(123)
 	def test_to_print_ascii_py3(self):
 		if not self.PY3:
 			return
 		# text_type (str)
 		assert self.utils.to_print_ascii('francais') == 'francais'
 		assert self.utils.to_print_ascii('francais\n') == 'francais?'
 		assert self.utils.to_print_ascii(u'francais') == 'francais'
 		assert self.utils.to_print_ascii(u'francais\n') == 'francais?'
 		assert self.utils.to_print_ascii('fran\xe7ais') == 'fran?ais'
 		assert self.utils.to_print_ascii('fran\xe7ais\n') == 'fran?ais?'
 		assert self.utils.to_print_ascii('fran\xe7ais', 'ignore') == 'franais'
 		assert self.utils.to_print_ascii('fran\xe7ais\n', 'ignore') == 'franais'
 		assert self.utils.to_print_ascii(u'fran\xe7ais') == 'fran?ais'
 		assert self.utils.to_print_ascii(u'fran\xe7ais\n') == 'fran?ais?'
 		assert self.utils.to_print_ascii(u'fran\xe7ais', 'ignore') == 'franais'
 		assert self.utils.to_print_ascii(u'fran\xe7ais\n', 'ignore') == 'franais'
 		with pytest.raises(TypeError):
 			self.utils.to_print_ascii(123)
 	def test_ctoi(self):
 		assert self.utils.ctoi(123) == 123
 		assert self.utils.ctoi('ABC') == 65
 	def test_parse_int(self):
 		assert self.utils.parse_int(123) == 123
 		assert self.utils.parse_int('123') == 123
 		assert self.utils.parse_int(-123) == -123
 		assert self.utils.parse_int('-123') == -123
 		assert self.utils.parse_int('abc') == 0
 	def test_unique_seq(self):
 		assert self.utils.unique_seq((1, 2, 2, 3, 3, 3)) == (1, 2, 3)
 		assert self.utils.unique_seq((3, 3, 3, 2, 2, 1)) == (3, 2, 1)
 		assert self.utils.unique_seq([1, 2, 2, 3, 3, 3]) == [1, 2, 3]
 		assert self.utils.unique_seq([3, 3, 3, 2, 2, 1]) == [3, 2, 1]
--- a/test/test_version_compare.py
+++ b/test/test_version_compare.py
@@ -200,7 +200,7 @@ class TestVersionCompare(object):
 			versions.append('0.5.{0}'.format(i))
 		for i in range(0, 6):
 			versions.append('0.6.{0}'.format(i))
-		for i in range(0, 4):
+		for i in range(0, 5):
 			versions.append('0.7.{0}'.format(i))
 		l = len(versions)
 		for i in range(l):
--- a/test/tools/ci-linux.sh
+++ b/test/tools/ci-linux.sh
@@ -0,0 +1,412 @@
 #!/bin/sh
 CI_VERBOSE=1
 ci_err_msg() { echo "[ci] error: $1" >&2; }
 ci_err() { [ $1 -ne 0 ] && ci_err_msg "$2" && exit 1; }
 ci_is_osx() { [ X"$(uname -s)" == X"Darwin" ]; }
 ci_get_pypy_ver() {
 	local _v="$1"
 	[ -z "$_v" ] && _v=$(python -V 2>&1)
 	case "$_v" in
 		pypy-*|pypy2-*|pypy3-*|pypy3.*) echo "$_v"; return 0 ;;
 		pypy|pypy2|pypy3) echo "$_v-unknown"; return 0 ;;
 	esac
 	echo "$_v" | tail -1 | grep -qi pypy
 	if [ $? -eq 0 ]; then
 		local _py_ver=$(echo "$_v" | head -1 | cut -d ' ' -sf 2)
 		local _pypy_ver=$(echo "$_v" | tail -1 | cut -d ' ' -sf 2)
 		[ -z "${_py_ver} " ] && _py_ver=2
 		[ -z "${_pypy_ver}" ] && _pypy_ver="unknown"
 		case "${_py_ver}" in
 			2*) echo "pypy-${_pypy_ver}" ;;
 			3.3*) echo "pypy3.3-${_pypy_ver}" ;;
 			3.5*) echo "pypy3.5-${_pypy_ver}" ;;
 			*) echo "pypy3-${_pypy_ver}" ;;
 		esac
 		return 0
 	else
 		return 1
 	fi
 }
 ci_get_py_ver() {
 	local _v
 	case "$1" in
 		py26) _v=2.6.9 ;;
 		py27) _v=2.7.13 ;;
 		py33) _v=3.3.6 ;;
 		py34) _v=3.4.6 ;;
 		py35) _v=3.5.3 ;;
 		py36) _v=3.6.1 ;;
 		py37) _v=3.7-dev ;;
 		pypy) ci_is_osx && _v=pypy2-5.7.0 || _v=pypy-portable-5.7.0 ;;
 		pypy3) ci_is_osx && _v=pypy3.3-5.5-alpha || _v=pypy3-portable-5.7.0 ;;
 		*)
