Page MenuHomePhabricator

[ssh] Add support for no-more-sessions@openssh.com
Open, WishlistPublic

Description

Add support for no-more-sessions@openssh.com.

Most SSH connections will only ever request a single session, but a attacker may abuse a running ssh client to surreptitiously open
additional sessions under their control. OpenSSH provides a global request "no-more-sessions@openssh.com" to mitigate this attack.

Event Timeline

asn triaged this task as Wishlist priority.Sep 3 2018, 8:14 AM
asn created this task.

This implements the server part. The patch hasn't been tested!

asn changed the edit policy from "All Users" to "Restricted Project (Project)".Sep 4 2018, 9:46 PM
asn added a project: Restricted Project.