Security implications of using ControlMaster
Stephen Harris
lists at spuddy.org
Tue Jan 21 12:32:01 AEDT 2020
On Tue, Jan 21, 2020 at 12:18:52PM +1100, Damien Miller wrote:
> I wouldn't say it's a lot harder to take control of current connections -
> writing a ptrace-based tool that hijacked a running ssh client and
> injected a one-off implant payload via keystrokes doesn't seem like
> much work.
* Injection of key strokes into an existing channel may be detected
just because "hey, I didn't type foobar" so why is it on my screen.
A new shell on a different channel won't show so obviously.
* That's a lot harder than just getting a whole new shell without writing
any tools; just use the existing ssh command line. Tool-less compromise
is a higher risk vector 'cos it's harder for monitoring tools to detect.
--
rgds
Stephen
More information about the openssh-unix-dev
mailing list