Tuesday, February 27, 2024
Google search engine
HomeUncategorizedKeystroke timing obfuscation added to ssh(1)

Keystroke timing obfuscation added to ssh(1)

Contributed by
rueda
on
from the sigint– dept.

Damien Miller (djm@) has
committed
support for keystroke timing obfuscation to
ssh(1):

CVSROOT:	/cvs
Module name:	src
Changes by:	djm@cvs.openbsd.org	2023/08/27 21:31:16

Modified files:
	usr.bin/ssh    : clientloop.c misc.c misc.h packet.c packet.h 
	                 readconf.c readconf.h ssh_config.5 

Log message:
Add keystroke timing obfuscation to the client.

This attempts to hide inter-keystroke timings by sending interactive
traffic at fixed intervals (default: every 20ms) when there is only a
small amount of data being sent. It also sends fake "chaff" keystrokes
for a random interval after the last real keystroke. These are
controlled by a new ssh_config ObscureKeystrokeTiming keyword/

feedback/ok markus@

This utilises a pair of
new
extensions
to the
SSH
protocol:

CVSROOT:	/cvs
Module name:	src
Changes by:	djm@cvs.openbsd.org	2023/08/27 21:28:43

Modified files:
	usr.bin/ssh    : PROTOCOL kex.c kex.h packet.c ssh2.h 

Log message:
Introduce a transport-level ping facility

This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG
to implement a ping capability. These messages use numbers in the "local
extensions" number space and are advertised using a "ping@openssh.com"
ext-info message with a string version number of "0".

ok markus@

Yet another fine example of security by trickery, and one more reason to look forward to the next OpenBSD release. Other systems will likely see this soon after via
openssh-portable.

Read More

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments