Secure Shell (SSH)

Secure Shell (SSH) is a replacement for older remote shell programs such as telnet. SSH uses encryption to protect the contents (most notably passwords) being sent over its connection.

History

XXX - add a brief description of SSH history

Protocol dependencies

• TCP: Typically, SSH uses TCP as its transport protocol. The well known TCP port for SSH traffic is 22.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The SSH dissector in Wireshark is functional, dissecting most of the connection setup packets which are not encrypted.

Unlike the TLS dissector, no code has been written to decrypt encrypted SSH packets/payload (yet). This is also not possible unless the shared secret (from the Diffie-Hellman key exchange) is extracted from the SSH server or client (see, as an example of a mechanism to extract internal information of that sort, the "SSLKEYLOGFILE" method in TLS). Work on SSH2 decryption is tracked at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16054

Preference Settings

The SSH dissector has a preference to determine whether it should reassemble PDUs spread across multiple TCP segments. For this to work the TCP option "Allow subdissectors to reassemble TCP streams" must be enabled.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of SSH display filter fields can be found in the display filter reference

Show only the SSH based traffic:

 ssh 

Capture Filter

You cannot directly filter SSH protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

Key Log Format

Decryption can be enabled by supplying a key log file. This text file must follow the following format:

Every line consists of a cookie, key type, and key separated by one space. The cookie is the hex-encoded (client or server) 16 bytes cookie (32 characters) found in the SSH_MSG_KEXINIT sent during algorithm negotiation by the endpoint whose private random is disclosed. The key type is either SHARED_SECRET or PRIVATE_KEY. The key is hex-encoded and either the shared secret ('K' in RFC 4253) or the private random number (referred to as 'x' for the client and 'y' for the server in RFC 4253) used to generate the shared secret during DH key exchange; its length depends on the algorithm.

The cookie is used to identify the session, and either the SHARED_SECRET is used directly, or is derived from the PRIVATE_KEYs from both sides.

The key log file can be embedded in a pcapng Decryption Secrets Block.

External links

• RFC 4250 - The Secure Shell (SSH) Protocol Assigned Numbers

• RFC 4251 - The Secure Shell (SSH) Protocol Architecture

• RFC 4252 - The Secure Shell (SSH) Authentication Protocol

• RFC 4253 - The Secure Shell (SSH) Transport Layer Protocol

• RFC 4254 - The Secure Shell (SSH) Connection Protocol

• RFC 4419 - Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol

• RFC 5656 - Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer

• Other documents from the concluded Secure Shell (secsh) IETF working group

• IANA: Secure Shell (SSH) Protocol Parameters

Discussion

Imported from https://wiki.wireshark.org/SSH on 2020-08-11 23:25:52 UTC