Request for obfuscating the handshake
iam iranian
x.issuer at gmail.com
Fri Jan 13 05:58:21 EST 2012
Dear OpenSSH team,
First of all thanks a lot for your good work on developing such a usable
peace of software. Nice job.
As you may know, we have some issues using OpenSSH in Iran. Recently the
government did some packet filtering on some protocols, including SSH. We
don't know what exactly they've done but it appears to be some routing rule
that prevents SSH protocol to initiate a connection. Its like that the
handshake packet is dropped.
Fortunately there is a patch on OpenSSH done by Bruce Leidl (
https://github.com/brl/obfuscated-openssh) that obfuscates the handshake
packet and luckily it helps us pass through this annoying packet filtering.
But sadly this patch isn't implemented in the main project.
We, a group of Iranian OpenSSH users, recommend you to include this useful
patch in the main project because:
0. As Bruce Leidl explains it's true that the communication is secured
during a session, but before starting a session since the encryption keys
have not yet been determined, there is no encryption and the handshake
packets are insecure.
1. It's always better to have more options. In this case, having the
handshake packet obfuscated is an important choice to make.
2. The patch nicely adds the ability of obfuscating the handshake and makes
no harm to the rest of the project. So why not?
3. We really want you to do it.
Thank you very much and best regards.
More information about the openssh-unix-dev
mailing list