A disclosure for an OpenSSH keystroke obfuscation bypass affecting current OpenSSH versions after 9.4.

Lobsters is a community-driven platform for sharing and discussing links to articles, tutorials, and projects related to technology and programming. Readers can learn about a wide range of topics, from software development and system administration to cybersecurity and artificial intelligence. With user submissions, comments, and voting, Lobsters provides a platform for collaborative learning and knowledge sharing among technology enthusiasts.

Lobsters

OpenSSH 9.5 introduced keystroke timing obfuscation to mitigate timing attacks via traffic analysis. Despite this, a researcher discovered a bypass that allows keystroke packets to be identified among the obfuscating 'chaff' packets. Using SSHniff and latency analysis tools, the researcher could infer commands typed during an SSH session, highlighting shortcomings in the current obfuscation methods. The bypass involves recognizing larger packet sizes produced during user keystrokes after the chaff has been triggered.

SSH Keystroke Obfuscation Bypass