On 13 Mar 2007 00:41:45 +0100, Thomas Hafner wrote:
Hello,
having an option like
ControlPath ~/.ssh/control/[EMAIL PROTECTED]:%p
is probably not a good idea, if the user's home directory is shared by
different machines (name collision for similiar outgoing SSH
connections). Something like that
ControlPath /tmp/[EMAIL PROTECTED]:%p
should be better, because the directory /tmp is always local to the
machine. But will that enable symlink attacks? (e.g. somehow is
guessing the name before and creates an appropriate symlink to a file
to be corrupted.) Or is there another, better solution?
I'm using that version (ssh -v):
OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006
Regards
Thomas
I've got the impression that you can't create a unix domain socket on
an NFS mounted file system - so if users' home directories are under
NFS, I have an impression that the control socket would not be created
at all. I could be quite mistaken though.
Also, as I understand it, anyone on the client machine who can have
access to the unix socket at ControlPath, can become the user on the
server machine - so attacks that do something tricky with permissions
could also become a possibility.
You can always put %l into the ControlPath, so it would identify both
the local and remote machines. Then only if you have two machines
that think they have the same hostname should there be a problem.
Regards
Mark
