Reading time: < 1 minute Using sslsnoop you can dump SSH keys used in a session and decode ciphered traffic. Supported algorithms are: aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc. Basic sslsnoop information:
$ sudo sslsnoop # try ssh, sshd and ssh-agent… for various things $ sudo sslsnoop-openssh live `pgrep ssh` # dumps SSH decrypted traffic in outputs/ $ sudo sslsnoop-openssh offline –help # dumps SSH decrypted traffic in outputs/ from a pcap file $ sudo sslsnoop-openssl `pgrep ssh-agent` # dumps RSA and DSA keys
Take a look into the project in sslsnoop github page.