This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am currently reviewing some SSH captures for a client. We are trying to validate the SSH version that is in use Cisco's SSH v 1.99 (OpenSSH). I am trying to create a case that outlines if certain features are in place then it must be SSH v1.99 (e.g. DH Key exchange, DSA auth method, etc).

One question I do have is within the capture I am noticing under the SSH protocol section there is an indicator or a "Message Code: Public Key (2)". What does that mean?

Any help would be greatly appreciated.

asked 23 Apr '13, 12:16

netwerk's gravatar image

netwerk
11112
accept rate: 0%


then it must be SSH v1.99

version 1.99 is defined in RFC 4253. It's a 'flag' that signals compatibility with old ssh protocol versions, meaning that server is able to speak the ssh-1 and ssh-2 protocol. So, I don't think that version is directly related to DH Key exchange and DSA auth method.

"Message Code: Public Key (2)". What does that mean?

That's defined in the ssh-1 protocol.

http://www.snailbook.com/docs/protocol-1.5.txt

Search for this string: 2 SSH_SMSG_PUBLIC_KEY

It's a packet that contains information about the public key of the server.

Regards
Kurt

permanent link

answered 24 Apr '13, 15:38

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×25

question asked: 23 Apr '13, 12:16

question was seen: 3,489 times

last updated: 24 Apr '13, 15:38

p​o​w​e​r​e​d by O​S​Q​A