- CERT Advisory CA-99-15 - http://www.cert.org/advisories/CA-99-15-RSAREF2.html
December 1999 -- CERT Advisory CA-99-15 Buffer Overflows in SSH Daemon and RSAREF2 Library. Affects all versions of SSH 1.2.27 and lower when built with RSAREF (all US versions.)
- SSH and beyond - http://fy.chalmers.se/~appro/ssh_beyond.html
Discussion of security issues when using SSH over NFS.
- Make SSH Do More - http://www.itworld.com/Comp/2384/LWD010410sshtips/
Tips and tricks for SSH users and administrators.
- SSH RFC - http://www.free.lp.se/fish/rfc.txt
A description of the SSH protocol.
- Ports of SSH - http://heimhardt.com/htdocs/ssh.html
Extensive compilation of SSH documentation and links to client downloads.
- Timing Analysis of Keystrokes and Timing Attacks on SSH - http://packetstormsecurity.nl/papers/cryptography/ssh-timing.pdf
[PDF format] Paper describing research into applying traffic-analysis techniques to interactive SSH connections in order to infer information about the encrypted connection contents. Concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions.
|
