Wireshark mailing list archives
Re: Trying to decode sshv2 traffic
From: Evan Huus <eapache () gmail com>
Date: Tue, 17 Jun 2014 14:30:32 -0700
On Tue, Jun 17, 2014 at 2:28 PM, Luis EG Ontanon <luis () ontanon org> wrote:
To handle Diffie-Hellman exchanges what should be implemented is a credentials-leaking protocol. Two components, one in the ssh library that somehow leaks the credentials,
Good luck convincing any ssh libraries to implement that :P
and one in Wireshark that uses the leaked info to configure decryption. IMHO using TCP OOB would be excellent as it would match the same tcp filter, but it has the problem that it goes all the way so is visible in the entire path. Other alternative would be targeting UDP packets towards the sniffer... Both create a major risk, but they can be very helpful for development. On Tue, Jun 17, 2014 at 4:17 PM, M Holt <m.iostreams () gmail com> wrote:SSH uses Diffie-Hellman key exchange, which creates a shared 'ephemeral'keyfor encryption. As such, there is no current method of decrypting thistypeof traffic. For more info, take a look here: http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange On Tue, Jun 17, 2014 at 1:41 PM, Ahmed Zaki <ahmed.mahmoudzaki () gmail com wrote:Thank you Jeff. Do you think we can submit it as a future enhancement? On Tue, Jun 17, 2014 at 8:16 PM, Jeff Morriss <jeff.morriss.ws () gmail com>wrote:On 06/17/14 12:59, Ahmed Zaki wrote:Dear All, I captured SSHV2 trace file between two servers, I want to see the decrypted packets. Any ideas about how I can decrypt the packets? I believe it is possible to collect the public keys from both servers, Is this going to help?Unfortunately, no. The SSH dissector in Wireshark is not able todecryptSSH packets. See: http://wiki.wireshark.org/SSH___________________________________________________________________________Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________Sent via: Wireshark-users mailing list <wireshark-users () wireshark org Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe-- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Trying to decode sshv2 traffic Ahmed Zaki (Jun 17)
- Re: Trying to decode sshv2 traffic Jeff Morriss (Jun 17)
- Re: Trying to decode sshv2 traffic Ahmed Zaki (Jun 17)
- Re: Trying to decode sshv2 traffic M Holt (Jun 17)
- Re: Trying to decode sshv2 traffic Luis EG Ontanon (Jun 17)
- Re: Trying to decode sshv2 traffic Evan Huus (Jun 17)
- Re: Trying to decode sshv2 traffic Ahmed Zaki (Jun 17)
- Re: Trying to decode sshv2 traffic Jeff Morriss (Jun 17)