 			[ -z "$1" ] && set -- "$(python -V 2>&1)"
 			_v=$(ci_get_pypy_ver "$1")
 			[ -z "$_v" ] && _v=$(echo "$_v" | head -1 | cut -d ' ' -sf 2)
 			;;
 	esac
 	echo "${_v}"
 	return 0
 }
 ci_get_py_env() {
 	[ -z "$1" ] && set -- "$(python -V 2>&1)"
 	case "$(ci_get_pypy_ver "$1")" in
 		pypy|pypy2|pypy-*|pypy2-*) echo "pypy" ;;
 		pypy3|pypy3*) echo "pypy3" ;;
 		*)
 			local _v=$(echo "$1" | head -1 | sed -e 's/[^0-9]//g' | cut -c1-2)
 			echo "py${_v}"
 	esac
 	return 0
 }
 ci_pyenv_setup() {
 	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] install pyenv"
 	rm -rf ~/.pyenv
 	git clone --depth 1 https://github.com/yyuu/pyenv.git ~/.pyenv
 	PYENV_ROOT=$HOME/.pyenv
 	PATH="$HOME/.pyenv/bin:$PATH"
 	eval "$(pyenv init -)"
 	ci_err $? "failed to init pyenv"
 	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] pyenv init: $(pyenv -v 2>&1)"
 	return 0
 }
 ci_pyenv_install() {
 	CI_PYENV_CACHE=~/.pyenv.cache
 	type pyenv > /dev/null 2>&1
 	ci_err $? "pyenv not found"
 	local _py_ver=$(ci_get_py_ver "$1")
 	local _py_env=$(ci_get_py_env "${_py_ver}")
 	local _nocache
 	case "${_py_env}" in
 		py37) _nocache=1 ;;
 	esac
 	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] pyenv install: ${_py_env}/${_py_ver}"
 	[ -z "${PYENV_ROOT}" ] && PYENV_ROOT="$HOME/.pyenv"
 	local _py_ver_dir="${PYENV_ROOT}/versions/${_py_ver}"
 	local _py_ver_cached_dir="${CI_PYENV_CACHE}/${_py_ver}"
 	if [ -z "${_nocache}" ]; then
 		if [ ! -d "${_py_ver_dir}" ]; then
 			if [ -d "${_py_ver_cached_dir}" ]; then
 				[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] pyenv reuse ${_py_ver}"
 				ln -s "${_py_ver_cached_dir}" "${_py_ver_dir}"
 			fi
 		fi
 	fi
 	if [ ! -d "${_py_ver_dir}" ]; then
 		pyenv install -s "${_py_ver}"
 		ci_err $? "pyenv failed to install ${_py_ver}"
 		if [ -z "${_nocache}" ]; then
 			[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] pyenv cache ${_py_ver}"
 			rm -rf -- "${_py_ver_cached_dir}"
 			mkdir -p -- "${CI_PYENV_CACHE}"
 			mv "${_py_ver_dir}" "${_py_ver_cached_dir}"
 			ln -s "${_py_ver_cached_dir}" "${_py_ver_dir}"
 		fi
 	fi
 	pyenv rehash
 	return 0
 }
 ci_pyenv_use() {
 	type pyenv > /dev/null 2>&1
 	ci_err $? "pyenv not found"
 	local _py_ver=$(ci_get_py_ver "$1")
 	pyenv shell "${_py_ver}"
 	ci_err $? "pyenv could not use ${_py_ver}"
 	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] pyenv using python: $(python -V 2>&1)"
 	return 0
 }
 ci_pip_setup() {
 	local _py_ver=$(ci_get_py_ver "$1")
 	local _py_env=$(ci_get_py_env "${_py_ver}")
 	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] install pip/venv for ${_py_env}/${_py_ver}"
 	PIPOPT=$(python -c 'import sys; print("" if hasattr(sys, "real_prefix") else "--user")')
 	if [ -z "${_py_env##py2*}" ]; then
 		curl -O https://bootstrap.pypa.io/get-pip.py
 		python get-pip.py ${PIPOPT}
 		ci_err $? "failed to install pip"
 	fi
 	if [ X"${_py_env}" == X"py26" ]; then
 	  python -c 'import pip; pip.main();' install ${PIPOPT} -U pip virtualenv
 	else
 	  python -m pip install ${PIPOPT} -U pip virtualenv
 	fi
 	ci_err $? "failed to upgrade pip/venv" || return 0
 }
 ci_venv_setup() {
 	local _py_ver=$(ci_get_py_ver "$1")
 	local _py_env=$(ci_get_py_env "${_py_ver}")
 	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] create venv for ${_py_env}/${_py_ver}"
