SSH protocol handler (Stefan Tilkov's Random Stuff)

July 17, 2003

SSH protocol handler

(edit) | 07:58 PM | permalink | (7 comments, 2 trackbacks) | Categories:

Am I the only one to feel that Mac OS X having registered Terminal as the default SSH protocol handler is a stupid idea? Many people, including me, put their public key on a server so that they don't have to type in their password all the time. In that setup, somebody could hide an ssh: link somewhere and execute commands on the remote machine.

The following entries may or may not be related:

Readers have left 9 Comments:

Comment from Steve Loranz at Jul 18, 2003 6:31 AM:

Actually, what I think is a worse idea is not putting a passphrase on your private key.

Comment from Stefan Tilkov at Jul 18, 2003 9:43 AM:

In principle, you are right. On the other hand, there are lots of people who do it (including me), the favorite excuse being the use of CVS in combination with SSH (who wants to enter a password with every CVS interaction?). The process how to do this is documented in lots of places, and it's likely that a lot of people are following it.

Trackback from 2lmc spool at Jul 18, 2003 12:23 PM:

ssh:// protocol handler

Read more in 2003/07/18 11:13 »

Comment from Daniel Von Fange at Jul 18, 2003 2:34 PM:

I have a password on my private key, but I use ssh agent to keep the open when I am at the computer....

If an evil person pointed the ssh command to localhost, I wonder if a computer iliterate person would enter their password, just because the terminal came up asking for it...

Comment from Daniel Axelrod at Jul 19, 2003 5:36 AM:

There is a way to disable the ssh protocol opening Terminal.

-Open Internet Explorer (yes, even if you don't use it for anything, it can still change systemwide preferences for some reason, and this particular setting isn't in System Preferences).
-Go to Explorer>Preferences, and then select "Protocol Helpers" in the "Network" category on the left side of the dialog.
-Click the "Add..." button.
-In the "Helper for" field, type "ssh".
-Click "Choose Helper..." and pick something like TextEdit.
-Click OK.

Now, ssh:// links will open TextEdit, which will proceed to do nothing. Terminal does not open.

This works for me on 10.2.5, but your milage may vary.

Trackback from J : Da Blog at Jul 19, 2003 1:12 PM:

Appearently, if you use that as a link, as opposed to http:// , on Mac OS X, it will launcher...

Read more in ssh:// »

Comment from Carl Lindberg at Aug 4, 2003 5:26 PM:

If you can get it installed on both the CVS server and client, fsh (http://www.lysator.liu.se/fsh/ ) is a great tool (requires python though). It keeps an open connection to the server, so each CVS command does not have to re-connect, and you don't have to re-authenticate with SSH each time. It's really just a front for ssh, and there's an fcp as well if you want to copy several files to the same host.

Comment from Stefan Tilkov at Aug 4, 2003 5:40 PM:

Carl, that sounds very interesting - I'll surely take a look at it. Thanks.

Comment from Peter Marreck at Oct 24, 2003 6:42 PM:

You can trash IE and use the More Internet http://www.monkeyfood.com/software/MoreInternet/ system prefpane to add or change protocol helpers.

I'm surprised that Apple still hasn't included this functionality in the OS!

Post a comment (no HTML, please; http://... fragments will be turned into links automatically):

Name:

Email Address:

URL:

Remember personal info?
YesNo
Comments: