Request for obfuscating the handshake

[Ángel González]

Hello Sir,
I have been reading the protocol description and, although there are some
'arbitrary' choices (eg. the stream cipher, the hash, the value of
OBFUSCATE_HASH_ITERATIONS, or why not include the counter in the 
iterations),
the easiest way is _probably_ to follow the public description (this is 
only obfuscation).

But I think the weakest point is that your government can easily block 
it by not
allowing a connection sending random bytes. And there is no provision 
for it to look
like 'something else'. I think the best hiding is what the tor projet 
strives to do,
enmasquerading as a HTTPS handshake.
Which is probably overkill to consider as an addition for openssh.
I started thinking about something like a HTTP POST, which triggered the 
detection
from a point where the characters mathed some kind of crazy condition, 
such as the
difference of two characters with the next two were a prime number, thus 
forcing to
read an arbitrary-length content (and the payload common enough it would 
appear
in 'legitimate' content, too).

I wonder, does the new filters also block ssh if there's a banner? (eg. 
it shows a
Shakespeare poem before connecting you). Not that it matters much (they 
can easily
close it), but they could have forgotten that.
I pondered if there were an easy way to skip the cleartext (eg. 
automatically assuming
that you received a SSH-2.0 banner) but the negotiation options are even 
more obvious,
so a stream cipher does seem required.

Steganographying ssh is an interesting problem.

Good luck for you all