Security implications of using ControlMaster
Damien Miller
djm at mindrot.org
Tue Jan 21 12:18:52 AEDT 2020
On Mon, 20 Jan 2020, Stephen Harris wrote:
> On Tue, Jan 21, 2020 at 11:08:51AM +1100, Damien Miller wrote:
> > So IMO disallowing session multiplexing is at most a speedbump that an
> > attacker will cross with relative ease. Speedbumps make sense sometimes,
>
> An attacker getting root on the jumphost gets immediate control of
> any _current_ persistent connections and new connections. Without
> ControlMaster it's a _lot_ harder to take control of current connections,
> but pretty easy to subvert new connections.
I wouldn't say it's a lot harder to take control of current connections -
writing a ptrace-based tool that hijacked a running ssh client and
injected a one-off implant payload via keystrokes doesn't seem like
much work.
-d
More information about the openssh-unix-dev
mailing list