SSH-related bibliography

This page contains a bibliography of SSH-related articles, as well as some other papers that might be relevant for SSH key management and my SSH-related research. Email proposed additions to ylo at ylonen.org. No marketing or spam, please!

Original SSH papers

Tatu Ylonen: SSH - Secure Login Connections over the Internet. In Proceedings of the 6th USENIX Security Symposium, pp. 37-42, USENIX, 1996.

Tatu Ylonen: Secure Shell (Secure Remote Login). In Proceedings of the 1996 Netherlands Unix Users Group Conference (NLUUG 1996), NLUUG, 1996.

Standards and other RFCs

Tatu Ylonen and Chris Longvick (ed.): The Secure Shell (SSH) Protocol Architecture, RFC 4251 (Standards Track), IETF, 2006.

Tatu Ylonen and Chris Lonvick (ed.): The Secure Shell (SSH) Authentication Protocol, RFC 4252 (Standards Track), IETF, 2006.

Tatu Ylonen and Chris Lonvick (ed.): The Secure Shell (SSH) Transport Layer Protocol, RFC 4253 (Standards Track), IETF, 2006.

Tatu Ylonen and Chris Lonvick (ed.): The Secure Shell (SSH) Connection Protocol, RFC 4254 (Standards Track), IETF, 2006.

Kevin M. Igoe and Douglas Stebila: X.509v3 Certificates for Secure Shell Authentication. RFC 6187 (Standards Track), IETF, 2011.

Jakob Schlyter and Wesley Griffin: Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints, RFC 4255 (Standards Track), IEEE, 2006

Marcus Friedl, Niels Provos and William Simpson: Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol. RFC 4419 (Standards Track), IETF, 2006.

Jeffrey Hutzelman, Joseph Saloway, Joseph Galbraith and Von Welch: Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol. RFC 4462 (Standards Track), IETF, 2006.

Dennis Bider and Mark D. Baushke: SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol. RFC 6668 (Standards Track), IEEE, 2012.

Dennis Bider: Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol, RFC 8332 (Standards Track), IEEE, 2018.

• More RFCs: search "secure shell" on ietf.org
• More RFCs: search "ssh" on ietf.org

Management of SSH keys

Yasir Ali and Sean Smith: Flexible and Scalable Public Key Security for SSH. In Proceedings of the European Public Key Workshop (EuroPKI 2004), Lecture Notes in Computer Science, vol. 3093, pp. 43-56, Springer, 2004.

Yasir Ali: Adding Public Key Security to SSH, Master's Thesis, Dartmouth College, Hanover, NH, 2003.

D Arkhipkin, W Betts, J Lauret and A. Shiryaev: An SSH Key Management System: Easing the Pain of Managing Key/User/Account Associations. In International Conference on Computing in High Energy and Nuclear Physics, Journal of Physics: Conference Series, vol. 119, 2008.

Eric Auge: OpenSSH LDAP Public Key Patch. Presented in the 6th Free and Open Source Software Developers' European Meeting (FOSDEM), 2006.

Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda and Sergio Loureiro: A security analysis of amazon's elastic compute cloud service. Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC'12), pp. 1427-1434, ACM, 2012.

Dario Berzano: SSH Authentication Using Grid Credentials. Technical Report INFN-12-20/TO (or CCR-42/2011/P ?), Istituto Nazionale di Fisica Nucleare, Italy, 2012.

Ian Foster, Andrew Prudhomme, Karl Koscher and Stefan Savage: Fast and Vulnerable: A Story of Telematic Failures. In Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT'15), USENIX, 2015.

Peter Gutmann: Do Users Verify SSH Keys? ;login:, 36(4):35-36, USENIX, August 2011.

Yotam Harchol and Ittai Abraham and Benny Pinkas: Distributed SSH Key Management with Proactive RSA Threshold Signatures. In Proceedings of the 16th International Conference on Applied Cryptography and Network Security (ACNS 2018), pp. 22-43, 2018.

Greg Kent and Bhavna Shrestha: Unsecured SSH - the Challenge of Managing SSH Keys and Associations. Whitepaper, SecureIt, Inc., 2010, 2012. Accessed 2019-01-30.

Paul Z. Kolano: Mesh: secure, lightweight grid middleware using existing SSH infrastructure. In proceedings of the 12th ACM Symposium on Access Control Models and Technologies (SACMAT'07), pp. 111-120, ACM, 2007.

Russell Lewis: Netflix BLESS. Presentation at Oscon 2016, accessed 2019-01-30.

Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten and Michael J. Freedman: CONICKS: Bringing Key Transparency to End Users. In Proceedings of the 24th USENIX Security Symposium, pp. 383-398, 2015.

Robert A. Napier: Secure Automation: Achieving Least Privilege with SSH, Sudo and Setuid. In Proceedings of the 18th Large Installation System Administration Conference (LISA'04), pp. 203-212, USENIX, 2004.

Jin Peng and Xin Zhao: SSH-Based Device Identity and Trust Initialization. Information Security Journal: A Global Perspective, 19(5):237-242, 2010.

Niall Sheridan: Managing SSH Access without Managing SSH Keys. Presentation video, Slides. In USENIX Large Installation System Administration Conference (LISA'17), USENIX, 2017.

Christopher Thorpe: SSU - Extending SSH for Secure Root Administration. In Proceedings of the 12th Systems Administration Conference (LISA'98), pp. 27-36, USENIX, 1998.

Dan Wendlandt, David G. Andersen, and Adrian Perrig: Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. In Proceedings of the 2008 USENIX Annual Technical Conference, 2008.

Tatu Ylonen, Paul Turner, Karen Scarfone, and Murugiah Souppaya: Security of Interactive and Automated Access Management Using Secure Shell (SSH). NISTIR 7966, National Institute of Standards and Technology, 2015.

Potentially relevant while not primarily SSH keys

David Adrian et al: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. In proceedings of the 2015 ACM Conference on Computer and Communications Security (CCS), pp. 5-17, 2015.

Elaine Barker, Miles Smid, Dennis Branstad and Santosh Chokhani: A Framework for Designing Cryptographic Key Management Systems. NIST Special Publication 800-130, National Institute of Standards and Technology, 2013.

Karthikeyan Bhargavan and Gaëtan Leurent: Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2016), 2016.

Ran Canetti and Hugo Krawczyk: Universally Composable Notions of Key Exchange and Secure Channels. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2002), pp. 337-351, Lecture Notes in Computer Science, vol. 2332, Springer, 2002.

Ramaswamy Chandramouli and Michaela Iorga and Santosh Chokhani: Cryptographic Key Management Issues and Challenges in Cloud Services. In S. Jajodia et al (eds.): Secure Cloud Computing, pp. 1-30, Springer, 2014.

Ed Dawson, andrew Clark, and Mark Looi: Key Management in a non-trusted distributed environment. Future Generation Computing Systems, 16(4):319-329, 2000.

Simson L. Garfinkel and Robert C. Miller: Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express. In Proceedings of the 2005 Symposium on Usable Privacy and Security (SOUPS'05), pp. 13-24, 2005.

Peter Gutmann: Simplifying Public Key Management. Computer, 37(2):101-103, IEEE, 2004.

Shujaat Hussain, Mohsin Abbass, Owais Malik and Zahid Anwar: SLOGS: Security through predicate LOGic in SSH. In 6th International Conference on Emerging Technologies (ICET), pp. 256-260, IEEE, 2010.

Pranav Kumar-Sharma: Short-Lived Certificates as a Mobile Authentication Method. Master's thesis, Department of Computer Science and Engineering, Helsinki University of Technology, 2009.

John P. Jones, Daniel F. Berger and Chinya V. Ravishankar: Layering public key distribution over secure DNS using authenticated delegation. In 21st Annual Computer Security Applications Conference (ACSAC'05), IEEE, 2005.

Fahmida Y. Rashid: Google to Symantec: We don't trust you anymore. Infoworld Tech Watch, Mar 24, 2017.

L. Seitz and J.-M. Pierson and L. Brunie: Key Management for Encrypted Data Storage in Distributed Systems. In Proceedings of the Second IEEE International Security in Storage Workshop (SISW'03), IEEE, 2003.

Internet scans, surveys, experiences, insights

Oliver Gasser, Ralph Holz, and Georg Carle: A deeper understanding of SSH: Results from Internet-wide scans. In 2014 IEEE Network Operations and Management Symposium, IEEE, 2014.

Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman: Mining your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In proceedings of the 21st USENIX Security Symposium, 2012.

