Stefan Tilkov's Random Stuff

SSH protocol handler

Am I the only one to feel that Mac OS X having registered Terminal as the default SSH protocol handler is a stupid idea? Many people, including me, put their public key on a server so that they don't have to type in their password all the time. In that setup, somebody could hide an ssh: link somewhere and execute commands on the remote machine.

Comments

On July 18, 2003 6:31 AM, Steve Loranz said:

Actually, what I think is a worse idea is not putting a passphrase on your private key.

On July 18, 2003 9:43 AM, Stefan Tilkov said:

In principle, you are right. On the other hand, there are lots of people who do it (including me), the favorite excuse being the use of CVS in combination with SSH (who wants to enter a password with every CVS interaction?). The process how to do this is documented in lots of places, and it’s likely that a lot of people are following it.

On July 18, 2003 2:34 PM, Daniel Von Fange said:

I have a password on my private key, but I use ssh agent to keep the open when I am at the computer….

If an evil person pointed the ssh command to localhost, I wonder if a computer iliterate person would enter their password, just because the terminal came up asking for it…

On July 19, 2003 5:36 AM, Daniel Axelrod said:

There is a way to disable the ssh protocol opening Terminal.

-Open Internet Explorer (yes, even if you don’t use it for anything, it can still change systemwide preferences for some reason, and this particular setting isn’t in System Preferences). -Go to Explorer>Preferences, and then select “Protocol Helpers” in the “Network” category on the left side of the dialog. -Click the “Add…” button. -In the “Helper for” field, type “ssh”. -Click “Choose Helper…” and pick something like TextEdit. -Click OK.

Now, ssh:// links will open TextEdit, which will proceed to do nothing. Terminal does not open.

This works for me on 10.2.5, but your milage may vary.

On August 4, 2003 5:26 PM, Carl Lindberg said:

If you can get it installed on both the CVS server and client, fsh (http://www.lysator.liu.se/fsh/ ) is a great tool (requires python though). It keeps an open connection to the server, so each CVS command does not have to re-connect, and you don’t have to re-authenticate with SSH each time. It’s really just a front for ssh, and there’s an fcp as well if you want to copy several files to the same host.

On August 4, 2003 5:40 PM, Stefan Tilkov said:

Carl, that sounds very interesting - I’ll surely take a look at it. Thanks.

On October 24, 2003 6:42 PM, Peter Marreck said:

You can trash IE and use the More Internet http://www.monkeyfood.com/software/MoreInternet/ system prefpane to add or change protocol helpers.

I’m surprised that Apple still hasn’t included this functionality in the OS!