Skip to content

SSH

SSH (Secure Shell) is a critical protocol that provides a secure, encrypted channel for remote administration and data transfer over an unsecured network. It ensures the confidentiality and integrity of data, protecting against eavesdropping and man-in-the-middle attacks. However, SSH can also be exploited by attackers to establish persistent, covert access to compromised systems.

SSH in nzyme

Nzyme parses SSH traffic. The reported data includes:

  • Source Address (SSH client)
  • Destination Address (SSH server)
  • Client SSH software and version
  • Server SSH software and version
  • Timestamps of session establishment, most recent segment and termination

All sessions are tracked over the duration of their lifetime and assigned a unique ID. Most information is derived during the initial, unencrypted handshake.

You can find a list of all recorded SSH sessions on the Remote Access page under Ethernet in the sidebar of your nzyme web interface.

Note that some legitimate systems (like, for example, git) use SSH for their communication. Consider this when analyzing SSH traffic using nzyme.