SSH question
George Toft
plug-discuss@lists.plug.phoenix.az.us
Tue, 07 Jan 2003 08:33:51 -0500
James Mabry wrote:
>
> Hey all,
> Another user of the PLUG irc server and I were discussing wheter it is
> possible for the root user of a system to snoop on an ssh session that
> is currently in progress on that machine. Can this be done? Thanks.
>
> --
> Slackware Linux -
> Learn about the 4S rule.
> www.slackware-advocacy.org/whyuse.html
>
> Then try it out for yourself.
> www.slackware.org
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Initially, I would have said no, however, in playing around, I was able
to inject my own data into an established SSH session of another user
(the opposite of what I intended). Intrigued, I searched using google
and found this how-to:
<http://security-archive.merton.ox.ac.uk/archive-199806/0365.html>
which is a mirror of the RedHat list.
Better how-to description:
<http://online.securityfocus.com/archive/119/251428>
So it would appear the answer to your questions is: Yes.
Further reading:
<http://www.google.com/search?q=linux+ttysnoop+ssh&hl=en&lr=&ie=ISO-8859-1>
Cheers,
George