Upgraded SHA-1 key signatures from warnings to failures. Added deprecation warning to ssh-rsa-cert-v00@openssh.com, ssh-rsa-cert-v01@openssh.com, x509v3-sign-rsa, and x509v3-ssh-rsa host key types.

test/docker/expected_results/dropbear_2019.78_test1.txt

@@ -23,8 +23,9 @@
                                      `- [warn] using weak random number generator could reveal the key
                                      `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
 (key) ssh-rsa (1024-bit)             -- [fail] using weak hashing algorithm
-                                     `- [warn] using small 1024-bit modulus
+                                     `- [fail] using small 1024-bit modulus
                                      `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                     `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 (key) ssh-dss                        -- [fail] using small 1024-bit modulus
                                      `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
                                      `- [warn] using weak random number generator could reveal the key

test/docker/expected_results/openssh_4.0p1_test1.txt

@@ -40,8 +40,9 @@
 
 # host-key algorithms
 (key) ssh-rsa (1024-bit)                  -- [fail] using weak hashing algorithm
-                                          `- [warn] using small 1024-bit modulus
+                                          `- [fail] using small 1024-bit modulus
                                           `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                          `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 (key) ssh-dss                             -- [fail] using small 1024-bit modulus
                                           `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
                                           `- [warn] using weak random number generator could reveal the key

test/docker/expected_results/openssh_5.6p1_test1.txt

@@ -34,8 +34,9 @@
 
 # host-key algorithms
 (key) ssh-rsa (1024-bit)                    -- [fail] using weak hashing algorithm
-                                            `- [warn] using small 1024-bit modulus
+                                            `- [fail] using small 1024-bit modulus
                                             `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                            `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 (key) ssh-dss                               -- [fail] using small 1024-bit modulus
                                             `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
                                             `- [warn] using weak random number generator could reveal the key

test/docker/expected_results/openssh_5.6p1_test2.txt

@@ -34,11 +34,13 @@
 
 # host-key algorithms
 (key) ssh-rsa (1024-bit)                    -- [fail] using weak hashing algorithm
-                                            `- [warn] using small 1024-bit modulus
+                                            `- [fail] using small 1024-bit modulus
                                             `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                            `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 (key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm
-                                                               `- [warn] using small 1024-bit modulus
+                                                               `- [fail] using small 1024-bit modulus
                                                                `- [info] available since OpenSSH 5.6
+                                                               `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 
 # encryption algorithms (ciphers)
 (enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

test/docker/expected_results/openssh_5.6p1_test3.txt

@@ -34,11 +34,13 @@
 
 # host-key algorithms
 (key) ssh-rsa (1024-bit)                    -- [fail] using weak hashing algorithm
-                                            `- [warn] using small 1024-bit modulus
+                                            `- [fail] using small 1024-bit modulus
                                             `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                            `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 (key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using weak hashing algorithm
-                                                               `- [warn] using small 1024-bit modulus
+                                                               `- [fail] using small 1024-bit modulus
                                                                `- [info] available since OpenSSH 5.6
+                                                               `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 
 # encryption algorithms (ciphers)
 (enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

test/docker/expected_results/openssh_5.6p1_test4.txt

@@ -35,9 +35,11 @@
 # host-key algorithms
 (key) ssh-rsa (3072-bit)                    -- [fail] using weak hashing algorithm
                                             `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                            `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 (key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm
-                                                               `- [warn] using small 1024-bit modulus
+                                                               `- [fail] using small 1024-bit modulus
                                                                `- [info] available since OpenSSH 5.6
+                                                               `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 
 # encryption algorithms (ciphers)
 (enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

test/docker/expected_results/openssh_5.6p1_test5.txt

@@ -35,8 +35,10 @@
 # host-key algorithms
 (key) ssh-rsa (3072-bit)                    -- [fail] using weak hashing algorithm
                                             `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                            `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 (key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [fail] using weak hashing algorithm
                                                                `- [info] available since OpenSSH 5.6
+                                                               `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 
 # encryption algorithms (ciphers)
 (enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

test/docker/expected_results/openssh_8.0p1_test1.txt

@@ -25,6 +25,7 @@
 (key) rsa-sha2-256 (3072-bit)               -- [info] available since OpenSSH 7.2
 (key) ssh-rsa (3072-bit)                    -- [fail] using weak hashing algorithm
                                             `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                            `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 (key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves
                                             `- [warn] using weak random number generator could reveal the key
                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62

test/test_ssh2.py

@@ -147,7 +147,7 @@ class TestSSH2:
         self.audit(out, self._conf())
         out.write()
         lines = output_spy.flush()
-        assert len(lines) == 69
+        assert len(lines) == 70
 
     def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket):
         vsocket = virtual_socket