The author discusses a disclosure for an OpenSSH keystroke obfuscation bypass affecting versions after 9.4 and delves into the impact of keystroke latency analysis on SSH sessions. While measures were introduced to mitigate attacks, the author found a way to bypass these measures and notified developers, receiving initial responses but ultimately no resolution. The author then explores how keystroke packets, coupled with chaff packets, can be used to infer underlying SSH commands. Additionally, the author introduces a tool called SSHniff to automate the metadata extraction process, showcasing its abilities through Wireshark analysis and the decryption process.
https://crzphil.github.io/posts/ssh-obfuscation-bypass/