[Novalug] Speed Up Multiple SSH Connections to the Same Server

Jay Hart jhart at kevla.org
Mon Jan 5 18:20:14 EST 2009 

Excellent write-up, give yourself the day off on Saturday.

Jay ;)

> On Mon, Jan 5, 2009 at 2:58 PM, Megan Larko <larkoc at iges.org> wrote:
> [snip]
>> The secure shell (ssh) protocol is encrypted in transit.  The primary
>> risks are 1) possible flaw in sshd such that a non-root-permitted user
>> could escalate permission to root level and wreak havoc, or 2) much much
>> more likely is that some people have guess-able passwords or passwords
>> that have been sniffed allowing an unknown entity to ssh to the computer
>> using your userid and password combination.
>
> All good points— but these don't cover the specific reason that client
> side X11 forwarding is off by default.  There is a very specific
> practical risk with X11 forwarding.
>
> Imagine I'm some evil hacker.
>
> I announce on the list "Help, my computer is all messed up! can
> someone please log in and look at my apache config!".
>
> You, kindly, decide to help and email me your offer of assistance.  I
> send you login information.  You login without concern about my
> trustworthyness: after all it's you logging into my server, I should
> fear you but you shouldn't fear me. Right?
>
> You have X11 forwarding enabled (it used to be the default in SSH long
> ago; or you've turned it on for all hosts).
>
> Once you are logged into my server I use my powers as root on my own
> system and su to the account I made for you on my server. I then start
> x11vnc (http://www.karlrunge.com/x11vnc/) pointing to the SSH tunnel
> back to your display.  I now connect to the VNC server on my
> computer... and TADA— I'm now in control of your desktop.
>
> Someone taking over your computer via VNC isn't terribly subtle unless
> you've walked away from the computer; but just as equally I can make
> screenshots and sniff your keyboard totally invisible to you.
>
> X has a 'secure mode' that prevents keyboard sniffing when an
> application requests it, but it's almost never used. (The trusted X11
> ssh stuff interacts with this secure mode— I've never had any reason
> to use the ssh option, so I don't quite fully understand the behavior)
>
> This is why X11 forwarding is off by default and it's why you
> shouldn't use it except when logging into systems you control and
> trust.
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>

More information about the Novalug mailing list