Can copy the SSLKEYLOGFILE from the remote system to then use locally with saved SSH remote capture. But that is cumbersome and not live.
What I'd like is to SSH remote capture and have Wireshark use the SSLKEYLOGFILE that is on the remote system to decrypt the SSH remote capture live.
Maybe a option in the SSH capture configuration profile pointing to the SSLKEYLOGFILE on the remote system. Wireshark could then use the SSH capture credentials to access the SSLKEYLOGFILE.
Tried using an SSH tail command like this as the (Pre)-Master-Secret log filename. Not surprisingly it didn't work though.
"C:\Program Files\PuTTY\plink.exe" -batch -ssh [email protected] tail -F /var/SSLKEYLOGFILE.txt
(The command does function as expected in command prompt. Just doesn't provide the desired Wireshark result. i.e. live SSH remote capture decryption.)