SSH KEXINIT message
E901637
The SSH KEXINIT message is a protocol packet used during SSH session setup to exchange and negotiate key exchange, encryption, and other security-related algorithms between client and server.
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
SSH protocol message
ⓘ
key exchange negotiation packet ⓘ |
| algorithmListsFormat | comma-separated name-lists ⓘ |
| containsField |
compression_algorithms_client_to_server
ⓘ
compression_algorithms_server_to_client ⓘ cookie ⓘ encryption_algorithms_client_to_server ⓘ encryption_algorithms_server_to_client ⓘ first_kex_packet_follows ⓘ kex_algorithms ⓘ languages_client_to_server ⓘ languages_server_to_client ⓘ mac_algorithms_client_to_server ⓘ mac_algorithms_server_to_client ⓘ reserved ⓘ server_host_key_algorithms ⓘ |
| cookiePurpose | randomness to thwart certain attacks ⓘ |
| definedIn | RFC 4253 NERFINISHED ⓘ |
| directionality | symmetric between client and server ⓘ |
| hasCookieLength | 16 bytes GENERATED ⓘ |
| hasMessageNumber | 20 ⓘ |
| mayBeRepeated | yes, when rekeying ⓘ |
| messageNameInRFC4253 | SSH_MSG_KEXINIT NERFINISHED ⓘ |
| negotiationRule | first algorithm in client list that also appears in server list is chosen ⓘ |
| occursBefore |
channel establishment
ⓘ
user authentication ⓘ |
| partOf | Secure Shell (SSH) protocol NERFINISHED ⓘ |
| precedes |
NEWKEYS message
ⓘ
SSH key exchange messages ⓘ |
| purpose |
exchange algorithm capability lists
ⓘ
negotiate compression algorithms ⓘ negotiate encryption algorithms ⓘ negotiate key exchange algorithms ⓘ negotiate language preferences ⓘ negotiate message authentication algorithms ⓘ |
| relatedTo |
SSH transport layer encryption
ⓘ
SSH_MSG_NEWKEYS ⓘ |
| securityRole |
establish cryptographic parameters
ⓘ
prevent downgrade attacks via explicit algorithm lists ⓘ |
| sentBy |
SSH client
ⓘ
SSH server ⓘ |
| sentOver | already established TCP connection ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| transportLayer | SSH transport layer protocol ⓘ |
| triggeredBy | start of SSH key exchange ⓘ |
| usedDuring |
SSH key exchange phase
ⓘ
SSH session setup ⓘ |
| usedFor | rekeying negotiation ⓘ |
| usedIn | SSH-2 NERFINISHED ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.