I want to use it on my own machine to test snort and other IDS's to see how/if they work. I'm doing in conjunction with another person and we were gonna put our findings in a report.

The server is Debian squeeze running on PowerPC. If no such software exists I would appreciate any advice on how I should approach this.

I'm willing to use/install older, vulnerable software to achieve this. It doesn't necessarily have to be SSH, its just the first thing that comes to mind because it seems to be the most widely used network utility.

Any ideas?

I'm not sure whether it's you or me who's not understanding here.
As I understand it if you did manage to "listen in" on an SSH session then you would be using a man-in-the-middle attack so any data seen by Snort would be indistinguishable from a legitimate SSH session -- otherwise SSH itself would either not work or alert you to the problem itself.
Have you played with SSH and seen what happens when you replace onw host with another on the same IP then try to SSH into the new host, for example?

tcpdump for learning src, dst, ports, sequence no, etc. and Scapy for sending the RST?

I thought to break into an SSH session you needed to either:
Have a machine able to capture the packets and the ability to break the encryption.
Or
Perform a main-in-the-middle attack (relying upon the user not noticing a warning or on some vulnerability).
Both of which ought to be transparent to an IDS as the first does nothing to the data stream and the second looks like legitimate SSH traffic since it is, to all intents and purposes, legitimate SSH traffic or it wouldn't work?

Either method can capture the data stream which would look like garbage. Once the NIC is placed in promiscuous mode, it will capture all of the traffic on the wire and this can be saved and analyzed. The data gets decrypted at the application level and the network sniffer operates below that, so unless your acting like the MITM and capturing the decrypted traffic, all you will see besides the session handshaking is the garbage.

I think we're typing at cross-purposes.
My point was that if you can tap into an SSH session then no IDS will see that -- so it is not something you can use to "try out" Snort.

Ah, I see what you're saying. Good point, no an IDS wouldn't help here. At best an network IDS would detect "bad" connection attempts via the packets, but those would probably be mostly benign anyway. A host IDS (not Snort) that looks at the log files and takes evasive action, such as a firewall block, would be much more beneficial.

Let's also be clear about the purpose of this thread: if it's about disrupting sessions by injecting packets at the transport layer that's fine but performing any MitM clearly isn't under the LQ Rules.