how can i decrypt ssh content by keys - SSH

This is a discussion on how can i decrypt ssh content by keys - SSH ; Hi, i want to analyse the protocol of a software. it uses ssh tunnelling between the server and the client. the os of the server is fc4 and the ssh server is openssh-4.0pl-3. i can do anything in the server ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: how can i decrypt ssh content by keys

  1. how can i decrypt ssh content by keys

    Hi,

    i want to analyse the protocol of a software. it uses ssh tunnelling
    between the server and the client. the os of the server is fc4 and the
    ssh server is openssh-4.0pl-3. i can do anything in the server and the
    client machine.

    is there any tool to decrpyt the ssh content use keys from the server or
    the client? the better is something which can be plugged into the
    ethereal to decrypt package in real time.

    Thanks for your help

    Eric

  2. Re: how can i decrypt ssh content by keys

    >>>>> "EX" == Eric Xiao writes:

    EX> Hi, i want to analyse the protocol of a software. it uses ssh
    EX> tunnelling between the server and the client. the os of the server
    EX> is fc4 and the ssh server is openssh-4.0pl-3. i can do anything in
    EX> the server and the client machine.

    EX> is there any tool to decrpyt the ssh content use keys from the
    EX> server or the client?

    Not with SSH-2. The host and user authentication keys are not used to
    encrypt data. The symmetric encryption keys are ephemeral and disappear
    when the connection is finished.

    As far as the network is concerned, you would either have to modify
    OpenSSH to provide those keys, or execute a man-in-the-middle attack.

    But of course, on either the client or server host you might get at the
    plaintext data in a number of ways, as it enters or leaves the SSH
    processes themselves.

    --
    Richard Silverman
    res@qoxp.net


  3. Re: how can i decrypt ssh content by keys

    Richard,

    Thanks for your help.

    I am newbie to ssh. Could you tell me what are the ways to get the
    plaintext data from client or server host?

    Thanks

    Eric

    ------------------------------------------------------------------------------

    Richard E. Silverman:
    >>>>>> "EX" == Eric Xiao writes:

    >
    > EX> Hi, i want to analyse the protocol of a software. it uses ssh
    > EX> tunnelling between the server and the client. the os of the server
    > EX> is fc4 and the ssh server is openssh-4.0pl-3. i can do anything in
    > EX> the server and the client machine.
    >
    > EX> is there any tool to decrpyt the ssh content use keys from the
    > EX> server or the client?
    >
    > Not with SSH-2. The host and user authentication keys are not used to
    > encrypt data. The symmetric encryption keys are ephemeral and disappear
    > when the connection is finished.
    >
    > As far as the network is concerned, you would either have to modify
    > OpenSSH to provide those keys, or execute a man-in-the-middle attack.
    >
    > But of course, on either the client or server host you might get at the
    > plaintext data in a number of ways, as it enters or leaves the SSH
    > processes themselves.
    >


  4. Re: how can i decrypt ssh content by keys

    >>>>> "EX" == Eric Xiao writes:

    EX> Richard, Thanks for your help.

    EX> I am newbie to ssh. Could you tell me what are the ways to get the
    EX> plaintext data from client or server host?

    This is not a question about SSH so much as it is about Linux in general.
    However, one thing you might do: since it's using a generic SSH server,
    sshd must be running some program on the server which speaks the server
    side of the protocol in question. Replace that program with a wrapper
    that connects sshd to the program, but copies all the data on the pipes
    for you to inspect.

    EX> Thanks

    EX> Eric

    EX> ------------------------------------------------------------------------------

    EX> Richard E. Silverman:
    >>>>>>> "EX" == Eric Xiao writes:

    EX> Hi, i want to analyse the protocol of a software. it uses ssh
    EX> tunnelling between the server and the client. the os of the server
    EX> is fc4 and the ssh server is openssh-4.0pl-3. i can do anything in
    EX> the server and the client machine. is there any tool to decrpyt
    EX> the ssh content use keys from the server or the client?

    >> Not with SSH-2. The host and user authentication keys are not used
    >> to encrypt data. The symmetric encryption keys are ephemeral and
    >> disappear when the connection is finished. As far as the network
    >> is concerned, you would either have to modify OpenSSH to provide
    >> those keys, or execute a man-in-the-middle attack. But of course,
    >> on either the client or server host you might get at the plaintext
    >> data in a number of ways, as it enters or leaves the SSH processes
    >> themselves.
    >>


    --
    Richard Silverman
    res@qoxp.net


  5. Re: how can i decrypt ssh content by keys

    On 2006-06-19, Richard E. Silverman wrote:
    >>>>>> "EX" == Eric Xiao writes:

    >
    > EX> Richard, Thanks for your help.
    >
    > EX> I am newbie to ssh. Could you tell me what are the ways to get the
    > EX> plaintext data from client or server host?
    >
    > This is not a question about SSH so much as it is about Linux in general.
    > However, one thing you might do: since it's using a generic SSH server,
    > sshd must be running some program on the server which speaks the server
    > side of the protocol in question. Replace that program with a wrapper
    > that connects sshd to the program, but copies all the data on the pipes
    > for you to inspect.


    Or at a lower level - http://project.honeynet.org/tools/sebek/ .

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/
    One of my other 11 computers runs Minix.

+ Reply to Thread