Transferring file to local machine when SSHing into a foreign box
Dotan Cohen
dotancohen at gmail.com
Sun May 13 23:59:29 EST 2012
On Sun, May 13, 2012 at 2:06 PM, Gert Doering <gert at greenie.muc.de> wrote:
> "unwanted, malicious files" could be .ssh/authorized_keys, .shosts,
> .profile / .bashrc, etc. - which might not be executed right away, but
> will give the attacker interesting options to attack the original client
> machine.
>
Let's assume that a compromised machine pushes a malicious file called
authorized_keys. It gets put in the user's Downloads directory, or in
the case of a misconfigured configuration gets put in $HOME. Now what?
The user would have to explicitly place that file in another location
for it to do any harm.
>> In short, I recognise the problem of allowing the remote machine
>> access to write to your local machine. However, this has been a
>> problem with many other technologies (www, email, ftp, etc.) and it is
>> a solved issue in the general sense. That is, best practices and
>> damage-mitigation strategies have already been established.
>
> Actually, none of these technologies allow downloading arbitrary files
> to the client machine, using server-controlled file names, just by
> logging into a malicious server.
>
I see the point about the file names. Actually, web browsers _do_
allow arbitrary file names by using an unrecognised (by the browser)
MIME type, though by default in that case the user must accept the
download. If the problem is the server-specified filename, then
perhaps a client-side confirmation is appropriate. How do you propose
that work, from a UI perspective?
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
More information about the openssh-unix-dev
mailing list