Rick Hofstede, Luuk Hendriks, Anna Sperotto and Aiko Pras: SSH Compromise Detection using NetFlow/IPFIX. ACM SIGCOMM Computer Communication Review, 44(5):20-26, 2014.

Stanislav Ponomarev, Nathan Wallace and Travis Atkinson: Detection of SSH host spoofing in control systems through network telemetry analysis. In Proceedings of the 9th Annual Cyber and Information Security Research Conference (CISR'14), pp. 21-24, ACM, 2014.

Niels Provos and Peter Honeyman: ScanSSH - Scanning the Internet for SSH Servers. In Proceedings of the Large Installation System Administration Conference (LISA'01), pp. 25-30, USENIX, 2001.

Security Analysis of and Improvements to the SSH protocol

Martin Abadi: Explicit communication revisited: two new attacks on authentication protocols. IEEE Transactions on Software Engineering, 23(3):185-186, 1997.

Martin R. Albrecht, Kenneth G. Paterson, and Gaven J. Watson: Plaintext Recovery Attacks against SSH. In 30th IEEE Symposium on Security and Privacy, IEEE, 2009.

Mansoor Alicherry and Angelos D. Keromytis: DoubleCheck: Multi-path verification against man-in-the-middle attacks. IEEE Symposium on Computers and Communications, IEEE, 2009.

Mihir Bellare, Tadayoshi Kohno, and Chanathip Namprempre: Authenticated Encryption in SSH: Provably Fixing the SSH Binary Packet Protocol. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS'02), pp. 1-11, ACM, 2002.

Mihir Bellare and Tadayoshi Kohno and Chanathip Namprempre: Breaking and Provably Repairing the SSH Authenticated Encryption Scheme: A Case Study of the Encode-then-Encrypt-and-MAC Paradigm. ACM Transactions on Information and System Security, 7(2):206-241, 2004.

Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk, and Dougles Stebila: Multi-Ciphersuite Security of the Secure Shell (SSH) Protocol, In Proceedings of the 21st ACM Conference on Computer and Communciations Security (CCS 2014), pp. 369-381, ACM, 2014.

Harikrishnan Bhanu: Timing Side-Channel Attacks on SSH. Master's Thesis, Computer Engineering, Clemson University, 2010.

David Cade and Bruno Blanchet: From Computationally-Proved Protocol Specifications to Implementations and Applications to SSH. In Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES'12), 2012.

Eu-Jin Goh, Dan Boneh, Benny Pinkas, and Philippe Golle: The Design and Implementation of Protocol-Based Hidden Key Recovery. In Proceedings of the International Conference on Information Security (ISC 2003): Information Security, pp. 165-179, Springer, 2003.

Zbigniew Gołȩbiewski, Mirosław Kutyłowski and Filip Zagórski: Stealing Secrets with SSL/TLS and SSH - Kleptographic Attacks. In Proceedings of the International Conference on Cryptology and Network Security (CANS 2006), pp. 191-202, Lecture Notes in Computer Science, vol. 4301, Springer, 2006.

Magnus Ullholm Karlsson and Md. Ahasan Habib: SSH over UDP. Master's Thesis, Chalmers University of Technology, Sweden, 2010.

Kenneth G. Paterson and Gaven J. Watson: Plaintext-Dependent Decryption: A Formal Security Threatment of SSH-CTR. In Proceedings of the Annual International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology - EUROCRYPT 2010, pp. 345-361, Springer, 2010.

Jigar A. Raval and Samuel Johnson: Port Knocking - An Additional Layer of Security for SSH and HTTPS. In Proceedings of the 2013 World Congress in Computer Science, Computer Engineering, and Applied Computing (WORLDCOMP'13), 2013.

Stuart E. Schechter, Jaeyeon Jung, Will Stockwell and Cynthia McLain: Inoculating SSH Against Address Harvesting. In Network and Distributed System Security Symposium (NDSS 2006), Internet Society, 2006.

Gaven James Watson: Provable Security in Practice: Analysis of SSH and CBC mode with Padding. Technical Report RHUL-MA-2011-2, Department of Mathematics, Royal Holloway, University of London, 2011.

Stephen C. Williams: Analysis of the SSH Key Exchange Protocol. In IMA International Conference on Cryptography and Coding (IMACC 2011): Cryptography and Coding, pp. 356-374, Springer, 2011.

Xu ZiJie: Some Fixes to SSH, 2013. XXX wherepublished?

Miscellaneous

AbdelRahman Abdou, David Barrera and Paul C. van Oorschot: What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks. In Proceedings of the International Conference on Passwords (PASSWORDS 2015), pp. 72-91, Lecture Notes in Computer Science, vol. 9551, Springer, 2015.

Shaik Bhanu, Girish Khilari and Varun Kumar: Analysis of SSH Attacks of Darknet using Honeypots. International Journal of Engineering Development and Research (IJEDR), 3(1):348-350, 2014.

Scott Callaghan et al: rvGAHP: push-based job submission using reverse SSH connections In proceedings of the 12th Workshop on Workflows in Support of Large-Scale Science, Article No. 3, ACM, 2017.

Scott Campbell: Instrumented SSH. Technical Report LBNL-1941E, TRN US200923%%498, Lawrence Berkeley National Laboratory, USA, May 2009.

Dmitri Epshtein and Hugo Krawczyk: Image-based authentication of public keys and applications to SSH. XXX Where published?

Harry Doubleday, Leandros Maglaras and Helge Janicke: SSH Honeypot: Building, Deploying and Analysis, De Montfort University, UK, 2016. XXX where published?

Joshua Faust: Distributed Analysis of SSH Brute Force and Dictionary Based Attacks. Master's Thesis, St. Cloud State University, 2018.

Paul Fiterău-Broştean, Toon Lenaerts, Eric Poll, Joeri de Ruiter, Frits Vaandrager and Patrick Verleg: Model Learning and Model Checking of SSH Implementations. In Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software, pp. 142-151, ACM, 2017.

I. Gonzalez, F. Gomez-Arribas and S. Lopez-Buedo: Hardware-accelerated SSH on self-reconfigurable systems. In Proceedings of the IEEE International Conference on Field-Programmable Technology (ICFPT), pp. 289-290, IEEE, 2005.

S. L. Gooding, L. Arns, P. Smith and J. Tollotson: Implementation of a distributed rendering environment for the TeraGrid. In Challenges of Large Applications in Distributed Environments, IEEE, 2006.

Saptarshi Guha, Paul Kidwell, Ashrith Barthur, William S. Cleveland, John Gerth, and Carter Bullard: A Streaming Statistical Algorithm for Detection of SSH Keystroke Packets in TCP Connections. In Proceedings of the INFORMS Computing Society Conference (available as DTIC ADA534101), 2011.

Liuyong He and Yijie Shi: Identification of SSH Applications Based on Convolutional Neural Network. In Proceedings of the International Conference on Internet and e-Business (ICIEB'18), pp. 198-201, ACM, 2018.

Matti Hirvonen and Mirko Sailio: Two-phased method for identifying SSH encrypted application flows. In 7th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1033-1038, IEEE, 2011.

I-Hsuan Huang and Wei-Jin Tzeng and Szu-Wei Want and Check-Zen Yang: Design and Implementation of a Mobile SSH Protocol. In TENCON 2006 IEEE Region 10 Conference, 2006.

P. Iyappan, K. S. Arvind, N. Geetha and S. Vanitha: Pluggable Encryption Algorithm in Secure Shell (SSH) Protocol. In Proceedings of the Second International Conference on Emerging Trends in Engineering and Technology (ICETET-09), pp. 808-813, 2009.

Mattijs Jonker: Flow-based SSH dictionary Attack Detection: the Effects of Aggregation. Master's Thesis, University of Twente, The Netherlands, 2014.

Mattijs Jonker, Rick Hofstede, Anna Sperotto and Aiko Pras: Unveiling Flat Traffic on the Internet: An SSH Attack Case Study. IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 270-278, IEEE, 2015

Nabil El Kadhi: A correlation based detection system for keys reuse in SSH/SSL. In AMERICAN-MATH'11/CEA'11 Proceedings of the 2011 American conference on applied mathematics and the 5th WSEAS international conference on Computer engineering and applications, pp. 87-92, 2011.

Nabil El Kadhi, Julien Olivain and Romdhan Ben Younes: KCS: An SSH/SSL Protocol Analyzer for Key Correlation System Detection. 7th World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI'03), 2003.

Esmaieil Kheirkhah, Sayyed Mehdi Poustchi Amin, Hediyeh AmirJahanshahi Sistani and Haridas Acharya: An Experimental Study of SSH Attacks by using Honeypot Decoys. Indian Journal of Science & Technology, 6(12), 2013.

Teemu Koponen, Pasi Eronen and Mikko Särelä: Resilient Connections for SSH and TLS. USENIX Annual Technical Conference, pp. 329-340, USENIX, 2006.

Tomoya Kotone, Naomi Nakamoto, Minoru Ikebe and Kazuyuki Yoshida: Proposal of a detection method for SSH attack based on SYN packets transmission interval. PPSJ SIG Technical Report, Information Processing Society of Japan, 2012. XXX where published?

Masaya Kumagai, Yasuo Musashi and Dennis Arturo Ludena Romana: Evaluation of DNS Based SSH Dictionary Attack Traffic in Campus Network. International Journal of Intelligent Engineering & Systems, 3(4):17-23, 2010.

T. Leckie and A. Yasinsac: Metadata for anomaly-based security protocol attack deduction. IEEE Transactions on Knowledge and Data Engineering, 16(9), 2004.

Jo van der lelie and Rory Breuk: A visual analytic approach for analyzing SSH honeypots. XXX where published?

Philip MacKenzie, Sarvar Patel and Ram Swiminathan: Password-Authenticated Key Exchange Based on RSA. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2000), pp. 599-613, Lecture Notes in Computer Science, vol. 1976, Springer, 2000.

Philip MacKenzie, Thomas Shrimpton and Markus Jakobsson: Threshold Password-Authenticated Key Exchange. In Proceedings of the Annual International Cryptology Conference (CRYPTO 2002), pp. 385-400, Lecture Notes in Computer Science, vol. 2442, Springer, 2002.

Jeffry P. Macy, II: Similarities and Differences in Patterns and Geolocation of SSH Attack Data. Master's Thesis, Naval Postgraduate School Monterey CA, NTIS ADA632450, 2015.

Steve Mansfield-Devine: Interview: Tatu Ylönen, SSH Communications Security. Computer Fraud & Security, 2012(5):13-16, 2012.

Vladislav Marinov and Jürgen Schönwälder: Performance Analysis of SNMP over SSH. In Proceedings of the International Workshop on Distributed Systems: Operations and Management (DSOM 2006), pp. 25-36, Springer, 2006.

Jesus Molina, Joe Gordon, Xavier Chorin and Michel Cukier: An empirical study of filesystem activity following a SSH compromise. In 6th International Conference on Information, Communications & Signal Processing (ICICS), IEEE, 2007.

James P. Owens, Jr.: A Study of Passwords and Methods Used in Brute-Force SSH Attacks. Master's Thesis, Department of Mathematics and Computer Science, Clarkson University, 2008.

Adrian Pauna and Victor Valeriu Patriciu: Self-adaptive SSH Honeypot Model Capable of Reasoning. In SDIWC (XXX where was this really published?), pp. 163-168, 2013.

A. Peacock, Xian Ke and M. Wilkerson: Typing patterns: a key to user identification. IEEE Security & Privacy, 2(5):40-47, 2004.

Przemyslaw Plesowicz: Secure signal tunneling for SCADA and PLCs using SSH protocol. IFAC Proceedings Volumes, 37(20):88-93, 2004.

Eric Poll: Inferring SSH state machines using protocol state fuzzing. Master's thesis, Radboud University, 2016.

Eric Poll and Aleksy Schubert: Verifying an implementation of SSH. XXX where published?

Eric Poll and Aleksy Schubert: Rigorous specifications of the SSH Transport Layer. XXX Where published?

An Qin, Haiyan Yu, Chengchun Shu and Bing Xu: XOS-SSH: A Lightweight User-Centric Tool to Support Remote Execution in Virtual Organizations. Proceedings of the First USENIX Workshop on Large-Scale Computing (LASCO'08), Article No. 1, USENIX, 2008.

Priya Rabadia, Craig Valli, Ahmed Ibrahim and Zubair A. Baig: Analysis of attempted intrusions: intelligence gathered from SSH Honeypots. In Proceedings of 15th Australian Digital Forensics Conference, 2017.

Chris Rapier and Benjamin Bennett: High speed bulk data transfer using the SSH protocol. In Proceedings of the 15th ACM Mardi Gras Conference, Article 11, ACM, 2008.

Michael Rash: Protecting SSH Servers with Single Packet Authorization. Linux Journal, May 1, 2007.

