Has anyone checked for any hidden hash redirect?
netstat -tulpan
and
tcpdump -n -i eth0 port not 22
both look ok for me.
Of course they could've patched both of those programs but that's a lot of extra work. Feel free to throw a hub inline and sniff from another computer if you're worried about that.
And you have no reason to trust me so check those yourself.