A good source of information about the Secure Shell (SSH) is provided in RFC 4253. This network protocol provides a secure way to login to remote servers. This fundamental service provides a mechanism for other useful operations, such as secure file transfer.
The protocol will work over an underlying transport that protects transmission errors, such as TCP/IP (usually on port 22). The client always initiates the connection.
Once a raw socket connection has been established, both sides must send an identification string or banner, which has the following format:
SSH-<protocol version>-<software version> SP comments CR LFThe <protocol version> refers to the version of SSH, while the <software version> allows the receiver to determine the capabilities of the sender’s implementation. This string must be a maximum length of 255 characters, including all of the control characters. Key exchange must begin immediately following the banner.
Note: the server may send other lines before the banner, but each of these must not start with “SSH-” and must be terminated by a “CR LF”.
The Binary Packet Protocol should be expected after the banner, where each packet conforms to the following layout:
| Type | Size | Name | Description |
|---|---|---|---|
| uint32 | 4 | packet_length | length of packet, excluding MAC and this field itself |
| byte | 1 | padding_length | length of padding bytes that follow the payload |
| byte | packet_length – padding_length -1 | payload | the raw payload of the packet |
| byte | padding_length | padding | random padding bytes |
| byte | mac_length | Message Authentication Code (MAC) | Initially this must be "none" |