primitive ssh connection (lowlevel)


as a small (large) hobby project I've set out to make a (very primitive) ssh-2.0 client in C#. This is to explore and better understand DH and help flourish my encryption familiarities :)

As per RFC 4253, I've begun the initial connection like this:

(leaving out irrelevant presetting of vars etc.)

Random cookie_gen = new Random();
while ((ssh_response = unsecure_reader.ReadLine()) != null)
   if (ssh_response.StartsWith("SSH-2.0-")
      // you told me your name, now I'll tell you mine
      // now I should write up my supported (which I'll keep to the required as per rfc 4253)
      ssh_writer.Write(0x20); // SSH_MSG_KEXINIT
      byte[] cookie = new byte[16];
      for (int i = 0; i < 16; i++)
         cookie[i] = Convert.ToByte(cookie_gen.Next(0, 10));
      ssh_writer.Write(cookie); // cookie
      // and now for the name-list
      // This is where I'm troubled

      // "Footer"
      ssh_writer.Write(0x00); // first_kex_packet_follows
      ssh_writer.Write(0x00); // 0

As you can see on page 16 of RFC 4253, I'm expected to give 10 name-lists. Are these simply suppose to be strings, or how do I mark start/end of each list (simply by newline \n)? Am I even on the right track here? (keep in mind I will handle DH and encryption past this point. My question is solely based on the initial contact so far).

Any help or comments are welcomed and appreciated,

PS: I'm aware libraries exist, but this is not relevant to my project.


Posted 2010-05-20T09:00:57.170

Reputation: 70

The question is how to send the name-lists using C#, so I would assume it is a C# question? I recieve the servers namelists, but this is not in a string format per se, so I'm asking how I'm suppose to return the favor and answer with MY namelist (in which format). Hope this clears it up :) – Chuck – 2010-05-20T09:20:59.893



Well, as RFC 4251 states on page 9:

Terminating null characters MUST NOT be used, neither for the individual names, nor for the list as a whole.

There are also examples in the named RFC.

Sebastian Dressler

Posted 2010-05-20T09:00:57.170

Reputation: 6 729

You're right, thanks. I missed that. Scratching the last line before Flush(). I'm still unsure how to put together the data as name-list though

This is what the server's list looks like:

– Chuck – 2010-05-20T09:38:33.770

1RFC 4251 also answers this question: First you have to send a uint32 containing the byte-length of the name-list. The list itself contains just chars. So for example zlib,none would be: 00 00 00 09 7a 6c 69 62 2c 6e 6f 6e 65. Where 00 00 00 09 is the uint32 stating, that 9 bytes follow. – Sebastian Dressler – 2010-05-20T09:44:27.797

1This also goes conform with your image. The sequence \0 \0 \0 ~ before diffie-hellman... is the uint32. From ASCII: ~ is 0x7E, therefore 126 bytes are following. Then follows the next uint32 \0 \0 \0 [box] ... seems to be an ascii control string 0x0F, i assume (because of the following 15 chars). – Sebastian Dressler – 2010-05-20T09:50:26.860

Thanks, that's what I needed to know :) – Chuck – 2010-05-20T09:50:29.963

Nice. Hope you'll get it running ;) – Sebastian Dressler – 2010-05-20T09:53:05.357

I'm now at DH key exchange, so it's going in the right direction ;) thanks again for your input; you really saved me some time there. – Chuck – 2010-05-22T14:17:02.053