 	local VENV_DIR=~/.venv/${_py_ver}
 	mkdir -p -- ~/.venv
 	rm -rf -- "${VENV_DIR}"
 	if [ X"${_py_env}" == X"py26" ]; then
 	  python -c 'import virtualenv; virtualenv.main();' "${VENV_DIR}"
 	else
 	  python -m virtualenv "${VENV_DIR}"
 	fi
 	ci_err $? "failed to create venv" || return 0
 }
 ci_venv_use() {
 	local _py_ver=$(ci_get_py_ver "$1")
 	local _py_env=$(ci_get_py_env "${_py_ver}")
 	local VENV_DIR=~/.venv/${_py_ver}
 	. "${VENV_DIR}/bin/activate"
 	ci_err $? "could not actiavte virtualenv"
 	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] venv using python: $(python -V 2>&1)"
 	return 0
 }
 ci_get_filedir() {
 	local _sdir=$(cd -- "$(dirname "$0")" && pwd)
 	local _pdir=$(pwd)
 	if [ -z "${_pdir##${_sdir}*}" ]; then
 		_sdir="${_pdir}"
 	fi
 	local _first=1
 	while [ X"${_sdir}" != X"/" ]; do
 		if [ ${_first} -eq 1 ]; then
 			_first=0
 			local _f=$(find "${_sdir}" -name "$1" | head -1)
 			if [ -n "${_f}" ]; then
 				echo $(dirname -- "${_f}")
 				return 0
 			fi
 		else
 			_f=$(find "${_sdir}" -mindepth 1 -maxdepth 1 -name "$1" | head -1)
 		fi
 		[ -n "${_f}" ] && echo "${_sdir}" && return 0
 		_sdir=$(cd -- "${_sdir}/.." && pwd)
 	done
 	return 1
 }
 ci_sq_ensure_java() {
 	type java >/dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		ci_err_msg "java not found"
 		return 1
 	fi
 	local _java_ver=$(java -version 2>&1 | head -1 | sed -e 's/[^0-9\._]//g')
 	if [ -z "${_java_ver##1.8*}" ]; then
 		return 0
 	fi
 	ci_err_msg "unsupported java version: ${_java_ver}"
 	return 1
 }
 ci_sq_ensure_scanner() {
 	local _cli_version="3.0.0.702"
 	local _cli_basedir="$HOME/.bin"
 	local _cli_postfix=""
 	case "$(uname -s)" in
 		Linux)
 			[ X"$(uname -m)" = X"x86_64" ] && _cli_postfix="-linux"
 			[ X"$(uname -m)" = X"amd64" ] && _cli_postfix="-linux"
 			;;
 		Darwin) _cli_postfix="-macosx" ;;
 	esac
 	if [ X"${_cli_postfix}" = X"" ]; then
 		ci_sq_ensure_java || return 1
 	fi
 	if [ X"${SONAR_SCANNER_PATH}" != X"" ]; then
 		if [ -e "${SONAR_SCANNER_PATH}" ]; then
 			return 0
 		fi
 	fi
 	local _cli_fname="sonar-scanner-cli-${_cli_version}${_cli_postfix}"
 	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] ensure scanner ${_cli_fname}"
 	local _cli_dname="sonar-scanner-${_cli_version}${_cli_postfix}"
 	local _cli_archive="${_cli_basedir}/${_cli_fname}.zip"
 	local _cli_dir="${_cli_basedir}/${_cli_dname}"
 	local _cli_url="https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/${_cli_fname}.zip"
 	if [ ! -e "${_cli_archive}" ]; then
 		mkdir -p -- "${_cli_basedir}" > /dev/null 2>&1
 		if [ $? -ne 0 ]; then
 			ci_err_msg "could not create ${_cli_basedir}"
 			return 1
 		fi
 		[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] downloading ${_cli_fname}"
 		curl -kL -o "${_cli_archive}" "${_cli_url}"
 		[ $? -ne 0 ] && ci_err_msg "download failed" && return 1
 		[ ! -e "${_cli_archive}" ] && ci_err_msg "download verify" && return 1
 	fi
 	if [ ! -d "${_cli_dir}" ]; then
 		[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] extracting ${_cli_fname}"
 		unzip -od "${_cli_basedir}" "${_cli_archive}"
 		[ $? -ne 0 ] && ci_err_msg "extract failed" && return 1
 		[ ! -d "${_cli_dir}" ] && ci_err_msg "extract verify" && return 1
 	fi
 	if [ ! -e "${_cli_dir}/bin/sonar-scanner" ]; then
 		ci_err_msg "sonar-scanner binary not found."
