[14049] in bugtraq
Re: SSH & xauth
daemon@ATHENA.MIT.EDU (David Terrell)
Sun Feb 27 23:46:43 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000225140821.A15481@pianosa.catch22.org>
Date: Fri, 25 Feb 2000 14:08:21 -0800
Reply-To: David Terrell <dbt@meat.net>
From: David Terrell <dbt@MEAT.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000224173135.A4478@ruff.cs.jmu.edu>; from cazz@RUFF.CS.JMU.EDU
on Thu, Feb 24, 2000 at 05:31:35PM -0500
On Thu, Feb 24, 2000 at 05:31:35PM -0500, Brian Caswell wrote:
> The only thing that is required for the client system to be compromised
> is for the client to remotely log via ssh (with X11 forwarding enabled)
> into a compromised server.
And of course the sshd binary can be trojaned, your agent connections can
be hijacked, passwords logged, etc.
So Add ForwardAgent no to that host * stanza, only log in with an RSA
identity, and run ssh -v to see if anything weird happens.
The SSH protocol trusts the server. If you don't, tread very carefully.
--
David Terrell | "Any sufficiently advanced technology
Prime Minister, Nebcorp | is indistinguishable from a rigged demo."
dbt@meat.net | - Brian Swetland
http://wwn.nebcorp.com/
