[Novalug] Speed Up Multiple SSH Connections to the Same Server
jhart at kevla.org
Mon Jan 5 18:20:14 EST 2009
Excellent write-up, give yourself the day off on Saturday.
> On Mon, Jan 5, 2009 at 2:58 PM, Megan Larko <larkoc at iges.org> wrote:
>> The secure shell (ssh) protocol is encrypted in transit. The primary
>> risks are 1) possible flaw in sshd such that a non-root-permitted user
>> could escalate permission to root level and wreak havoc, or 2) much much
>> more likely is that some people have guess-able passwords or passwords
>> that have been sniffed allowing an unknown entity to ssh to the computer
>> using your userid and password combination.
> All good pointsâ but these don't cover the specific reason that client
> side X11 forwarding is off by default. There is a very specific
> practical risk with X11 forwarding.
> Imagine I'm some evil hacker.
> I announce on the list "Help, my computer is all messed up! can
> someone please log in and look at my apache config!".
> You, kindly, decide to help and email me your offer of assistance. I
> send you login information. You login without concern about my
> trustworthyness: after all it's you logging into my server, I should
> fear you but you shouldn't fear me. Right?
> You have X11 forwarding enabled (it used to be the default in SSH long
> ago; or you've turned it on for all hosts).
> Once you are logged into my server I use my powers as root on my own
> system and su to the account I made for you on my server. I then start
> x11vnc (http://www.karlrunge.com/x11vnc/) pointing to the SSH tunnel
> back to your display. I now connect to the VNC server on my
> computer... and TADAâ I'm now in control of your desktop.
> Someone taking over your computer via VNC isn't terribly subtle unless
> you've walked away from the computer; but just as equally I can make
> screenshots and sniff your keyboard totally invisible to you.
> X has a 'secure mode' that prevents keyboard sniffing when an
> application requests it, but it's almost never used. (The trusted X11
> ssh stuff interacts with this secure modeâ I've never had any reason
> to use the ssh option, so I don't quite fully understand the behavior)
> This is why X11 forwarding is off by default and it's why you
> shouldn't use it except when logging into systems you control and
> Novalug mailing list
> Novalug at calypso.tux.org
More information about the Novalug