 		return 1
 	fi
 	SONAR_SCANNER_PATH="${_cli_dir}/bin/sonar-scanner"
 	return 0
 }
 ci_sq_run() {
 	if [ X"${SONAR_SCANNER_PATH}" = X"" ]; then
 		ci_err_msg "environment variable SONAR_SCANNER_PATH not set"
 		return 1
 	fi
 	if [ X"${SONAR_HOST_URL}" = X"" ]; then
 		ci_err_msg "environment variable SONAR_HOST_URL not set"
 		return 1
 	fi
 	if [ X"${SONAR_AUTH_TOKEN}" = X"" ]; then
 		ci_err_msg "environment variable SONAR_AUTH_TOKEN not set"
 		return 1
 	fi
 	local _pdir=$(ci_get_filedir "ssh-audit.py")
 	if [ -z "${_pdir}" ]; then
 		ci_err_msg "failed to find project directory"
 		return 1
 	fi
 	local _odir=$(pwd)
 	cd -- "${_pdir}"
 	local _branch=$(git name-rev --name-only HEAD | cut -d '~' -f 1)
 	case "${_branch}" in
 		master) ;;
 		develop) ;;
 		*) ci_err_msg "unknown branch: ${_branch}"; return 1 ;;
 	esac
 	local _junit=$(cd -- "${_pdir}" && ls -1 reports/junit.*.xml | sort -r | head -1)
 	if [ X"${_junit}" = X"" ]; then
 		ci_err_msg "no junit.xml found"
 		return 1
 	fi
 	local _project_ver=$(grep VERSION ssh-audit.py | head -1 | cut -d "'" -f 2)
 	if [ -z "${_project_ver}" ]; then
 		ci_err_msg "failed to get project version"
 		return 1
 	fi
 	if [ -z "${_project_ver##*dev}" ]; then
 		local _git_commit=$(git rev-parse --short=8 HEAD)
 		_project_ver="${_project_ver}.${_git_commit}"
 	fi
 	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] run sonar-scanner for ${_project_ver}"
 	"${SONAR_SCANNER_PATH}" -X \
 		-Dsonar.projectKey=arthepsy-github:ssh-audit \
 		-Dsonar.sources=ssh-audit.py \
 		-Dsonar.tests=test \
 		-Dsonar.test.inclusions=test/*.py \
 		-Dsonar.host.url="${SONAR_HOST_URL}" \
 		-Dsonar.projectName=ssh-audit \
 		-Dsonar.projectVersion="${_project_ver}" \
 		-Dsonar.branch="${_branch}" \
 		-Dsonar.python.coverage.overallReportPath=reports/coverage.xml \
 		-Dsonar.python.xunit.reportPath="${_junit}" \
 		-Dsonar.organization=arthepsy-github \
 		-Dsonar.login="${SONAR_AUTH_TOKEN}"
 	cd -- "${_odir}"
 	return 0
 }
 ci_run_wrapped() {
 	local _versions=$(echo "${PY_VER}" | sed -e 's/,/ /g')
 	[ -z "${_versions}" ] && eval "$1"
 	for _i in ${_versions}; do
 		local _v=$(echo "$_i" | cut -d '/' -f 1)
 		local _o=$(echo "$_i" | cut -d '/' -sf 2)
 		[ -z "${_o}" ] && _o="${PY_ORIGIN}"
 		eval "$1" "${_v}" "${_o}" || return 1
 	done
 	return 0
 }
 ci_step_before_install_wrapped() {
 	local _py_ver="$1"
 	local _py_ori="$2"
 	case "${_py_ori}" in
 		pyenv)
 			if [ "${CI_PYENV_SETUP}" -eq 0 ]; then
 				ci_pyenv_setup
 				CI_PYENV_SETUP=1
 			fi
 			ci_pyenv_install "${_py_ver}" || return 1
 			ci_pyenv_use "${_py_ver}" || return 1
 			;;
 	esac
 	ci_pip_setup "${_py_ver}" || return 1
 	ci_venv_setup "${_py_ver}" || return 1
 	return 0
 }
 ci_step_before_install() {
 	if ci_is_osx; then
 		[ ${CI_VERBOSE} -gt 0 ] && sw_vers
 		brew update || brew update
 		brew install autoconf pkg-config openssl readline xz
 		brew upgrade autoconf pkg-config openssl readline xz
 		PY_ORIGIN=pyenv
 	fi
 	CI_PYENV_SETUP=0
 	ci_run_wrapped "ci_step_before_install_wrapped" || return 1
 	if [ "${CI_PYENV_SETUP}" -eq 1 ]; then
 		pyenv shell --unset
 		[ ${CI_VERBOSE} -gt 0 ] && pyenv versions
 	fi
 	return 0
