Connection caching?

[Jefferson Ogata]

Ben Lindstrom wrote:
> On Wed, 5 May 2004, Jefferson Ogata wrote:
>>Now you add connection caching, and the compromise is no longer contained. If
>>the user is legitimately logged from the gateway into the secure system, the
>>intruder can now log in to the secure system, as many times as he likes.
> 
> I think Damien/Markus would agree when I say that the user would have to
> enable such a thing for it to be used.  Either via a ssh_config or via
> a commandline option.  Much like how X11 sessions are.
> 
> Why would a user do such a thing on a machine as you describe?  What gain
> do they get?  I see none.

No doubt the lazy user /would/ enable such a thing. The control needs to be on 
the server side.

-- 
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>