SSH decryption encrypted packet - possible?

asked 2024-11-07 16:11:56 +0000

.Etc gravatar image

I'm trying to find information on whether it is possible to decrypt encrypted traffic: Key Exchange (method:diffie-hellman-group-exchange-sha256), but when looking everywhere I see contradictory information. There is a key selection field in protocols > ssh, will this allow packets to be decrypted? My setup is a QNX server <-> laptop, I have access to both devices and I am trying to analyze the communication. I only have ssh_host_rsa_key from the QNX server, I don't have a shared secret yet, and I don't know how to calculate it yet, but the question is whether it makes sense to look for it?

edit retag flag offensive close merge delete

Comments

Thank you, I've seen these posts and plenty of others. Two of them show that it is "IN PROGRESS" and #877 shows that it has already been done. Where can I find more technical documentation on how to use it?

.Etc gravatar image.Etc ( 2024-11-07 16:52:42 +0000 )edit

I haven't found a working sample with keys.
Info here on getting "shared secret": 10403: SSHv2: Add support for reading shared secret from keylog file

Chuckc gravatar imageChuckc ( 2024-11-07 19:29:08 +0000 )edit

I think it depends on the SSL library used. In tests with the MS blessed OpenSSH (see here the LibreSSL library is used, which AFAICT does not support SSHKEYLOGFILE. Other versions of SSH may use a different library, e.g. openssl, which should support key extraction.

grahamb gravatar imagegrahamb ( 2024-11-11 16:20:38 +0000 )edit