Reading time: 3 – 5 minutes
Using sslsnoop you can dump SSH keys used in a session and decode ciphered traffic. Supported algorithms are: aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc.
Basic sslsnoop information:
$ sudo sslsnoop # try ssh, sshd and ssh-agent... for various things
$ sudo sslsnoop-openssh live `pgrep ssh` # dumps SSH decrypted traffic in outputs/
$ sudo sslsnoop-openssh offline --help # dumps SSH decrypted traffic in outputs/ from a pcap file
$ sudo sslsnoop-openssl `pgrep ssh-agent` # dumps RSA and DSA keysTake a look into the project in sslsnoop github page.