 }
 ci_step_install_wrapped() {
 	local _py_ver="$1"
 	ci_venv_use "${_py_ver}"
 	pip install -U tox coveralls codecov
 	ci_err $? "failed to install dependencies" || return 0
 }
 ci_step_script_wrapped() {
 	local _py_ver="$1"
 	local _py_ori="$2"
 	local _py_env=$(ci_get_py_env "${_py_ver}")
 	ci_venv_use "${_py_ver}" || return 1
 	if [ -z "${_py_env##*py3*}" ]; then
 		if [ -z "${_py_env##*pypy3*}" ]; then
 			# NOTE: workaround for travis environment
 			_pydir=$(dirname $(which python))
 			ln -s -- "${_pydir}/python" "${_pydir}/pypy3"
 			# NOTE: do not lint, as it hangs when flake8 is run
 			# NOTE: do not type, as it can't install dependencies
 			TOXENV=${_py_env}-test
 		else
 			TOXENV=${_py_env}-test,${_py_env}-type,${_py_env}-lint
 		fi
 	else
 		# NOTE: do not type, as it isn't supported on py2x
 		TOXENV=${_py_env}-test,${_py_env}-lint
 	fi
 	tox -e $TOXENV,cov
 	ci_err $? "tox failed" || return 0
 }
 ci_step_success_wrapped() {
 	local _py_ver="$1"
 	local _py_ori="$2"
 	if [ X"${SQ}" = X"1" ]; then
 		ci_sq_ensure_scanner && ci_sq_run
 	fi
 	ci_venv_use "${_py_ver}" || return 1
 	coveralls
 	codecov
 }
 ci_step_failure() { 
 	cat .tox/log/*
 	cat .tox/*/log/*
 }
 ci_step_install() { ci_run_wrapped "ci_step_install_wrapped"; }
 ci_step_script() { ci_run_wrapped "ci_step_script_wrapped"; }
 ci_step_success() { ci_run_wrapped "ci_step_success_wrapped"; }
--- a/test/tools/ci-win.cmd
+++ b/test/tools/ci-win.cmd
@@ -0,0 +1,131 @@
@ECHO OFF
 IF "%PYTHON%" == "" (
 	ECHO PYTHON environment variable not set
 	EXIT 1
 )
 SET PATH=%PYTHON%;%PYTHON%\\Scripts;%PATH%"
 FOR /F %%i IN ('python -c "import platform; print(platform.python_version());"') DO (
 	SET PYTHON_VERSION=%%i
 )
 SET PYTHON_VERSION_MAJOR=%PYTHON_VERSION:~0,1%
 IF "%PYTHON_VERSION:~3,1%" == "." (
 	SET PYTHON_VERSION_MINOR=%PYTHON_VERSION:~2,1%
 ) ELSE (
 	SET PYTHON_VERSION_MINOR=%PYTHON_VERSION:~2,2%
 )
 FOR /F %%i IN ('python -c "import struct; print(struct.calcsize(\"P\")*8)"') DO (
 	SET PYTHON_ARCH=%%i
 )
 CALL :devenv
 IF /I "%1"=="" (
 	SET target=test
 ) ELSE (
 	SET target=%1
 )
 echo [CI] TARGET=%target%
 GOTO %target%
 :devenv
 SET WIN_SDK_ROOT=C:\Program Files\Microsoft SDKs\Windows
 SET VS2015_ROOT=C:\Program Files (x86)\Microsoft Visual Studio 14.0
 IF %PYTHON_VERSION_MAJOR% == 2 (
 	SET WINDOWS_SDK_VERSION="v7.0"
 ) ELSE IF %PYTHON_VERSION_MAJOR% == 3 (
 	IF %PYTHON_VERSION_MAJOR% LEQ 4 (
 		SET WINDOWS_SDK_VERSION="v7.1"
 	) ELSE (
 		SET WINDOWS_SDK_VERSION="2015"
 	)
 ) ELSE (
 	ECHO Unsupported Python version: "%PYTHON_VERSION%"
 	EXIT 1
 )
 SETLOCAL ENABLEDELAYEDEXPANSION
 IF %PYTHON_ARCH% == 32 (SET PYTHON_ARCHX=x86) ELSE (SET PYTHON_ARCHX=x64)
 IF %WINDOWS_SDK_VERSION% == "2015" (
 	"%VS2015_ROOT%\VC\vcvarsall.bat" %PYTHON_ARCHX%
 ) ELSE (
 	SET DISTUTILS_USE_SDK=1
 	SET MSSdk=1
 	"%WIN_SDK_ROOT%\%WINDOWS_SDK_VERSION%\Setup\WindowsSdkVer.exe" -q -version:%WINDOWS_SDK_VERSION%
 	"%WIN_SDK_ROOT%\%WINDOWS_SDK_VERSION%\Bin\SetEnv.cmd" /%PYTHON_ARCHX% /release
 )
 GOTO :eof
 :install
 pip install --user --upgrade pip virtualenv
 SET VENV_DIR=.venv\%PYTHON_VERSION%
 rmdir /s /q %VENV_DIR% > nul 2>nul
 mkdir .venv > nul 2>nul
 IF "%PYTHON_VERSION_MAJOR%%PYTHON_VERSION_MINOR%" == "26" (
 	python -c "import virtualenv; virtualenv.main();" %VENV_DIR%
 ) ELSE (
 	python -m virtualenv %VENV_DIR%
 )
 CALL %VENV_DIR%\Scripts\activate
 python -V
 pip install tox
 deactivate
 GOTO :eof
 :install_deps
 SET LXML_FILE=
 SET LXML_URL=
 IF %PYTHON_VERSION_MAJOR% == 3 (
 	IF %PYTHON_VERSION_MINOR% == 3 (
 		IF %PYTHON_ARCH% == 32 (
 			SET LXML_FILE=lxml-3.7.3.win32-py3.3.exe
 			SET LXML_URL=https://pypi.python.org/packages/66/fd/b82a54e7a15e91184efeef4b659379d0581a73cf78239d70feb0f0877841/lxml-3.7.3.win32-py3.3.exe
 		) ELSE (
 			SET LXML_FILE=lxml-3.7.3.win-amd64-py3.3.exe
 			SET LXML_URL=https://pypi.python.org/packages/dc/bc/4742b84793fa1fd991b5d2c6f2e5d32695659d6cfedf5c66aef9274a8723/lxml-3.7.3.win-amd64-py3.3.exe
 		)
 	) ELSE IF %PYTHON_VERSION_MINOR% == 4 (
 		IF %PYTHON_ARCH% == 32 (
 			SET LXML_FILE=lxml-3.7.3.win32-py3.4.exe
 			SET LXML_URL=https://pypi.python.org/packages/88/33/265459d68d465ddc707621e6471989f5c2cb0d43f230f516800ffd629af7/lxml-3.7.3.win32-py3.4.exe
 		) ELSE (
 			SET LXML_FILE=lxml-3.7.3.win-amd64-py3.4.exe
 			SET LXML_URL=https://pypi.python.org/packages/2d/65/e47db7f36a69a1b59b4f661e42d699d6c43e663b8fd91035e6f7681d017e/lxml-3.7.3.win-amd64-py3.4.exe
 		)
 	)
 )
 IF NOT "%LXML_FILE%" == "" (
 	CALL :download %LXML_URL% .downloads\%LXML_FILE%
 	easy_install --user .downloads\%LXML_FILE%
 )
 GOTO :eof
 :test
 	SET VENV_DIR=.venv\%PYTHON_VERSION%
 	CALL %VENV_DIR%\Scripts\activate
 	IF "%TOXENV%" == "" (
 		SET TOXENV=py%PYTHON_VERSION_MAJOR%%PYTHON_VERSION_MINOR%
 	)
 	IF "%PYTHON_VERSION_MAJOR%%PYTHON_VERSION_MINOR%" == "26" (
 		SET TOX=python -c "from tox import cmdline; cmdline()"
 	) ELSE (
 		SET TOX=python -m tox
 	)
 	IF %PYTHON_VERSION_MAJOR% == 3 (
 		IF %PYTHON_VERSION_MINOR% LEQ 4 (
 			:: Python 3.3 and 3.4 does not support typed-ast (mypy dependency)
 			%TOX% --sitepackages -e %TOXENV%-test,%TOXENV%-lint,cov || EXIT 1
 		) ELSE (
 			%TOX% --sitepackages -e %TOXENV%-test,%TOXENV%-type,%TOXENV%-lint,cov || EXIT 1
 		)
 	) ELSE (
 		%TOX% --sitepackages -e %TOXENV%-test,%TOXENV%-lint,cov || EXIT 1
 	)
 GOTO :eof
 :download
 IF NOT EXIST %2 (
 	IF NOT EXIST .downloads\ mkdir .downloads
 	powershell -command "(new-object net.webclient).DownloadFile('%1', '%2')" || EXIT 1
 )
 GOTO :eof
--- a/tox.ini
+++ b/tox.ini
@@ -0,0 +1,158 @@
 [tox]
 envlist = 
 	py26-{test,vulture}
 	py{27,py,py3}-{test,pylint,flake8,vulture}
 	py{33,34,35,36,37}-{test,mypy,pylint,flake8,vulture}
 	cov
 skipsdist = true
 skip_missing_interpreters = true
 [testenv]
 deps = 
 	test: pytest==3.0.7
 	test,cov: {[testenv:cov]deps}
 	test,py{33,34,35,36,37}-{type,mypy}: colorama==0.3.7
 	py{33,34,35,36,37}-{type,mypy}: {[testenv:mypy]deps}
 	py{27,py,py3,33,34,35,36,37}-{lint,pylint},lint: {[testenv:pylint]deps}
 	py{27,py,py3,33,34,35,36,37}-{lint,flake8},lint: {[testenv:flake8]deps}
 	py{27,py,py3,33,34,35,36,37}-{lint,vulture},lint: {[testenv:vulture]deps}
 setenv =
 	SSHAUDIT = {toxinidir}/ssh-audit.py
 	test: COVERAGE_FILE = {toxinidir}/.coverage.{envname}
 	type,mypy: MYPYPATH = {toxinidir}/test/stubs
 	type,mypy: MYPYHTML = {toxinidir}/reports/html/mypy
