Connection caching?

[Jefferson Ogata]

Damien Miller wrote:
> Jefferson Ogata wrote:
>>My previous comment was poorly worded. I understand from other postings 
>>that the server has the capability for multiple sessions. I'm saying 
>>please provide a server option to disable that. Are you saying there 
>>exists such an option?
> 
> No such option exists, unless you include "Protocol=1" :)
> 
> I don't think an option makes sense anyway. If you have the ability
> to compromise a client, then you can execute such an attack right now.

I don't know what you mean. If the client doesn't support the option, 
all you can do is take over an existing session -- say, via ptrace or 
pty hijacking -- and this would be difficult to pull off in general, 
especially undetected. In any case, this is a totally different attack 
that can be mitigated in other ways.

It's hard enough to keep lazy users from eliminating any challenge from 
normal pubkey authentication by using ssh-agent or unpassphrased private 
keys. But there are ways to force clients to be intelligent for 
authentication. It's a different ball of wax once you start allowing a 
single authentication phase provide a perpetual stream of sessions.

-- 
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>