data loss with ssh -n
Dan Kaminsky
dankamin at cisco.com
Fri Jul 20 21:00:30 EST 2001
> The server is SSH 1.2.25 or the like (yeah, I know it's broken, but can't
> be changed at the moment).
Wellllll...there's this cute little trick that works because of SSHD's
blissful lack of root dependancy:
ssh -o 'ProxyCommand ssh user at host openssh/sshd -i' user at host
Two conclusions to reach from this trick:
1) I have way too much fun with ProxyCommand
2) Unless you give a user a *really* restricted shell, sshd_config will
*never* be the right place to put your security constraints.
As for the larger issues...does the incorrect buffering behavior still
manifest itself without the -n? In SSH1 and SSH2? With and without TTY?
Yours Truly,
Dan Kaminsky, CISSP
www.doxpara.com
More information about the openssh-unix-dev
mailing list