Comment by Nauxuron

This really does not need to be that hard. For TLS, many tools support setting the SSLKEYLOGFILE environment variable to log the session keys used in connections. Wireshark can import those to decrypt everything. [1]

Unfortunately, nothing exists for SSH (yet?). [2]

I do agree that if you design a protocol that enforces encryption, you should include some debugging interface. It is much more straightforward to do this by logging the session secrets on the endpoints rather than trying to break it through a man-in-the-middle, the main thing the protocol is protecting you against.

[1]: https://wiki.wireshark.org/TLS

[2]: https://gitlab.com/wireshark/wireshark/-/issues/16054