Hello everyone, I am going to write an SSH Intrusion Detection System and I was just wondering. Assuming the packet sniffing component is on the same machine as the SSH service, so that it will capture the traffic between the client and the server, the IDS should be able to capture the certificate and the session public key... So wouldnt the IDS be able to decrypt and read all of the traffic?
I mean, it seems blatant that it can, but being a novice to encyption, im not too sure. Does anyone know if this will work? Thanks in advance, Davie Elliott
