Security implications of using ControlMaster
Damien Miller
djm at mindrot.org
Tue Jan 21 18:56:08 AEDT 2020
On Tue, 21 Jan 2020, Harald Wagener wrote:
> Stephen Harris <lists at spuddy.org> schrieb am Di., 21. Jan. 2020, 02:39:
>
> > On Tue, Jan 21, 2020 at 12:18:52PM +1100, Damien Miller wrote:
> > > I wouldn't say it's a lot harder to take control of current connections -
> > > writing a ptrace-based tool that hijacked a running ssh client and
> > > injected a one-off implant payload via keystrokes doesn't seem like
> > > much work.
> >
> > * Injection of key strokes into an existing channel may be detected
> > just because "hey, I didn't type foobar" so why is it on my screen.
> > A new shell on a different channel won't show so obviously.
> >
>
> `~.` is a nice keystroke sequence to inject because it disconnects the
> session and you will likely not even see the input on screen.
Remember that the attacker is in control of the ssh process - they can
simply discard returned output from the far end after they perform the
injection.
-d
More information about the openssh-unix-dev
mailing list