开发者

Unknown value in SSH2 Diffie-Hellman Group Exchange Reply packet

I'm trying to understand more about how SSH works. I'm using Wireshark to grab the packets going between my machines (OpenSSH running on both ends). I'm stuck at the Diffie-Hellman Group Exchange Reply packet. There seems to be a length (4 Bytes) and value (1 Byte) not accounted for or not described by RFC 4419, just after the encryption algorithm name. The RFC says that the first chunk of data sent in this packet will be the server's public key and certificates, but I don't know where to look for certificate formats to try and decode this data.

Here is the packet received from the server (TCP, IP, and Ethernet packet information not included). I've spread it out for readability. I've also indicated values and field purposes as I understand them. The 'host key', 'f', and 'hash signature' are indicated to be in these positions by RFC 4419. The line marked with a "->" has the data that is confusing me. I can't see anything that the value 0x23 (35) would correlate to.

Packet Length: 444
Padding Length: 10
  Key Exchange
    Msg code: Diffie-Hellman GEX Reply (33)
    Payload:
  00000095                                         Value = 149 bytes
  00000007 7373682d727361                          Value =   7 bytes ; "ssh-rsa"
->00000001 23                                      Value =   1 byte  ; 35
  00000081 00dca412f58b8d7bea991901652857b3        Value = 129 bytes ; host key
           ...
           ... Total of 129 bytes
           ...

  00000080 420b85197d902a986c7c67b2c4f72336        Value = 128 bytes ; f
         ...
         ... Total of 128 bytes
         ...

  0000008f                                         Value = 143 bytes
  00000007 7373682d727361                          Value =   7 bytes ; "ssh-rsa"
  0开发者_Go百科0000080 0c9f8b1a7f59c25f279fcc8199ea1ffe        Value = 128 bytes ; hash signature
           ...
           ... Total of 128 bytes
           ...
    Padding String: 
    MAC String: 

I've read through RFCs 4250-4254 and 4419 to try to find some clue for this code 0x23, but I have been unsuccessful so far. It is entirely possible that I missed an explanation in the RFCs, so feel free to point one out to me if that's the case. Any hints or explanation will be helpful.

Thank You


If you look at RFC 4253, 6.6. Public Key Algorithms, where the key format is described, immediately after the ssh-rsa string comes the key's exponent (mpint e) which in your case is 35.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