recovering SSH2 sessions while knowing the key and how to have it
anton at chuvakin.org
Fri Mar 15 02:22:31 EST 2002
I hope it is the right forum to ask the question, since it is more about
openssh internals then about usage.
I want to do a weird thing with my openssh daemon for the honeypot setup.
Namely, I want it to covertly broadcast the session key, so that, upon
sniffing the session, the contents can be recovered.
My C skills will be sufficient to find a session key by digging into the
ssh source. But my problem is building a recovery tool. Honestly, I have
no idea how to approach it, while I have some idea about ssh protocol.
Thus, I would appreciate *ANY* feedback on that, even a pile of ideas is
better than what I have now.
P.S. If you are familiar with honeynet setup, please do not suggest that I
use LKM or a trojaned bash to do the session recovery. I will! I just need
a second layer of defense here. Also, recovering scp-ed files is kinda
tricky via LKM.
Thanks a lot in advance. I will appreciate any help!
P.S. Please, do answer directly to me as well as to the list.
Anton A. Chuvakin, Ph.D.
More information about the openssh-unix-dev