This is timely. Remember that this problem was fixed in OpenSSH quite some time ago (i.e. when they discovered it... howcome ssh.com didn't figure this out? Add to this ssh.com's product not supporting more then 64 connections on the windows server product and a lot of other problems like this, it makes me wonder). url: http://www.unixreview.com/articles/2001/0104/0104i/0104i.htm Passive Analysis of SSH Traffic April 2001 by Joe "Zonker" Brockmeier It's widely known that applications like telnet, rsh, and rlogin are vulnerable to attacks that can monitor or "sniff" network traffic and obtain login passwords or other data sent over unencrypted connections. Protocols like SSH have been assumed to be safe even if an attack does monitor network traffic, because the transmitted data is encrypted. Unfortunately, this is no longer the case, according to an advisory that was sent out by the Openwall Project and that discusses weaknesses in the SSH-1 and SSH-2 protocols. Although attackers may not be able to "read" transmitted data sent in a Secure Shell session, it's possible that they could guess the length of passwords and shell commands. The captured data could be used to try brute-force attacks on passwords. It should be noted, however, that it is still preferable to utilize encrypted protocols. The Problems SSH implementations using the SSH-1 protocol can expose the exact length of passwords, which can then be fed to password-cracking programs. Knowing the length of the password makes it easier for cracking programs to guess the password, but does not guarantee that they will be able to decipher it. The SSH-2 protocol discloses less information, but it is still possible to get a general range of password lengths. Openwall also reports that it is possible for an attacker to determine the length of shell commands or the actual commands entered during an interactive SSH session. It is also possible to determine whether Rivest-Shamir-Adleman (RSA) or Digital Signal Algorithm (DSA) authentication is being used. Solutions Some of the popular SSH implementations have fixes that address some of the possible traffic analysis attacks described by Openwall. OpenSSH 2.5.2 contains fixes for this vulnerability. If you are using OpenSSH, or would like to replace your current SSH implementation of SSH, you can obtain the most recent version from the OpenSSH Web site (http://www.openssh.com/). PuTTY, a free implementation of SSH for Windows, is expected to contain a fix for this vulnerability with the 0.52 release. The latest version as of this writing is 0.51, which is a beta release. Openwall has also provided a patch for SSH version 1.2.x, which can be found in their advisory here (http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt). SSH Communications Security, which produces the most popular commercial version of SSH, has not made any announcements regarding this vulnerability. Summary Although this vulnerability is a problem to be addressed, SSH is still the best available security for remote connections. Exploitation of this vulnerability requires the ability to monitor the traffic between an SSH server and client. Even when an attacker is able to sniff traffic, it is no guarantee that they'll actually be able to crack any of the encrypted data. If you'd like to test your SSH implementation yourself, Openwall has made available the source to a program called SSHOW. The program will also be rolled into the dsniff package. Any administrators or users who are using an SSH implementation should check with their vendor for updated versions that address this vulnerability. In general, it's also advisable to check for fixes or patches on a regular basis anyway. Resources Openwall Security Advisory (http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt) dsniff Homepage (http://www.monkey.org/~dugsong/dsniff/) The End of SSL and SSH? (http://www.securityportal.com/cover/coverstory200012 18.html) Users' Security Handbook (http://www.faqs.org/rfcs/fyi/fyi34.html) Secure Shell Working Group (http://www.ietf.org/html.charters/secsh-charter.html) OpenSSH (http://www.openssh.com/) PuTTY: A Free Win32 telnet/ssh client (http://www.chiark.greenend.org.uk/~sgtatham/putty/) Kurt