Added note that when a target is properly configured against the Terrapin vulnerability that unpatched peers may still create vulnerable connections. Updated Ubuntu Server & Client 20.04 & 22.04 policies to include new key exchange markers related to Terrapin counter-measures.

test/docker/expected_results/openssh_8.0p1_test2.txt

@@ -36,8 +36,9 @@
 (key) ssh-ed25519-cert-v01@openssh.com (256-bit cert/256-bit ssh-ed25519 CA) -- [info] available since OpenSSH 6.5
 
 # encryption algorithms (ciphers)
-(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5
-                                            `- [info] default cipher since OpenSSH 6.9
+(enc) chacha20-poly1305@openssh.com         -- [warn] vulnerable to the Terrapin attack (CVE-2023-48795), allowing message prefix truncation
+                                            `- [info] available since OpenSSH 6.5
+                                            `- [info] default cipher since OpenSSH 6.9
 (enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
 (enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
 (enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
@@ -77,6 +78,7 @@
 (rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove 
 (rec) +rsa-sha2-256                         -- key algorithm to append 
 (rec) +rsa-sha2-512                         -- key algorithm to append 
+(rec) -chacha20-poly1305@openssh.com        -- enc algorithm to remove 
 (rec) -diffie-hellman-group14-sha256        -- kex algorithm to remove 
 (rec) -hmac-sha2-256                        -- mac algorithm to remove 
 (rec) -hmac-sha2-512                        -- mac algorithm to remove