doing an ssh into a compromised host

To: debian-security@lists.debian.org
Subject: doing an ssh into a compromised host
From: Vassilii Khachaturov <vassilii@tarunz.org>
Date: Tue, 2 Nov 2004 08:59:07 +0200 (IST)
Message-id: <Pine.LNX.4.44.0411020827540.3154-100000@stalker.iGuide.co.il>

I have discovered that one of the machines I have an account on has been
hacked. As a result, I am left with the following worries.

I have been doing ssh into the box. THe client is set up not to request
the X forwarding by the default. When I try "ssh -v" now, I observe no X
forwarding being established, whereas "ssh -X -v"  does establish X.
Question is, could the server have forced an X forwarding on me (w/o my
knowledge) having sniffed my local keystrokes? FWIW, I have been doing
"ssh-add" and then ssh w/o a need to enter any password during the
authentication with the compromised remote host.

Thanks for your explanations in advance,
Vassilii

Reply to:

Follow-Ups:
- Re: doing an ssh into a compromised host
  - From: martin f krafft <madduck@debian.org>
- Re: doing an ssh into a compromised host
  - From: "Volker Tanger" <volker.tanger@detewe.de>

Prev by Date: Re: Recommended firewall package?
Next by Date: ssh chroot on debian documentation
Previous by thread: Re: Recommended firewall package? insubscribe
Next by thread: Re: doing an ssh into a compromised host
Index(es):
- Date
- Thread