RFC 4253: Section 7. KeyExchange Key exchange (kex) begins by each side sending name-lists of supported algorithms. Each side has a preferred algorithm in each category, and it is assumed that most implementations, at any given time, will use the same preferred algorithm. Each side MAY guess which algorithm the other side is using, and MAY send an initial key exchange packet according to the algorithm, if appropriate for the preferred method. The guess is considered wrong if: o the kex algorithm and/or the host key algorithm is guessed wrong (server and client have different preferred algorithm), or o if any of the other algorithms cannot be agreed upon (the procedure is defined below in Section 7.1). Otherwise, the guess is considered to be right, and the optimistically sent packet MUST be handled as the first key exchange packet. However, if the guess was wrong, and a packet was optimistically sent by one or both parties, such packets MUST be ignored (even if the error in the guess would not affect the contents of the initial packet(s)), and the appropriate side MUST send the correct initial packet. A key exchange method uses explicit server authentication if the key exchange messages include a signature or other proof of the server's authenticity. A key exchange method uses implicit server authentication if, in order to prove its authenticity, the server also has to prove that it knows the shared secret, K, by sending a message and a corresponding MAC that the client can verify. The key exchange method defined by this document uses explicit server authentication. However, key exchange methods with implicit server authentication MAY be used with this protocol. After a key exchange with implicit server authentication, the client MUST wait for a response to its service request message before sending any further data.

'Declaration
 
Public Overloads Sub KeyExchange( _
   ByRef sharedSecret() As Byte, _
   ByRef exchangeHash() As Byte, _
   ByRef keyExchangeAlgorithm As ISSHKeyExchangeAlgorithm, _
   ByRef publicKeyAlgorithm As ISSHPublicKeyAlgorithm, _
   ByRef encryptionAlgorithmClientToServer As ISSHEncryptionAlgorithm, _
   ByRef encryptionAlgorithmServerToClient As ISSHEncryptionAlgorithm, _
   ByRef dataIntegrityAlgorithmClientToServer As ISSHDataIntegrityAlgorithm, _
   ByRef dataIntegrityAlgorithmServerToClient As ISSHDataIntegrityAlgorithm, _
   ByRef compressionAlgorithmClientToServer As ISSHCompressionAlgorithm, _
   ByRef compressionAlgorithmServerToClient As ISSHCompressionAlgorithm _
) 

'Usage
 
Dim instance As SSHTransportLayerProtocol
Dim sharedSecret() As Byte
Dim exchangeHash() As Byte
Dim keyExchangeAlgorithm As ISSHKeyExchangeAlgorithm
Dim publicKeyAlgorithm As ISSHPublicKeyAlgorithm
Dim encryptionAlgorithmClientToServer As ISSHEncryptionAlgorithm
Dim encryptionAlgorithmServerToClient As ISSHEncryptionAlgorithm
Dim dataIntegrityAlgorithmClientToServer As ISSHDataIntegrityAlgorithm
Dim dataIntegrityAlgorithmServerToClient As ISSHDataIntegrityAlgorithm
Dim compressionAlgorithmClientToServer As ISSHCompressionAlgorithm
Dim compressionAlgorithmServerToClient As ISSHCompressionAlgorithm
 
instance.KeyExchange(sharedSecret, exchangeHash, keyExchangeAlgorithm, publicKeyAlgorithm, encryptionAlgorithmClientToServer, encryptionAlgorithmServerToClient, dataIntegrityAlgorithmClientToServer, dataIntegrityAlgorithmServerToClient, compressionAlgorithmClientToServer, compressionAlgorithmServerToClient)

public void KeyExchange( 
   out byte[] sharedSecret,
   out byte[] exchangeHash,
   out ISSHKeyExchangeAlgorithm keyExchangeAlgorithm,
   out ISSHPublicKeyAlgorithm publicKeyAlgorithm,
   out ISSHEncryptionAlgorithm encryptionAlgorithmClientToServer,
   out ISSHEncryptionAlgorithm encryptionAlgorithmServerToClient,
   out ISSHDataIntegrityAlgorithm dataIntegrityAlgorithmClientToServer,
   out ISSHDataIntegrityAlgorithm dataIntegrityAlgorithmServerToClient,
   out ISSHCompressionAlgorithm compressionAlgorithmClientToServer,
   out ISSHCompressionAlgorithm compressionAlgorithmServerToClient
)