[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Decrypting data within an opened channel?


Hey guys,

Encrypted data moving from a client to a server should keep the same
encryption key regardless of if an SSH channel has been opened or not,
right? And by channel, I mean something created by the ssh_channel_new()
function.

To explain, I'm working on an SSH proxy of sorts, and so naturally, one of
the things I do is:
a. See incoming raw encrypted SSH data coming in, wrapped in TCP.
b. Decrypt that data after stripping the TCP headers off, using
packet_decrypt_len() or packet_decrypt() and providing the length manually
(both of these are libssh provided functions, though not part of the API).
c. Look at the raw unencrypted data, and expect it to be of the normal SSH
binary format from here: https://tools.ietf.org/html/rfc4253#section-6
d. Encrypt the data we were just looking at, and wrap in in the appropriate
headers (a modified version of packet_send2 is doing this for me
wonderfully during testing).

This is all working for me, except when it comes time to transmit the
actual exec command I am trying to use. So, I manage to successfully open a
proxied channel, which indicates that my decryption and encryption logic is
working properly.
Also, disconnect messages are properly read and transmitted, where all
sides can see the plaintext, so I am very confident of the logic in steps
a. to d. listed above.
As one last example, I can clearly see the decrypted ASCII text of certain
encrypted traffic that brings us up to this problem point, such as
"Zsession" in this decrypted hex traffic:
5A0000000773657373696F6E000000000020000000008000

But when the client sends the encrypted packet which contains the command
we want to exec inside of it, I cannot decrypt it -- I just get garbage
when I try. It is as if there is some other encryption key I need to be
using. The function I am using to decrypt is the same as listed in step b.
The encryption function I use shouldn't matter in this case, since the
client is encrypting the message before it reaches my proxy code.

Again, this proxy successfully opens the channel, and successfully decrypts
and re-encrypts custom disconnected messages.

Any help or ideas would be great -- I've spent all day working on this,
with no luck!

Thank you!

-Karl

Follow-Ups:
Re: Decrypting data within an opened channel?Aris Adamantiadis <aris@xxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org