Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: How to decrypt a connection SSH v2?
From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 10 Jul 2008 00:00:47 -0400

On Wed, Jul 9, 2008 at 10:05 PM, Ulises2k <ulises2k () gmail com> wrote:
Hi,
How to decrypt a connection SSH v2?

I have the private and public keys.

I have all sesion sniffed.

I'm afraid that's not enough.  SSH implements forward secrecy [1],
which means that the server uses temporary (or ephemeral) keys to
encrypt the session traffic.  Having the the private key doesn't give
you the ability to reverse the ephemeral keys and actually decrypt
session data.

PaulM

[1] http://en.wikipedia.org/wiki/Perfect_forward_secrecy

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault