How to decrypt SSH messages in Wireshark

I have written an Erlang application to send data over SSH to a server. The Erlang application acts as client in my setup. The client uses OTP ssh module. It uses various ssh functions such as ssh:connect, ssh_connection:session_channel & ssh_connection:send.

In order to debug an issue, I am using Wireshark application to check the packets exchanged between the client and server.

I see packets in Wireshark for all steps performed by the client. Most of these packets are encrypted by SSHV2.

In order to decrypt, I need to specify the required file in Wireshark, which contains private key, etc. Where can I find the private key?

I tried to find the details using available ssh function such as ssh:connection_info. But, I could find the private key.

(node1@vm-alarm)6> ssh:connection_info(Client).
1 Like

SSH looks for “~/.ssh/id_<alogrithm>” (at least on UNIX), e.g. “~/.ssh/id_rsa” usually contains private key for ssh using rsa encryption and that is what you’re probably looking for. You can read more about SSH configuration here here.