feat: add SSH identification customization and validation

vicajilau · vicajilau · commit f1c6a02e44a6 · 2026-03-20T10:34:14.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,10 +1,11 @@
 ## [2.15.0] - yyyy-mm-dd
-- Updated `pointycastle` dependency to `^4.0.0` [#131]. Thanks @vicajilau.
-- Added foundational X11 forwarding support with session x11-req API, incoming x11 channel handling, and protocol tests [#1]. Thanks @vicajilau.
+- Updated `pointycastle` dependency to `^4.0.0` [#131]. Thanks [@vicajilau].
+- Added foundational X11 forwarding support with session x11-req API, incoming x11 channel handling, and protocol tests [#1]. Thanks [@vicajilau].
+- Exposed SSH ident configuration from `SSHClient` [#135]. Thanks [@Remulic] and [@vicajilau].
 
 ## [2.14.0] - 2026-03-19
-- Fixed SSH connections through bastion hosts where the target server sends its version string immediately upon connection (which is standard behavior per RFC 4253) [#141]. Thanks @shihuili1218.
-- Adds a new forwardLocalUnix() function, which is an equivalent of ssh -L localPort:remoteSocketPath [#140]. Thanks @isegal.
+- Fixed SSH connections through bastion hosts where the target server sends its version string immediately upon connection (which is standard behavior per RFC 4253) [#141]. Thanks [@shihuili1218].
+- Adds a new forwardLocalUnix() function, which is an equivalent of ssh -L localPort:remoteSocketPath [#140]. Thanks [@isegal].
 
 ## [2.13.0] - 2025-06-22
 - docs: Update NoPorts naming [#115]. [@XavierChanth].
@@ -179,6 +180,10 @@
 
 - Initial release.
 
+[#141]: https://github.com/TerminalStudio/dartssh2/pull/141
+[#140]: https://github.com/TerminalStudio/dartssh2/pull/140
+[#135]: https://github.com/TerminalStudio/dartssh2/pull/135
+[#131]: https://github.com/TerminalStudio/dartssh2/pull/131
 [#127]: https://github.com/TerminalStudio/dartssh2/pull/127
 [#126]: https://github.com/TerminalStudio/dartssh2/pull/126
 [#125]: https://github.com/TerminalStudio/dartssh2/pull/125
@@ -201,4 +206,5 @@
 [@XavierChanth]: https://github.com/XavierChanth
 [@MarBazuz]: https://github.com/MarBazuz
 [@reinbeumer]: https://github.com/reinbeumer
-[@alexander-irion]: https://github.com/alexander-irion
+[@alexander-irion]: https://github.com/alexander-irion
+[@Remulic]: https://github.com/Remulic
diff --git a/README.md b/README.md
@@ -119,6 +119,24 @@ void main() async {
 
 > `SSHSocket` is an interface and it's possible to implement your own `SSHSocket` if you want to use a different underlying transport rather than standard TCP socket. For example WebSocket or Unix domain socket.
 
