Reading time: 3 – 5 minutes
Using sslsnoop you can dump SSH keys used in a session and decode ciphered traffic. Supported algorithms are: aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc.
Basic sslsnoop information:
$ sudo sslsnoop # try ssh, sshd and ssh-agent... for various things $ sudo sslsnoop-openssh live `pgrep ssh` # dumps SSH decrypted traffic in outputs/ $ sudo sslsnoop-openssh offline --help # dumps SSH decrypted traffic in outputs/ from a pcap file $ sudo sslsnoop-openssl `pgrep ssh-agent` # dumps RSA and DSA keys
Take a look into the project in sslsnoop github page.