I am currently reviewing some SSH captures for a client. We are trying to validate the SSH version that is in use Cisco's SSH v 1.99 (OpenSSH). I am trying to create a case that outlines if certain features are in place then it must be SSH v1.99 (e.g. DH Key exchange, DSA auth method, etc). One question I do have is within the capture I am noticing under the SSH protocol section there is an indicator or a "Message Code: Public Key (2)". What does that mean? Any help would be greatly appreciated. asked 23 Apr '13, 12:16  netwerk |
One Answer:
version 1.99 is defined in RFC 4253. It's a 'flag' that signals compatibility with old ssh protocol versions, meaning that server is able to speak the ssh-1 and ssh-2 protocol. So, I don't think that version is directly related to DH Key exchange and DSA auth method.
That's defined in the ssh-1 protocol.
Search for this string: 2 SSH_SMSG_PUBLIC_KEY It's a packet that contains information about the public key of the server. Regards answered 24 Apr '13, 15:38  Kurt Knochner ♦ |
