SshTransportHandshake
Defined in: src/protocols/ssh/transport/SshTransportHandshake.ts:72
Client-side SSH handshake coordinator for version exchange and KEXINIT negotiation.
Constructors
Section titled “Constructors”Constructor
Section titled “Constructor”new SshTransportHandshake(options?: { algorithms?: SshAlgorithmPreferences; clientComments?: string; clientSoftwareVersion?: string; kexCookie?: Uint8Array<ArrayBufferLike>; verifyHostKey?: (input: { algorithmName: string; hostKeyBlob: Buffer; hostKeySha256: Buffer; }) => void | Promise<void>;}): SshTransportHandshake;Defined in: src/protocols/ssh/transport/SshTransportHandshake.ts:105
Parameters
Section titled “Parameters”| Parameter | Type | Description |
|---|---|---|
options | { algorithms?: SshAlgorithmPreferences; clientComments?: string; clientSoftwareVersion?: string; kexCookie?: Uint8Array<ArrayBufferLike>; verifyHostKey?: (input: { algorithmName: string; hostKeyBlob: Buffer; hostKeySha256: Buffer; }) => void | Promise<void>; } | - |
options.algorithms? | SshAlgorithmPreferences | - |
options.clientComments? | string | - |
options.clientSoftwareVersion? | string | - |
options.kexCookie? | Uint8Array<ArrayBufferLike> | - |
options.verifyHostKey? | (input: { algorithmName: string; hostKeyBlob: Buffer; hostKeySha256: Buffer; }) => void | Promise<void> | Verifies the server’s host key after the signature check passes. Receives the SSH wire-format host key blob and its SHA-256 digest. Throwing rejects the handshake; resolving accepts it. If omitted, the host key is accepted as long as its signature over the exchange hash verifies. Callers SHOULD supply this hook in production to enforce known_hosts or pinned-fingerprint policies. |
Returns
Section titled “Returns”SshTransportHandshake
Methods
Section titled “Methods”createInitialClientBytes()
Section titled “createInitialClientBytes()”createInitialClientBytes(): Buffer;Defined in: src/protocols/ssh/transport/SshTransportHandshake.ts:139
Creates the first outbound bytes (client identification line).
Returns
Section titled “Returns”Buffer
getServerBannerLines()
Section titled “getServerBannerLines()”getServerBannerLines(): readonly string[];Defined in: src/protocols/ssh/transport/SshTransportHandshake.ts:175
Returns
Section titled “Returns”readonly string[]
isComplete()
Section titled “isComplete()”isComplete(): boolean;Defined in: src/protocols/ssh/transport/SshTransportHandshake.ts:179
Returns
Section titled “Returns”boolean
pushServerBytes()
Section titled “pushServerBytes()”pushServerBytes(chunk: Uint8Array): { outbound: Buffer<ArrayBufferLike>[]; result?: SshTransportHandshakeResult;};Defined in: src/protocols/ssh/transport/SshTransportHandshake.ts:146
Feeds raw server bytes into the handshake state machine.
Parameters
Section titled “Parameters”| Parameter | Type |
|---|---|
chunk | Uint8Array |
Returns
Section titled “Returns”{ outbound: Buffer<ArrayBufferLike>[]; result?: SshTransportHandshakeResult;}| Name | Type | Defined in |
|---|---|---|
outbound | Buffer<ArrayBufferLike>[] | src/protocols/ssh/transport/SshTransportHandshake.ts:147 |
result? | SshTransportHandshakeResult | src/protocols/ssh/transport/SshTransportHandshake.ts:148 |
takeRemainingBytes()
Section titled “takeRemainingBytes()”takeRemainingBytes(): Buffer;Defined in: src/protocols/ssh/transport/SshTransportHandshake.ts:188
Returns any bytes received after the last complete handshake packet and clears the buffer.
Call this once after pushServerBytes returns a result to drain bytes that belong to the
post-NEWKEYS encrypted phase but arrived in the same TCP segment as NEWKEYS.
Returns
Section titled “Returns”Buffer