Hello everyone,

I am going to write an SSH Intrusion Detection System and I was just
Assuming the packet sniffing component is on the same machine as the SSH
service, so that it will capture the traffic between the client and the
the IDS should be able to capture the certificate and the session public
So wouldnt the IDS be able to decrypt and read all of the traffic?

I mean, it seems blatant that it can, but being a novice to encyption, im
not too sure.

Does anyone know if this will work?

Thanks in advance,

Davie Elliott