Re: Sniffing on SSH providing private key

From: Simon Tatham (anakin@pobox.com)
Date: 11/06/02 

From: Simon Tatham <anakin@pobox.com>
Date: 06 Nov 2002 09:27:51 +0000 (GMT)

Ghaith Nasrawi <libero@aucegypt.edu> wrote:
> i'd like to know if there exist any tool that would enable me of
> sniffing SSH connectin providing that I have the private key. I want
> to know what is going exactly and have a copy of all the commands
> being passed to the kernel on such a connection.

I doubt it.

In SSH2, you simply can't do this - the key exchange is done using
unique private values invented separately for each connection and
discarded afterwards, and the host key is only used to produce a
signature on the resulting shared secret. So knowing the private
host key helps you not at all with the key exchange.

In SSH1, two RSA keys are used to encrypt the bulk session key, one
of which is the host key (so you can decrypt that if you have the
private key); but the other is made up by the SSH server every hour
and discarded after that, precisely _in order_ that someone with the
private key can't retrospectively decrypt recorded session data
(forward security). If you could somehow reach into the SSH server
process and get hold of the private server key within the same hour
as the start of the connection you were interested in, you'd then be
able to decrypt the whole session, but that's probably not easy.

If you need to know the contents of one of your SSH sessions, I
suspect the only really feasible way is to get either your server or
your client program to log the contents in full. PuTTY will do this
for you at the client end; I don't know of any server which can be
configured to do the same. 

-- 
Simon Tatham         "That all men should be brothers is a
<anakin@pobox.com>    dream of people who have no brothers."

Relevant Pages

  • Re: What is The SSH?
    ... Building and Using SSH Tunnels ... What is an SSH tunnel? ... how to use it to make a connection to a server. ... You will need a working SSH client and server installation to build and test ...
    (microsoft.public.windows.server.networking)
  • Re: how to map drive via ssh?
    ... I'm assuming that both machines (client and server) are running ... be tunnelled over an SSH connection, ...
    (comp.security.ssh)
  • Re: Secure file sharing without OS X server?
    ... So I poked the GUI a bit - Finder, cmd-K, hit `Browse' in the `Connect ... to server' window, open the required server in the network browser, and ... them says `Allow secure connections using ssh'. ... `Can't make a secure connection to server ...
    (uk.comp.sys.mac)
  • ssh connections hang; un-hang on subsequent connection
    ... I'm experiencing a strange problem with ssh connections to my ssh server ... I can make an initial connection to my ssh server fine. ... When I re-connect with ssh, the first session "thaws" and all ...
    (comp.security.ssh)
  • RE: Re: Remote connections
    ... Compliments of Cygwin you can setup a SSH server on ... connection through the SSH connection. ... Aside from creating a VPN tunnel and then performing a Remote Desktop ... Server Terminal Services and XP and 2003 server Remote Desktop machines. ...
    (Focus-Microsoft)