我目前正在用Java编写一个ssh honeypot作为个人项目。我无法理解算法协商。确切地说,来自客户端的接收数据的结构。这是我收到的,带有我的个人注释:
00 00 07 AC == packet length
08 == padding length
14 == SSH_MSG_KEXINIT
6C 31 89 77 EB 54 E1 8B D4 B1 35 08 FD 52 65 6E == cookie
00 00 00 D4 == string length
kex algorithms in byte form
00 00 01 67 == string length
server host key algorithms in byte form
00 00 00 E9 == string length
encryption_algorithms_client_to_server in byte form
00 00 00 E9 == string length
encryption_algorithms_server_to_client in byte form
00 00 01 92 == string length
mac_algorithms_client_to_server in byte form
00 00 01 92 == string length
mac_algorithms_server_to_client in byte form
00 00 00 1A == string length
compression_algorithms_client_to_server in byte form
00 00 00 1A == string length
compression_algorithms_server_to_client in byte form
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
有关谈判的信息,请访问: rfc4253
有两件事我不太了解:
填充:如何计算?根据{{3}},应该有一个随机填充(在这种情况下为8个字节)。我什么都看不到。此外,数据包长度+填充长度+有效负载+填充的大小应该是8的倍数,这不是这里的情况。 (?)
数据包长度:如果我只是在数据包长度之后总结一切,我得到0x797。添加8字节填充(无论它在哪里),我得到0x79F。我是否认为客户端 - >服务器和服务器 - >客户端的语言虽然没有定义,但每个仍然需要4个字节?这让我得到了0x7A7。如果我现在添加布尔值和保留的4个字节(参见rfc4253),我终于得到0x7AC。那是对的吗?这意味着尾随零具有以下结构:
00 00 00 00 == length of string for language_client_to_server
00 00 00 00 == length of string for language_server_to_client
00 == boolean first_kex_packet_follows
00 00 00 00 == reserved
rest: garbage?