recovering SSH2 sessions while knowing the key and how to have it

Anton Chuvakin anton at
Fri Mar 15 02:22:31 EST 2002

Hello all,

I hope it is the right forum to ask the question, since it is more about
openssh internals then about usage.

I want to do a weird thing with my openssh daemon for the honeypot setup.
Namely, I want it to covertly broadcast the session key, so that, upon
sniffing the session, the contents can be recovered.

My C skills will be sufficient to find a session key by digging into the
ssh source. But my problem is building a recovery tool. Honestly, I have
no idea how to approach it, while I have some idea about ssh protocol.
Thus, I would appreciate *ANY* feedback on that, even a pile of ideas is
better than what I have now.

P.S. If you are familiar with honeynet setup, please do not suggest that I
use LKM or a trojaned bash to do the session recovery. I will! I just need
a second layer of defense here. Also, recovering scp-ed files is kinda
tricky via LKM.

Thanks a lot in advance. I will appreciate any help!

P.S. Please, do answer directly to me as well as to the list.
     Anton A. Chuvakin, Ph.D.

More information about the openssh-unix-dev mailing list