+### Customize client SSH identification
+
+If your jump host or SSH gateway restricts client versions, you can customize the
+software version part of the identification string (`SSH-2.0-<ident>`):
+
+```dart
+void main() async {
+  final client = SSHClient(
+    await SSHSocket.connect('localhost', 22),
+    username: '<username>',
+    onPasswordRequest: () => '<password>',
+    ident: 'MyClient_1.0',
+  );
+}
+```
+
+`ident` defaults to `DartSSH_2.0`.
+
 ### Spawn a shell on remote host
 
 ```dart
diff --git a/lib/src/ssh_client.dart b/lib/src/ssh_client.dart
@@ -187,8 +187,8 @@ class SSHClient {
     this.onX11Forward,
     this.keepAliveInterval = const Duration(seconds: 10),
     this.disableHostkeyVerification = false,
-    this.ident = 'DartSSH_2.0',
-  }) {
+    String ident = 'DartSSH_2.0',
+  }) : ident = _validateIdent(ident) {
     _transport = SSHTransport(
       socket,
       isServer: false,
@@ -216,6 +216,26 @@ class SSHClient {
     }
   }
 
+  static String _validateIdent(String ident) {
+    if (ident.isEmpty) {
+      throw ArgumentError.value(
+        ident,
+        'ident',
+        'must not be empty',
+      );
+    }
+
+    if (ident.contains('\r') || ident.contains('\n')) {
+      throw ArgumentError.value(
+        ident,
+        'ident',
+        'must not contain carriage return or newline characters',
+      );
+    }
+
+    return ident;
+  }
+
   late final SSHTransport _transport;
 
   /// A [Completer] that completes when the client has authenticated, or
diff --git a/test/src/ssh_client_ident_test.dart b/test/src/ssh_client_ident_test.dart
@@ -0,0 +1,130 @@
+import 'dart:async';
+import 'dart:convert';
+import 'dart:typed_data';
+
+import 'package:dartssh2/dartssh2.dart';
+import 'package:test/test.dart';
+
+void main() {
+  group('SSHClient.ident', () {
+    test('uses default ident when not provided', () async {
+      final socket = _FakeSSHSocket();
+      final client = SSHClient(
+        socket,
+        username: 'demo',
+      );
+
+      await Future<void>.delayed(Duration.zero);
+
+      expect(client.ident, 'DartSSH_2.0');
+      expect(socket.writes, contains('SSH-2.0-DartSSH_2.0\r\n'));
+
+      client.close();
+    });
+
+    test('uses custom ident when provided', () async {
+      final socket = _FakeSSHSocket();
+      final client = SSHClient(
+        socket,
+        username: 'demo',
+        ident: 'MyClient_1.0',
+      );
+
+      await Future<void>.delayed(Duration.zero);
+
+      expect(client.ident, 'MyClient_1.0');
+      expect(socket.writes, contains('SSH-2.0-MyClient_1.0\r\n'));
+
+      client.close();
+    });
+
+    test('throws when ident is empty', () {
+      expect(
+        () => SSHClient(
+          _FakeSSHSocket(),
+          username: 'demo',
+          ident: '',
+        ),
+        throwsA(isA<ArgumentError>()),
+      );
+    });
+
+    test('throws when ident contains newline characters', () {
+      expect(
+        () => SSHClient(
+          _FakeSSHSocket(),
+          username: 'demo',
+          ident: 'Bad\nIdent',
+        ),
+        throwsA(isA<ArgumentError>()),
+      );
+
+      expect(
+        () => SSHClient(
+          _FakeSSHSocket(),
+          username: 'demo',
+          ident: 'Bad\rIdent',
+        ),
+        throwsA(isA<ArgumentError>()),
+      );
+    });
+  });
+}
+
+class _FakeSSHSocket implements SSHSocket {
+  final _inputController = StreamController<Uint8List>();
+  final _doneCompleter = Completer<void>();
+  final writes = <String>[];
+
+  @override
+  Stream<Uint8List> get stream => _inputController.stream;
+
+  @override
+  StreamSink<List<int>> get sink => _RecordingSink(writes);
+
+  @override
+  Future<void> get done => _doneCompleter.future;
+
+  @override
+  Future<void> close() async {
+    if (!_doneCompleter.isCompleted) {
+      _doneCompleter.complete();
+    }
+    await _inputController.close();
+  }
+
+  @override
+  void destroy() {
+    if (!_doneCompleter.isCompleted) {
+      _doneCompleter.complete();
+    }
+    unawaited(_inputController.close());
+  }
+}
+
+class _RecordingSink implements StreamSink<List<int>> {
+  _RecordingSink(this._writes);
+
+  final List<String> _writes;
+
+  @override
+  void add(List<int> data) {
+    _writes.add(latin1.decode(data));
+  }
+
+  @override
+  void addError(Object error, [StackTrace? stackTrace]) {}
+
+  @override
+  Future<void> addStream(Stream<List<int>> stream) async {
+    await for (final data in stream) {
+      add(data);
+    }
+  }
+
+  @override
+  Future<void> close() async {}
+
+  @override
+  Future<void> get done async {}
+}
