Contributed by
rueda
on
from the sigint– dept.
Damien Miller (djm@
) has
committed
support for keystroke timing obfuscation to
ssh(1)
:
CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2023/08/27 21:31:16 Modified files: usr.bin/ssh : clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h ssh_config.5 Log message: Add keystroke timing obfuscation to the client. This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword/ feedback/ok markus@
This utilises a pair of
new
extensions
to the
SSH
protocol:
CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2023/08/27 21:28:43 Modified files: usr.bin/ssh : PROTOCOL kex.c kex.h packet.c ssh2.h Log message: Introduce a transport-level ping facility This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to implement a ping capability. These messages use numbers in the "local extensions" number space and are advertised using a "ping@openssh.com" ext-info message with a string version number of "0". ok markus@
Yet another fine example of security by trickery, and one more reason to look forward to the next OpenBSD release. Other systems will likely see this soon after via
openssh-portable.