SSH IDS
- From: "coder" <elite.coder@xxxxxxxxxxxx>
- Date: Thu, 16 Mar 2006 02:43:56 -0000
Hello everyone,
I am going to write an SSH Intrusion Detection System and I was just
wondering.
Assuming the packet sniffing component is on the same machine as the SSH
service, so that it will capture the traffic between the client and the
server,
the IDS should be able to capture the certificate and the session public
key...
So wouldnt the IDS be able to decrypt and read all of the traffic?
I mean, it seems blatant that it can, but being a novice to encyption, im
not too sure.
Does anyone know if this will work?
Thanks in advance,
Davie Elliott
- Prev by Date: Re: PAM and SSH
- Next by Date: Re: Openssh v4.2-3 vs. HP-UX 11iv1 TCB
- Previous by thread: Tunnels Set Up, But Not Working - Open SSH_4.3 / SSH 1.5 / Linux 2.6.15
- Next by thread: chroot certain users
- Index(es):
