[u123u4]

What would happen if I, as an unprivileged user on the box running this, did this:

for port in $(seq 1024 65535); do ./my-ssh-sniffer-thing $port &; done

I leave my ssh at port 22 to make sure only root can bind to whatever i send my password/keys to and/or the AllowGroups directive in sshd_config(That way I dont accidentally allow my test:test1234 SSH-access.)

[robryk]

Nit: You do not "send your keys" to the SSH server. You only sign a statement using them. The statement contains some session data that is generated by the server and client together while setting up the session; this makes the signature useless for trying to impersonate the client in any future or concurrent connections.