Nicholas Rosasco and David Larochelle: How and Why More Secure Technologies Succeed in Legacy Markets. Chapter 18 in L. J. Camp and S. Lewis (eds.): Economics of Information Security, pp. 247-254, Advances in Information Security, vol. 12, 2004.

Gokul Kannan Sadasivam, Chittaranjan Hota and Bhojan Anand: Detection of Severe SSH Attacks Using Honeypot Servers and Machine Learning Techniques. Software Networking, 2017(1):79-100, January 2018.

Gokul Kannan Sadasivam, Chittaranjan Hota and Bhojan Anand: Classification of SSH Attacks Using Machine Learning Algorithms. In 6th International Conference on IT Convergence and Security (ICITCS), 2016.

Akihiro Satoh, Yutaka Nakamura and Takeshi Ikenaga: SSH Dictionary Attack Detection Based on Flow Analysis. IEEE/IPSJ 12th International Symposium on Applications of the Internet, IEEE, 2012.

Akihiro Satoh, Yutaka Nakamura and Takeshi Ikenaga: Identifying User Authentication Methods on Connections for SSH Dictionary Attack Detection. In Proceedings of the 37th Annual Computer Software and Applications Conference Workshops, IEEE, 2013.

Jürgen Schönwälder, Georgi Chulkov, Elchin Asgarov and Mihai Cretu: Session resumptoin for the secure shell protocol. In Proceedings of the 11th IFIP/IEEE International Symposium on Integrated Network Management (IM'09), pp. 157-163, IEEE, 2009.

Robin Seggelmann, Michael Tüxen and Erwin P. Rathgeb: SSH over SCTP - optimizing a multi-channel protocol by adapting it to SCTP. In Proceedings of the 8th International Symposium on Communication Systems, Networks & Digital Signal Processing (CSNDSP), IEEE, 2012.

Stewart Sentanoe and Benjamin Taubmann and Hans P. Reiser: Virtual Machine Introspection Based SSH Honeypot. In Proceedings of the 4th Workhop on Security in Highly Connected IT Systems (SHCIS'17), pp. 13-18, ACM, 2017.

SeongHan Shin, Kazukuni Kobara and Hideki Imai: Leakage-Resilient Authenticated Key Establishment Protocols. In Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT 2003), pp. 155-172, Lecture Notes in Computer Science, vol. 2894, Springer, 2003.

SeongHan Shin, Kazukuni Kobara, and Hideki Imai: Efficient and Leakage-Resilient Authenticated Key Transport Protocol Based on RSA. In Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS 2005), pp. 269-284, Lecture Notes in Computer Science, vol. 3531, Springer, 2005.

Joyita Sikder, Manigandan Radhakrishnan and Jon A. Solworth: An SSH-based toolkit for User-based Network Services. In Proceedings of the 23rd Large Installation System Administration Conference (LISA'09), pp. 119-127, 2009.

Anna Sperotto, Ramin Sadre, Pieter-Tjerk de Boer and Aiko Pras: Hidden Markov Model Modeling of SSH Brute-Force Attacks. In Proceedings of the International Workshop on Distributed Systems: Operations and Management (DSOM 2009), pp. 164-176, Lecture Notes in Computer Science, vol. 5841, Springer, 2009.

J. Lane Tahems, Randal Abler and David Keeling: A distributed active response architecture for preventing SSH dictionary attacks. IEEE SoutheastCon, IEEE, 2008.

Xiaobing Tan, Xiuqin Su and Qingming Qian: The classification of SSH tunneled traffic using maximum likelihood classifier. International Conference on Electronics, Communications and Control (ICECC), pp. 2347-2350, IEEE, 2011.

Max Tijssen: Automatic modeling of SSH implementations with state machine learning algorithms. Bachelor's thesis, Radboud Universiteit, 2014.

Ruiyu Wu, Gail-Joon Ahn, Hongxin Hu and Mukesh Singhal: Information Flow Control in Cloud Computing. Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 1-7, 2011.

Christian Wullems, Gary Gaskell and Mark Looi: Approaches to Integrating Smart Cards with SSH. XXX where and when published?

M. Solomon Zemene and P. S. Avadhani: Implementing high interaction honeypot to study SSH attacks. International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 1898-1903, IEEE, 2015.

Patents

See patents page for my SSH-related patents. In any case the core protocol is unencumbered and already over 20 years old so any patents on it should have expired by now.