bugzilla-daemon at mindrot.org
2003-Nov-23 23:13 UTC
[Bug 763] Add Null packet keepalive option
http://bugzilla.mindrot.org/show_bug.cgi?id=763 Summary: Add Null packet keepalive option Product: Portable OpenSSH Version: 3.7p1 Platform: All URL: http://marc.theaimsgroup.com/?l=openssh-unix- dev&m=98460103932386&w=2 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: hauser at acm.org for those often being disconnected, please add this feature! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-23 23:23 UTC
[Bug 763] Add Null packet keepalive option
http://bugzilla.mindrot.org/show_bug.cgi?id=763 ------- Additional Comments From dtucker at zip.com.au 2003-11-23 16:23 ------- See also the (relatively) recent discussion on openssh-unix-dev: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=104947194014595 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-24 07:46 UTC
[Bug 763] Add Null packet keepalive option
http://bugzilla.mindrot.org/show_bug.cgi?id=763 v at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |v at iki.fi ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-24 08:05 UTC
[Bug 763] Add Null packet keepalive option
http://bugzilla.mindrot.org/show_bug.cgi?id=763 ------- Additional Comments From v at iki.fi 2003-11-24 01:05 ------- I assume Ralf Hauser invited me to add myself to Cc list of this bug because of this comment: http://www.mindrot.org/pipermail/openssh-unix-dev/2003-April/017804.html So here it is for the record: What about the randomness? Isn't there some information exposed currently as to at what time and how many times the user for example presses keys? I think there was a proposed attack to record the relative timing of packets sent by ssh after each key press and to use that information to analyze what kind of password the user might have typed. Inserting random traffic to the stream might mitigate this information leak? Or has this been handled by other means? What tried to address with the above comment is what is described in http://www.cs.berkeley.edu/~daw/papers/ssh-use01.ps http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf Dawn Xiaodong Song, David Wagner, and Xuqing Tian, "Timing Analysis of Keystrokes and Timing Attacks on SSH", 10th USENIX Security Symposium, 2001. http://www.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf A summary: http://linux.oreillynet.com/lpt/a/linux/2001/11/08/ssh_keystroke.html ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-24 11:19 UTC
[Bug 763] Add Null packet keepalive option
http://bugzilla.mindrot.org/show_bug.cgi?id=763 martin at fatbob.nu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin at fatbob.nu ------- Additional Comments From martin at fatbob.nu 2003-11-24 04:19 ------- I would be pleased if this feature was added. I'm patching my OpenSSH clients right now with a patch posted to the dev-list a couple of times. http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=104972406723496&w=2 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-17 05:43 UTC
[Bug 763] Add Null packet keepalive option
http://bugzilla.mindrot.org/show_bug.cgi?id=763 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-12-16 22:43 ------- This is two issues in one bug: 1. Client->server keepalive packets 2. Adding fake traffic to frustrate timing analysis These are very different issues, though one would probably use the solution to (1) to implement (2). Exactly how to implement (2) is a subject for further discussion. In any case, support for (1) is now in CVS (see ServerAliveInterval and ServerAliveCountMax), so I'll close this bug. I think any traffic analysis defeat should be thrashed out on openssh-unix-dev@ and filed as a separate bug ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.