Read SSH packets?

Is there any way I can pass the SSH packets through Wireshark in such a way that it can read them? I can imagine using some sort of proxy, pipe or man-in-the-middle attack, but don't really know how to go about pulling it off, and google hasn't been terribly helpful on the matter. Could anyone offer an insight as to whether this is even possible, and if so, how to approach it? Thanks.

ssh

asked 21 Mar '11, 10:45

Biscuit
1●1●1●1
accept rate: 0%

One Answer:

oldest newest most voted

You'll need the RSA (encryption) keys. See the wiki (http://wiki.wireshark.org/SSL) for further info/guidance/details.

link

answered 21 Mar '11, 15:44

wesmorgan1
301●4●6●16
accept rate: 2%

SSL is actually a totally different protocol from SSH. Currently, Wireshark does not do SSH decryption.

(21 Mar '11, 15:50) SYN-bit ♦♦

That's what I get for reading too quickly - thanks for the correction!

(21 Mar '11, 16:04) wesmorgan1

Your answer

toggle preview

community wiki

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

ssh ×7

Asked: 21 Mar '11, 10:45

Seen: 1,739 times

Last updated: 21 Mar '11, 16:04

Read SSH packets?

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions