Connection caching?
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Tue May 4 03:05:42 EST 2004
Damien Miller wrote:
> David Woodhouse wrote:
>>On Mon, 2004-05-03 at 07:45 +1000, Damien Miller wrote:
>>Doing it in SSH, we can add an option which instructs the client to
>>leave a connection open and daemonize itself, and an option which
>>instructs the client to look for the unix domain socket created by such
>>a daemon.
>
> That is exactly what I propose: start a ssh to a server, then use a
> client-side listening socket to run multiple sessions to that server
> over the transport.
This idea makes me uncomfortable -- it provides a mechanism for completely
bypassing authentication once someone compromises a user account. At least with
ssh-agent, you still have the option of removing the public key from the
authorized_keys files on remote hosts to disable future authentications. But
with this multiplexed session business, an intruder doesn't even need to
authenticate if an established session exists.
Abuse of pubkey authentication is bad enough -- the scope of abuse of this kind
of feature could get very ugly. Please, if someone decides to implement this,
make sure it can be disabled on the server.
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
More information about the openssh-unix-dev
mailing list