Solar Designer demonstrated that it is possible to do a passive
analysis on an ssh encrypted connection and obtain important
information about that connection. In particular, it is possible to
obtain the number of characters of a password (which can be the
login password itself or even passwords entered during interactive
commands such as "su"), type of authentication that was used
(password or publickey) and the numbers of characters typed in a
shell. This analysis can, for example, give valuable information
that will reduce the universe of passwords that have to be tried in
a brute-force attack.
It is recommended that all openssh users upgrade their
Users of Conectiva Linux version 6.0 or higher may use apt to
perform upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not
(you may also use linuxconf to do this):
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.