Saturday, July 24, 2010

SteganoSSH: A theoretical SSH client

How would this work? Obviously, it could work in many ways, here are just a few that would be pretty neat:

First Scenario: 2 streams, 2 ports

The client encrypts the stream through normal SSH means, then using predefined bit offsets, patterns, etc... the client splits the one SSH stream into two streams, lets say that mimic HTTPS and SFTP (ports 443 and 22 respectively, by default).

Both streams could mimic these streams with false header information and junk data, and both being encrypted, any prying 3rd-parties would not be able to say "Oh hey, that stream looks funky".

The server, being configured with the correct bit offsets, patterns, etc would be listening on ports 443 and 22 respectively, would piece the puzzle back together, then hand it off to standard SSH doings.

This would be the more secure out of the two scenarios.

Second Scenario: 1 stream 1 port

The client merely mimics a well known protocol (HTTP/S, S/FTP). Any will do and the server would be able to be configured to strip the fake headers from any stream being sent through the port being listened on.

This would be the easiest, and probably most used.