Hello everyone,

I am going to write an SSH Intrusion Detection System and I was just
wondering.
Assuming the packet sniffing component is on the same machine as the SSH
service, so that it will capture the traffic between the client and the
server,
the IDS should be able to capture the certificate and the session public
key...
So wouldnt the IDS be able to decrypt and read all of the traffic?

I mean, it seems blatant that it can, but being a novice to encyption, im
not too sure.

Does anyone know if this will work?

Thanks in advance,

Davie Elliott