Bugtraq mailing list archives

Re: SSH & xauth

From: dbt () MEAT NET (David Terrell)
Date: Fri, 25 Feb 2000 14:08:21 -0800


On Thu, Feb 24, 2000 at 05:31:35PM -0500, Brian Caswell wrote:

The only thing that is required for the client system to be compromised
is for the client to remotely log via ssh (with X11 forwarding enabled)
into a compromised server.


And of course the sshd binary can be trojaned, your agent connections can
be hijacked, passwords logged, etc.

So Add ForwardAgent no to that host * stanza, only log in with an RSA
identity, and run ssh -v to see if anything weird happens.

The SSH protocol trusts the server.  If you don't, tread very carefully.

--
David Terrell             | "Any sufficiently advanced technology
Prime Minister, Nebcorp   | is indistinguishable from a rigged demo."
dbt () meat net              |  - Brian Swetland
http://wwn.nebcorp.com/

Current thread:

SSH & xauth Brian Caswell (Feb 24)
- Re: SSH & xauth Andrey (Feb 25)
- Re: SSH & xauth David Terrell (Feb 25)
- Re: SSH & xauth Robert Watson (Feb 25)
  - Re: SSH & xauth Lionel Cons (Feb 28)
- Re: SSH & xauth David Pybus (Feb 26)
  - Re: SSH & xauth Robert Watson (Feb 28)
  - xterm log file vulnerability Morten Welinder (Feb 29)
  - false alarms by real secure Danton Nunes (Feb 29)
  - New ZZ Posted Simple Nomad (Feb 29)
- DOS in Trendmicro OfficeScan cerberus (Feb 26)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 27)
- <Possible follow-ups>
- Re: SSH & xauth Oliver Friedrichs (Feb 25)

(Thread continues...)