LINUX.ORG.RU

История изменений

Исправление getup, (текущая версия) : 

2.2. connection: disallow additional sessions extension
      "no-more-sessions@openssh.com"
 
 Most SSH connections will only ever request a single session, but a
 attacker may abuse a running ssh client to surreptitiously open
 additional sessions under their control. OpenSSH provides a global
 request "no-more-sessions@openssh.com" to mitigate this attack.
 
 When an OpenSSH client expects that it will never open another session
 (i.e. it has been started with connection multiplexing disabled), it
 will send the following global request:
 
     byte        SSH_MSG_GLOBAL_REQUEST
     string      "no-more-sessions@openssh.com"
     char        want-reply
 
 On receipt of such a message, an OpenSSH server will refuse to open
 future channels of type "session" and instead immediately abort the 
 connection.
 
 Note that this is not a general defence against compromised clients
 (that is impossible), but it thwarts a simple attack.
 
 NB. due to certain broken SSH implementations aborting upon receipt
 of this message, the no-more-sessions request is only sent to OpenSSH
 servers (identified by banner). Other SSH implementations may be
 whitelisted to receive this message upon request.

serverloop.c (openssh-6.2p2.tar.gz) 

109 static int no_more_sessions = 0; /* Disallow further sessions. */


 1034     debug("input_session_request");
 1035     packet_check_eom();
 1036 
 1037     if (no_more_sessions) {
 1038         packet_disconnect("Possible attack: attempt to open a session "
 1039             "after additional sessions disabled");
 1040     }


1165     } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) {
 1166         no_more_sessions = 1;
 1167         success = 1;
 1168     }
Для первого соединения no_more_sessions=0. Когда оно устанавливается, no_more_sessions=1. Для последующих, если клиент передал эту строку (no-more-sessions@openssh.com) в первом соединении,сервер откажет в подключении.

Исходная версия getup, : 

2.2. connection: disallow additional sessions extension
      "no-more-sessions@openssh.com"
 
 Most SSH connections will only ever request a single session, but a
 attacker may abuse a running ssh client to surreptitiously open
 additional sessions under their control. OpenSSH provides a global
 request "no-more-sessions@openssh.com" to mitigate this attack.
 
 When an OpenSSH client expects that it will never open another session
 (i.e. it has been started with connection multiplexing disabled), it
 will send the following global request:
 
     byte        SSH_MSG_GLOBAL_REQUEST
     string      "no-more-sessions@openssh.com"
     char        want-reply
 
 On receipt of such a message, an OpenSSH server will refuse to open
 future channels of type "session" and instead immediately abort the 
 connection.
 
 Note that this is not a general defence against compromised clients
 (that is impossible), but it thwarts a simple attack.
 
 NB. due to certain broken SSH implementations aborting upon receipt
 of this message, the no-more-sessions request is only sent to OpenSSH
 servers (identified by banner). Other SSH implementations may be
 whitelisted to receive this message upon request.

serverloop.c (openssh-6.2p2.tar.gz) 

 1034     debug("input_session_request");
 1035     packet_check_eom();
 1036 
 1037     if (no_more_sessions) {
 1038         packet_disconnect("Possible attack: attempt to open a session "
 1039             "after additional sessions disabled");
 1040     }