ssh加解密教程

Question

ssh加解密教程

Closed this issue 5 months ago · 4 comments

是否可以提供关于 SSH 程序加解密教程，CentOS8 版本 openssh 好像没有找到 opessl 依赖希望能提供一份教程

Answer 1 · 2023-12-26T03:23:59.000Z

根据 Wireshark WIKI：https://wiki.wireshark.org/SSH

Unlike the TLS dissector, no code has been written to decrypt encrypted SSH packets/payload (yet). This is also not possible unless the shared secret (from the Diffie-Hellman key exchange) is extracted from the SSH server or client (see, as an example of a mechanism to extract internal information of that sort, the "SSLKEYLOGFILE" method in TLS). Work on SSH2 decryption is tracked at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16054

Answer 2 · 2023-12-30T16:31:42.000Z

ping @sun363587351 ???

Answer 3 · 2024-01-02T09:49:44.000Z

这篇文章似乎是一个可行的方案：https://blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/

ecap 如果想要支持 ssh 协议，需要像文中一样获取 session key（我没有找到合适的 hook 点），写自定义的 parser 来解析 ssh packet，PR Welcome。

Answer 4 · 2024-01-04T13:50:47.000Z

我觉得“SSH的密钥捕获”这需求不是一个常规的分析调试需求，有点偏向后门类需求，eCapture暂时无这类规划。

如果贴主是研究技术的话，可以通过楼上同学给的资料，自己分析学习一下。