[Bug 2691] Add ability to disable escape char forward menu

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Mar 14 05:34:20 AEDT 2017


--- Comment #2 from Thomas Jarosch <thomas.jarosch at intra2net.com> ---
Yes, it's true that once the machine is compromised, the attacker can
replace / patch any binary file as he pleases.

The worrysome part is the second attack stated
in "Hijacking Active SSH Sessions".

-> Is there filtering in the ssh client to prevent a remote host to
send the escape sequence for '~C' back to the client?

If so, I'm wondering a) what I tested back then in February and b) the 
patch would not be needed.

Or may be it was possible to trigger ~C from the remote server as I
used screen on the local side, too?

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list