Reconstruct ssh session - SSH

This is a discussion on Reconstruct ssh session - SSH ; Hi, 1) I need to reconstruct ssh sessions for my application. I have already sniffed the ssh session. Can I decrypt it using private keys of both host if available? If not with private key, what else is required to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Reconstruct ssh session

  1. Reconstruct ssh session

    Hi,

    1) I need to reconstruct ssh sessions for my application. I have
    already sniffed the ssh session. Can I decrypt it using private keys
    of both host if available? If not with private key, what else is
    required to decrypt the data?

    2) I used dumpssl with openssl to decrypt https sessions with known
    private key. Do you know of any such ssh lib to help with ssh
    decryption.


    Thanks,
    Amit


  2. Re: Reconstruct ssh session

    >>>>> "amitjain9" == amitjain9 writes:

    amitjain9> Hi, 1) I need to reconstruct ssh sessions for my
    amitjain9> application. I have already sniffed the ssh session. Can I
    amitjain9> decrypt it using private keys of both host if available?

    No. SSH has perfect forward secrecy, that is, it generates per-session
    encryption keys which do not depend on the hostkeys on either side.

    amitjain9> If not with private key, what else is required to decrypt the
    amitjain9> data?

    You would need to hack the SSH implementation to give you the session
    keys.

    amitjain9> 2) I used dumpssl with openssl to decrypt https sessions
    amitjain9> with known private key.

    That only works if you use a non-pfs cipher suite. SSH has no such
    option, at least not with the usual key exchange algorithms.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread