Refactored the SSH analyzer. Added supported for algorithm detection and more key exchange message types.

scripts/base/protocols/ssh/dpd.sig

@@ -1,6 +1,13 @@
-signature dpd_ssh {
+signature dpd_ssh_client {
   ip-proto == tcp
-  payload /^[sS][sS][hH]-[12]./
+  payload /^[sS][sS][hH]-[12]\./
+  requires-reverse-signature dpd_ssh_server
   enable "ssh"
+  tcp-state originator
 }
 
+signature dpd_ssh_server {
+  ip-proto == tcp
+  payload /^[sS][sS][hH]-[12]\./
+  tcp-state responder
+}