how to decrypt SSH packets captured on Wireshark tool on a SUSE Linux box
According to the SSH section of the Wireshark Wiki, only the plaintext parts of the connection (for key-exchange and other hand-shaking) are available and it is not possible to decrypt the encrypted packets.
The SSH dissector in Wireshark is functional, dissecting most of the connection setup packets which are not encrypted.
Unlike the SSL dissector, no code has been written to decrypt encrypted SSH packets/payload. This is also not possible unless the shared secret (from the Diffie-Hellman key exchange) is extracted from the SSH server or client (the "SSLKEYLOGFILE" method in SSL).
Related videos on Youtube
Devi Varaprasad Vasireddy
Updated on September 18, 2022Comments
-
Devi Varaprasad Vasireddy over 1 year
Actually i want to compare two ssh clients, custom client(using OpenSSH library) and PuTTY. And see what commands are being sent. i am using Wireshark on SUSE linux box for capturing network packets. Problem i am facing is that all the packets shown in wireshark are encrypted. is there a way to decrypt the ssh packets that came from client?
Setup: SUSE linux box has SSH server running. Enabled password authentication and disabled pubkeyauthentication.