Openwall Advisory – Passive Analysis of SSH Traffic. This advisory demonstrates several weaknesses in implementations of SSH protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions, such as those used with su(1) and Cisco IOS “enable” passwords. All attacks described in this advisory require the ability to monitor (sniff) network traffic between one or more SSH servers and clients.
You can download it from the following link: https://packetstormsecurity.com/files/download/24511/OW-003-ssh-traffic-analysis.txt
Source: https://packetstormsecurity.com/files/24511/OW-003-ssh-traffic-analysis.txt.html