3

The use case is this: Imagine you have two systems, A and B. If system A ssh's into system B and begins transferring over files back to A, I want to be able to decrypt the content of the message being sent.

I understand that in SSH, there is a shared symmetric key that can be used for decryption. If I'm at system B, where can I find this symmetric key?

Rosemond D
  • 31
  • 1

1 Answers1

5

With SSH, TLS and similar protocols the symmetric key is created during a handshake phase using key exchange protocols like Diffie-Hellman Key Exchange. The generated key is kept in memory for the duration of the session, i.e it is not written to disk. Thus to get access to the key you would need to dump the memory of the client or server or would need to rely on functions to explicitly export the key, if available.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • 1
    Historically, this has not always been done correctly, with some implementations reusing session keys or doing other dumb things with them. Key export in particular seems like a Bad Idea because it's just too easy to violate [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) if that functionality is available. – Kevin Apr 27 '17 at 05:08
  • 2
    @Kevin: key export like currently offered by Firefox (but only when compiled with debugging) is just an easier way to get to the keys, which are already on the system but in memory. And its only done when explicitly asked for, i.e. typically only for debugging problems. As for the *"not always been done correctly"* it would be interesting to get references (i.e. CVE or similar) to determine if these problems are relevant in the context of this question. – Steffen Ullrich Apr 27 '17 at 05:14
  • By "not always done correctly" I really meant that although the idea of FS is quite old, it hasn't really been all that popular until recently (not sure if it was Heartbleed or the NSA, but *something* convinced everyone to suddenly start caring). – Kevin Apr 27 '17 at 06:58
  • 2
    @Kevin: I don't think that FS is really relevant for this question because the question asks where the symmetric keys are stored and not how they are generated or how secure the key exchange is. And with RSA key exchange the generated symmetric key is also not stored on disk but only in memory. – Steffen Ullrich Apr 27 '17 at 07:11
  • But with RSA key exchange the generated symmetric key can be extracted from the data transmission, given the RSA private key. – Josef Apr 27 '17 at 08:56
  • 1
    @Josef: sure, if you have access to the private key you can do it. But the OP did not ask how to compute the symmetric key given a sniffed session and the private key. The question was instead where the symmetric key is stored on the system. – Steffen Ullrich Apr 27 '17 at 09:55
  • No@SteffenUllrich The OP explicitely asked: "The use case is this: Imagine you have two systems, A and B. If system A ssh's into system B and begins transferring over files back to A, I want to be able to decrypt the content of the message being sent." – Josef Apr 27 '17 at 13:57
  • @Josef: Maybe we are interpreting the question in a different way. From *If I'm at system B, where can I find this symmetric key?* I understand that the user expects the key to be somewhere available on the system and likes to grab it. But you are correct in that it can also be understood as if the user just somehow likes to get access to the key, even if it has to be computed somehow first from information available at system B. – Steffen Ullrich Apr 27 '17 at 14:02