The fix seems kind of crazy though, adding so much traffic overhead to every ssh session. I assume there's a reason they didn't go that route, but on a first pass seems weird they didn't just buffer password strokes to be sent in one packet, or just add some artificial timing jitter to each keystroke.

I'm just guessing but this chaff sounds like it wouldn't actually change the latency or delivery of your actual keystrokes while buffering or jitter would.

So the "real" keystrokes are 100% the same but the fake ones which are never seen except as network packets are what is randomized.

It's actually really clever.

SSH has no way of knowing when a password is being typed. It can happen any time within the session after SSH auth.