"You can run this shell script (which I'll admit is a
little sketchy - written under duress ;) fairly simply, like so:
host # ./ssh-snoop
"The picture below shows the minimal interactivity at startup
(just to confirm that you get the base SSH process - since the
strace call will run down all the forked processes from the root).
In the case shown below the username is "user123" and the password
is "easyPass" You'll have to sift through a few lines of garbage,
but it's better then combing the full strace output:"