Techly NewsGet the app

Get the latest tech news

OpenSSH Keystroke Obfuscation Bypass


A disclosure for an OpenSSH keystroke obfuscation bypass affecting current OpenSSH versions after 9.4.

As per the release notes, this feature “ attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent ”. As part of my Bachelor dissertation, I researched the impact of using keystroke latency analysis to infer an SSH session’s underlying commands being run by the client. In the spirit of following the good old “ PoC or GTFO ” mindset, I wrote an atrocious but functional “patch” into SSHniff, where if SSH versions after 9.4 are detected, it is assumed that obfuscation is in use and the bypass is employed.

Get the Android app

Or read this on Hacker News

« Mnemonic for the number of days in each month
Soft cells and the geometry of seashells »