Transferring file to local machine when SSHing into a foreign box
Gert Doering
gert at greenie.muc.de
Mon May 14 21:23:29 EST 2012
Hi,
On Mon, May 14, 2012 at 12:23:30PM +0200, Steffen Daode Nurpmeso wrote:
> myself at local-host$ ssh myself at host-over-ssh
> myself at host-over-ssh$ ~Copy_file path_on_local-host path(_on_host-over-ssh)
>
> Why should this open a security hole, given that
> myself at host-over-ssh has proper permissions for
> path_on_host-over-ssh?
If you're just talking about from-local-to-remote, one thing that comes
to mind is "an evil remote host stealing your local files without your
doing".
So while I can understand the convenience factor of this, making it
properly secure (like "only operate out of a well-defined quarantaine
folder on local-host, and do not permit absolute or relative path names
with '..' in them") are likely ging to make this inconvenient enough
to then not-use it...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list