 commands =
 	test: coverage run --source ssh-audit -m -- \
 	test: pytest -v --junitxml={toxinidir}/reports/junit.{envname}.xml {posargs:test}
 	test: coverage report --show-missing
 	test: coverage html -d {toxinidir}/reports/html/coverage.{envname}
 	py{33,34,35,36,37}-{type,mypy}: {[testenv:mypy]commands}
 	py{27,py,py3,33,34,35,36,37}-{lint,pylint},lint: {[testenv:pylint]commands}
 	py{27,py,py3,33,34,35,36,37}-{lint,flake8},lint: {[testenv:flake8]commands}
 	py{27,py,py3,33,34,35,36,37}-{lint,vulture},lint: {[testenv:vulture]commands}
 ignore_outcome =
 	type: true
 	lint: true
 [testenv:cov]
 deps =
 	coverage==4.3.4
 setenv =
 	COVERAGE_FILE = {toxinidir}/.coverage
 commands =
 	coverage erase
 	coverage combine
 	coverage report --show-missing
 	coverage xml -i -o {toxinidir}/reports/coverage.xml
 	coverage html -d {toxinidir}/reports/html/coverage
 [testenv:mypy]
 deps =
 	colorama==0.3.7
 	lxml==3.7.3
 	mypy==0.501
 commands =
 	mypy \
 		--show-error-context \
 		--config-file {toxinidir}/tox.ini \
 		--html-report {env:MYPYHTML}.py3.{envname} \
 		{posargs:{env:SSHAUDIT}}
 	mypy \
 		-2 \
 		--no-warn-incomplete-stub \
 		--show-error-context \
 		--config-file {toxinidir}/tox.ini \
 		--html-report {env:MYPYHTML}.py2.{envname} \
 		{posargs:{env:SSHAUDIT}}
 [testenv:pylint]
 deps =
 	mccabe
 	pylint
 commands =
 	pylint \
 		--rcfile tox.ini \
 		--load-plugins=pylint.extensions.bad_builtin \
 		--load-plugins=pylint.extensions.check_elif \
 		--load-plugins=pylint.extensions.mccabe \
 		{posargs:{env:SSHAUDIT}}
 [testenv:flake8]
 deps =
 	flake8
 commands =
 	flake8 {posargs:{env:SSHAUDIT}}
 [testenv:vulture]
 deps =
 	vulture
 commands =
 	python -c "import sys; from subprocess import Popen, PIPE; \
 		a = ['vulture'] + r'{posargs:{env:SSHAUDIT}}'.split(' '); \
 		o = Popen(a, shell=False, stdout=PIPE).communicate()[0]; \
 		l = [x for x in o.split(b'\n') if x and b'Unused import' not in x]; \
 		print(b'\n'.join(l).decode('utf-8')); \
 		sys.exit(1 if len(l) > 0 else 0)"
 [mypy]
 ignore_missing_imports = False
 follow_imports = error
 disallow_untyped_calls = True
 disallow_untyped_defs = True
 check_untyped_defs = True
 disallow_subclassing_any = True
 warn_incomplete_stub = True
 warn_redundant_casts = True
 warn_return_any = True
 warn_unused_ignores = True
 strict_optional = True
 strict_boolean = True
 [pylint]
 reports = no
 #output-format = colorized
 indent-string = \t
 disable = 
 	locally-disabled,
 	bad-continuation,
 	multiple-imports,
 	invalid-name,
 	trailing-whitespace,
 	missing-docstring
 max-complexity = 15
 max-args = 8
 max-locals = 20
 max-returns = 6
 max-branches = 15
 max-statements = 60
 max-parents = 7
 max-attributes = 8
 min-public-methods = 1
 max-public-methods = 20
 max-bool-expr = 5
 max-nested-blocks = 6
 max-line-length = 80
 ignore-long-lines = ^\s*(#\s+type:\s+.*|[A-Z0-9_]+\s+=\s+.*|('.*':\s+)?\[.*\],?|assert\s+.*)$
 max-module-lines = 2500
 [flake8]
 ignore =
 	# indentation contains tabs
 	W191,
 	# blank line contains whitespace
 	W293,
 	# indentation contains mixed spaces and tabs
 	E101,
 	# multiple spaces before operator
 	E221,
 	# multiple spaces after operator
