Super, super interesting. What a cool bit of research, and as you said in your other comment also a interesting bit of living history as well.
As far as mitigations and Noise, I've been tunneling all my SSH connections through WireGuard or Nebula anyway primarily just because they're such easy reliable ways to reach hosts behind NAT with in secure fashion, and while there is certainly overhead in putting SSH through something else all the tunnels are fat and fast enough that for just console control it's been fine, haven't had to use mosh (does mosh have the same issue?). Even through Starlink it's never a problem. But one does wonder a bit anyway with all the really old protocols at this point, just feels like there have been a lot of fundamental shifts in thinking around security (simplicity of implementations, not having lots of buttons and switches and flexibility, etc) such that there are less likely to be hidden bugbears now. There is more scrutiny not just day 1 but in the whole process of design.
Not that SSH isn't still important to fix but I wonder if just tunneling everything is a decent default at this point. I use internal VPNs for everything management related but not air gapped at this point, not just external. Maybe that's overkill or foolish doubling up? But it's convenient, performant, and bypasses a lot of complexity in other layers.
As far as mitigations and Noise, I've been tunneling all my SSH connections through WireGuard or Nebula anyway primarily just because they're such easy reliable ways to reach hosts behind NAT with in secure fashion, and while there is certainly overhead in putting SSH through something else all the tunnels are fat and fast enough that for just console control it's been fine, haven't had to use mosh (does mosh have the same issue?). Even through Starlink it's never a problem. But one does wonder a bit anyway with all the really old protocols at this point, just feels like there have been a lot of fundamental shifts in thinking around security (simplicity of implementations, not having lots of buttons and switches and flexibility, etc) such that there are less likely to be hidden bugbears now. There is more scrutiny not just day 1 but in the whole process of design.
Not that SSH isn't still important to fix but I wonder if just tunneling everything is a decent default at this point. I use internal VPNs for everything management related but not air gapped at this point, not just external. Maybe that's overkill or foolish doubling up? But it's convenient, performant, and bypasses a lot of complexity in other layers.