A question was recently asked of me that has me kind of baffled. Is it possible to decrypt an ssh session on the network IDS node using a public key? I had no idea and I hate not knowing things. I've done some searching on the web and am still looking for something to enlighten me, but in the meantime, could someone break down how the encryption scheme with ssh works, and how public and private keys come into play with this protocol. To be more specific; if the public keys of servers running the ssh server/daemon were stored on the network ids, could those packets be opened and examined? This being that if an attacker was able to open an ssh session to a server that he/she otherwise wouldn't be able to, how would the net security folks be able to see exactly what the attacker did? I know this might seem like a bunch of jumbled up ideas, but if someone could help or point me in the right direction, that would be cool. Thanks a ton.

-the eeshman