Penetration Testing mailing list archives
RE: How to decrypt a connection SSH v2?
From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 10 Jul 2008 12:55:42 -0400
I assume if the attacker has the public and private keys from not just one, but both ends, that PFS is not an obstacle.
Let's start with, Disclaimer: I am not a cryptographer. Someone smarter may later contradict what I say here. You're probably wise to listen to them. It's my understanding that even if you have both endpoints' public and private key pairs, that's not enough to recreate the ephemeral keys used during a particular session. Without those keys, the packet capture cannot be decrypted. I believe the bar you must get over to decrypt an SSH session on the network is to be attached to the client or server process with a debugger during the session. PaulM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- How to decrypt a connection SSH v2? Ulises2k (Jul 09)
- Re: How to decrypt a connection SSH v2? Paul Melson (Jul 09)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Tim (Jul 10)
- Re: How to decrypt a connection SSH v2? Jimmy Brokaw (Jul 12)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- RE: How to decrypt a connection SSH v2? Paul Melson (Jul 10)
- RE: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Paul Melson (Jul 09)
- Re: How to decrypt a connection SSH v2? Tim (Jul 10)
- <Possible follow-ups>
- RE: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- Message not available
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 13)
- Message not available