SSH2 Diffie-Hellman 组交换回复数据包中的未知值

发布于 2024-09-29 09:35:07 字数 1461 浏览 0 评论 0原文

我正在尝试更多地了解 SSH 的工作原理。我正在使用 Wireshark 来抓取我的机器之间的数据包（OpenSSH 在两端运行）。我被 Diffie-Hellman 组交换回复数据包困住了。就在加密算法名称之后，似乎有 RFC 4419 未考虑或未描述的长度（4 字节）和值（1 字节）。 RFC 表示此数据包中发送的第一块数据将是服务器的公钥和证书，但我不知道在哪里寻找证书格式来尝试解码此数据。

这是从服务器接收到的数据包（不包括 TCP、IP 和以太网数据包信息）。为了便于阅读，我将其展开。我还指出了我所理解的价值观和领域目的。 RFC 4419 指示“主机密钥”、“f”和“散列签名”位于这些位置。标有“->”的行。有令我困惑的数据。我看不到任何与值 0x23 (35) 相关的内容。

Packet Length: 444
Padding Length: 10
  Key Exchange
    Msg code: Diffie-Hellman GEX Reply (33)
    Payload:
  00000095                                         Value = 149 bytes
  00000007 7373682d727361                          Value =   7 bytes ; "ssh-rsa"
->00000001 23                                      Value =   1 byte  ; 35
  00000081 00dca412f58b8d7bea991901652857b3        Value = 129 bytes ; host key
           ...
           ... Total of 129 bytes
           ...

  00000080 420b85197d902a986c7c67b2c4f72336        Value = 128 bytes ; f
         ...
         ... Total of 128 bytes
         ...

  0000008f                                         Value = 143 bytes
  00000007 7373682d727361                          Value =   7 bytes ; "ssh-rsa"
  00000080 0c9f8b1a7f59c25f279fcc8199ea1ffe        Value = 128 bytes ; hash signature
           ...
           ... Total of 128 bytes
           ...
    Padding String: 
    MAC String:

我已经阅读了 RFC 4250-4254 和 4419，试图找到此代码 0x23 的一些线索，但到目前为止我还没有成功。我完全有可能错过了 RFC 中的解释，所以如果是这种情况，请随时向我指出。任何提示或解释都会有帮助。

谢谢

原文

I'm trying to understand more about how SSH works. I'm using Wireshark to grab the packets going between my machines (OpenSSH running on both ends). I'm stuck at the Diffie-Hellman Group Exchange Reply packet. There seems to be a length (4 Bytes) and value (1 Byte) not accounted for or not described by RFC 4419, just after the encryption algorithm name. The RFC says that the first chunk of data sent in this packet will be the server's public key and certificates, but I don't know where to look for certificate formats to try and decode this data.

Here is the packet received from the server (TCP, IP, and Ethernet packet information not included). I've spread it out for readability. I've also indicated values and field purposes as I understand them. The 'host key', 'f', and 'hash signature' are indicated to be in these positions by RFC 4419. The line marked with a "->" has the data that is confusing me. I can't see anything that the value 0x23 (35) would correlate to.

Packet Length: 444
Padding Length: 10
  Key Exchange
    Msg code: Diffie-Hellman GEX Reply (33)
    Payload:
  00000095                                         Value = 149 bytes
  00000007 7373682d727361                          Value =   7 bytes ; "ssh-rsa"
->00000001 23                                      Value =   1 byte  ; 35
  00000081 00dca412f58b8d7bea991901652857b3        Value = 129 bytes ; host key
           ...
           ... Total of 129 bytes
           ...

  00000080 420b85197d902a986c7c67b2c4f72336        Value = 128 bytes ; f
         ...
         ... Total of 128 bytes
         ...

  0000008f                                         Value = 143 bytes
  00000007 7373682d727361                          Value =   7 bytes ; "ssh-rsa"
  00000080 0c9f8b1a7f59c25f279fcc8199ea1ffe        Value = 128 bytes ; hash signature
           ...
           ... Total of 128 bytes
           ...
    Padding String: 
    MAC String:

I've read through RFCs 4250-4254 and 4419 to try to find some clue for this code 0x23, but I have been unsuccessful so far. It is entirely possible that I missed an explanation in the RFCs, so feel free to point one out to me if that's the case. Any hints or explanation will be helpful.

Thank You

分享到QQ

分享到微博