Is it possible to decrypt an SSH session with the public AND private key used for the session? I have a network capture of the packets, and I have no idea what tools I'd be able to use to do so. Can anyone point me in the right direction? I've tried searching for it, but the results don't really seem to be what I'm looking for. Thanks in advance! (If it matters, I'm in Ubuntu linux.)
Asked
Active
Viewed 6,398 times
3
-
Why are you trying to do this? – SLaks Oct 25 '09 at 23:43
-
@Slaks: I've been trying to learn about encryption, and a friend of mine who's a computer guy told me to try to figure it out. Thing is, I think he's just messing around me, since he probably knows that I think it's possible. – Oct 25 '09 at 23:47
2 Answers
4
There is no way to do this due to the Diffie-Hellman key exchange, even if both sets of keys are known on both machines. These keys are not actually used to encrypt traffic.
Your options are patching the SSH server, or performing what's known as a 'man-in-the-middle' attack, since you know both the private and public keys of both machines, this is feasible.
Sam Halicke
- 6,122
- 1
- 24
- 35
0
You can try Wireshark. I know it can decrypt SSL traffic if you have the proper keys.
From their documentation:
Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
Taylor Leese
- 179
- 3
- 10
-
-
It seems that there's a lot of options in the preferences for SSL, but no luck with SSH. ): – Oct 26 '09 at 00:13