Extracting ephemeral keys for session decryption

halfdog me at halfdog.net
Sun Dec 4 02:58:53 AEDT 2016

Dear list members,

To decrypt SSH sessions, especially with PFS, the ephemeral keys
would be needed. I want to create a demo to show how this would
be working. I did a search but did not find material good enough
to start working on it immediately.

Are there any documents known, that describe how to proceed? I
do not care about the method: recompiling SSH, ptrace, kernel
module would be all fine to do it.

Without such information already available, where would be the
best position to tap in? For v2 PFS protocols key extraction is
a must, but of course it would be nice if same method could be
applied in general to eliminate the need to know at least server
or client private key. Is there an intersection in the code path
of DH/non-DH and perhaps v1/v2 session key generation?

Would it be sufficient to tap the key once and then follow only
the stream or would SSH go though full key renegotiation after
some while, thus repeated tapping is required?

I think the output of this could be a nice thing to learn from,
also for others. Therefore any help with the key extraction part
would be appreciated.


PS: If demos are not yet available, everyone wanting to participate
in creating a demo is welcome! Intended output is blog post. No
companies, universities, military and no money involved!

More information about the openssh-unix-dev mailing list