Transferring file to local machine when SSHing into a foreign box
Ángel González
keisial at gmail.com
Sun May 13 20:06:20 EST 2012
On 13/05/12 09:52, Dotan Cohen wrote:
> On Sun, May 13, 2012 at 1:45 AM, Ángel González <keisial at gmail.com> wrote:
>> The big problem with that approach is that you're trusting your
>> credentials to the remote side.
>> If I ssh from A to B, and B is compromised, it shouldn't be able to
>> compromise A.
>> Can you provide an alternative usage without that hole?
> Sure: just reuse the existing connection. Just like how sftp works.
???
If a command such as the proposed cp2local is able to write arbitrary
files in the local end*, it allows such compromise.
* For instance, a profile file run by your shell each time you log in, see
CVE-2010-2252.
More information about the openssh-unix-dev
mailing list