I'd like to decrypt Wireshark-captured SSH packets. I have both the public and private keys. How can this be done?
Reason: I am trying to decrypt and check the payload of the Hello exchanged packets between ODL controller and a Netconf Server.
Asked
Active
Viewed 4,033 times
3
-
What you mean by "Hello exchanged packets"? They should not be encrypted. The further ones, that are encrypted, you can't. If you could, the protocol would not be secure. They are encrypted using one-time secret derived from the result of key exchange. – Jakuje Jul 11 '16 at 21:02
-
@Jakuje With the private key, can't he determine the key exchange secret? – Jeremy Jul 11 '16 at 21:28
-
@JeremyBanks No. Diffie-Hellman key exchange is using the private key, but also random data from both sides, therefore anyone "on the wire" can't derive the shared secret. This is the main point of DH key exchange. – Jakuje Jul 11 '16 at 21:31
-
but wouldn't that random data be included in the Wireshark dump in a form that he could extract? I don't understand how this would be impossible; it seems like he could essentially replay the exchange as the client and obtain the same state. (Don't feel obligated to humor my ignorant questions.) – Jeremy Jul 11 '16 at 21:33
-
1@Jakuje, the OP may be referring to NETCONF
messages. This protocol uses SSH as transport and has its own hello exchange which would be encrypted entirely (it happens after an SSH session has been established). – predi Jul 12 '16 at 06:52 -
If you wish to debug NETCONF messages, the best way would be to check logs on both sides of the connection. – predi Jul 12 '16 at 06:54
-
The Hello messages are also encrypted and yes you are right, it cant be decrypted. I got to know this from other sources too. It seems i will have to struggle on log to find out this. – Pawash Ahuja Jul 12 '16 at 13:50
-
Is there any way by which i can make the connection only on TCP not including ssh? – Pawash Ahuja Jul 20 '16 at 17:44