SSH Connection Sharing

Saturday, May 17. 2008

SSH Connection Sharing

This tip was originally posted to the python-dev mailing list, so I can't take one scrap of credit for it.

Basically, since OpenSSH4, there has been an option to share connections -- that is, once you've opened one connection to a host, every subsequent connection is tunneled through the same channel, completely removing the overhead of authentication!

It's quite simple, just add this to ~/.ssh/config:

ControlMaster auto
ControlPath ~/.ssh/.%r@%h:%p

There can be problems if your machine crashes and that file is left lying around... So adding this to your crontab will fix that:

@reboot rm -f .ssh/controls/*

Next time: tab completion with scp!

Posted by David Wolever in Play at 09:35 | Comments (2) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

For bonus marks, discuss how to use shared connections as an attack vector. (Hint: think race conditions during reboot.)

#1 Greg Wilson (Homepage) on 2008-05-17 11:43 (Reply)

The only attack vector opened up by shared connections relies on the attacker having access to ~/.ssh/$socket while the connection is still active. To do that, though, they either need root or access to your account (permissions are 600 by default).

So, if you don't trust root, you might not want to use this trick... But, then, a malicious root could exploit many other attack vectors (modifying /usr/bin/ssh is the first that comes to mind), so you probably shouldn't be using that machine either

I'm not sure what race conditions during reboot you have in mind, though... Sure, someone might gain access to a dead socket, but that would just leave them with a bunch of read(2) errors.

#1.1 David Wolever (Homepage) on 2008-05-17 14:18 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Standard emoticons like :-) and ;-) are converted to images. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: Markdown format allowed You can use [geshi lang=lang_name [,ln={y\|n}]][/geshi] tags to embed source code snippets
	Remember Information? Subscribe to this entry