 	E241,
 	# multiple imports on one line
 	E401,
 	# line too long
 	E501,
 	# module imported but unused
 	F401,
 	# undefined name
 	F821
		`@@ -0,0 +1 @@`
							`iܛ<EFBFBD><EFBFBD><EFBFBD><1C><><EFBFBD>V<EFBFBD>违<EFBFBD>Z/D<><<3C><>\|S<>z<EFBFBD>=<3D>:<3A>1vu}<7D><><11>J<EFBFBD>ݷ<EFBFBD><DDB7>"<22>^Bb&U<><03>P<EFBFBD><50>`
		`@@ -0,0 +1 @@`
							`1vu}<7D><><11>J<EFBFBD>ݷ<EFBFBD><DDB7>"<22>^Bb&U<><03>P<EFBFBD><50>`
		`@@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsz1andk9wLwh+G7oaM0MlqgyDsrE7R6Xb6v0nflOW1 jdog@localhost.wonderland.lol`
		`@@ -0,0 +1 @@`
							`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDnRlN3AFnUe2lFf5XG9UhXLr/9POruNTFbMt0zrjOUSjmAS7hS6pDv5VEToT6DaR1EQUYaqSMpHYzZhuCK52vrydOm5XFbJ7712r9MyZQUhoVZx8SudBHzVDIVO3jcMMWIlrfWBMnUaUHEqpmy88Y7gKDa2TWxJg1+hg51KqHrUQ== jdog@localhost.wonderland.lol`
		`@@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrFAQhuPzDROsFjV8M7zVy6uKNCt0s5SvxWXxcQJZzlAZ3UuQAbzQ2B1wIE++NbFlKZisp6oDvwZR034qDJwTTO2nFhJcodkxogzld73gEH4Ghwf3W93/aIHMZ553WdX/N8B2rYAQdCPVOkgj5r7PbnLG/Y+7BVNPDCj0j/omA2rd68fgdvCCvdJF8QRhlD5gvxw6kG42DVhk5HSTXKTbdmoB33YnJvFniIK063utyPawUfM27VTnjjBYHAgvnJlkpOAGFjh2p9PYSnsjNHkd2x2u9BX2oL3YYzXMMT5TcDCtUqMezRhmrePNyr/K8UMJwwxHPj/SkYUVTbqhaZr6fe9sDEomgv6uEbxAz36XaoWUsayczSRRcAlew8pvKClo/xndTh4qBO4nYa5L14sgWcHuavAPvlXoaA32rmZjz0N+RVKQdqiqljyk91GTP1ACYwS4u0ea/b0JU6l9fm/+uybvABIBmq1SWYW7isUYEvC9ltSVa7TYeaAFPjuDoQh8= jdog@localhost.wonderland.lol
		`@@ -0,0 +1 @@`
							`1024 35 150823875409720459951648542224727752099073441604930026287525797402159071426070997897033651155038337251362080634963146983947007228274330777134724953282680928153520263171933106732090266742784258910450489054624715996015082463159338507115031336180486071622718809324273851629938883104520608180885444242395900180011 root@ubuntu1604server`
		`@@ -0,0 +1 @@`
							ssh-dss AAAAB3NzaC1kc3MAAACBAO2HV5X4DyPX3VHR7LR1VcvYsY0Zgz5r4+iZJruy4rzE0J5UsoJilDpVJakB/oVtFZ6/VRWjwiluCXAVk9zIU8rYbUfunjmjCzZI3gKV6zMMPnp7pbTc+Vz6oypInotOOvgzn4epMM4zcJLvZ3sxdSR8dCJqDKtZCFfJzSQWw0kvAAAAFQCoO2+fjYiGc6YOSBB9LZWBUKboQQAAAIAZxurv1Co01lG48IT8XTmwKhNEYKYWcOMK4KBY3vA1Gi2MzP9Leke0IJ65NPWNPofLRkUd+2/S38YXwYFGB6iRRtLjK0ek6QVZxPPygWC4Mvjierx419JjpvMSXziqyAR7gc/3eYHgVHVlRSAjhvuAIE5gQWXfI+IfsfWntn0TWgAAAIAl1UPQkeRhElz+AgEbNsnMKu1+6O3/z95D1Wvv4OEwAImbytlBaC7pkwJElJNsMMfGqCC8OHdJ0e4VQQUwk/GOhD0MFhVQHBtVZYbiWmVkpfHf1ouUQg3f1IZmz2SSt6cPPEu+BEQ/Sn3mFRJ5XSTHLtnI0HJeDND5u1+6p1nXaw==
		`@@ -0,0 +1 @@`
							`ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHWEsQ1VIzqVuO/S/50Q4gHcUQeSrstm4JD/ywNqZ1j3BiFphWuEFGDdlNybBSnCyHMeXL03oUH4Kxw52kilXSg=`
		`@@ -0,0 +1 @@`
							`ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIO1W0I8tD0c4LypvHY1XNch3BQCw9Yy28/4KmAYql80DAAAAIL/1EPYCj3k4MMgfyLXV6RMAu63wBQ2pahDHSMeU/jHKAAAAAAAAAAAAAAACAAAABHRlc3QAAAAIAAAABHRlc3QAAAAAXV7hvAAAAACBa2YhAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAbM9Wp3ZPcC8Ifhu6GjNDJaoMg7KxO0el2+r9J35TltQAAAFMAAAALc3NoLWVkMjU1MTkAAABAW60bCSeIG4Ta+57zgkSbW4LIGCxtOuJJ+pP3i3S0xJJfHGnOtXbg0NQm7pulNl/wd01kgJO9A7RjbhTh7TV1AA== ssh_host_ed25519_key.pub`
		`@@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/1EPYCj3k4MMgfyLXV6RMAu63wBQ2pahDHSMeU/jHK`