On Tue, Jan 21, 2020 at 12:18:52PM +1100, Damien Miller wrote: > I wouldn't say it's a lot harder to take control of current connections - > writing a ptrace-based tool that hijacked a running ssh client and > injected a one-off implant payload via keystrokes doesn't seem like > much work. * Injection of key strokes into an existing channel may be detected just because "hey, I didn't type foobar" so why is it on my screen. A new shell on a different channel won't show so obviously. * That's a lot harder than just getting a whole new shell without writing any tools; just use the existing ssh command line. Tool-less compromise is a higher risk vector 'cos it's harder for monitoring tools to detect. -- rgds Stephen _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
