It leaks the timing of everything typed inside the SSH session. So yea you're correct, not the initial authentication, but leaking a password is sort of the worst-case but completely plausible scenario if you logged in and immediately change your password, tunnel elsewhere, use sudo, login to an http interface on a nearby router, etc, etc. All kinds of other useful surveillance could be done too without ever capturing a password.
Arguably the one marked 'victim machine' is really the victim's machine and the RDMA server is the victim machine? but it's just semantics.