Anti-idle in OpenSSH client?
Ville Herva
vherva at niksula.hut.fi
Thu Apr 10 20:48:20 EST 2003
On Mon, Apr 07, 2003 at 05:57:47PM +0200, you [Markus Friedl] wrote:
> On Tue, Apr 08, 2003 at 01:29:53AM +1000, Darren Tucker wrote:
> > The fact that there's several different implementations out there
> > certainly shows that there's a need for it.
>
> i plan to add sshd's ClientAliveInterval to ssh, using ignore
> messages instead of channel requests.
What about the randomness? Isn't there some information exposed currently as
to at what time and how many times the user for example presses keys? I
think there was a proposed attack to record the relative timing of packets
sent by ssh after each key press and to use that information to analyze what
kind of password the user might have typed. Inserting random traffic to the
stream might mitigate this information leak? Or has this been handled by
other means?
-- v --
v at iki.fi
More information about the openssh-unix-dev
mailing list