November 10th, 2005
SSH Security Holes
I recently discovered that a few important machines at a certain educational institute’s datacenter allows all students, faculty, and staff to authenticate against them via ssh. Everyone’s shells appear to be set to /bin/false (or some derivative) on said machines, so the only thing you’ll see after you authenticate is the login banner and your connection will close. I thought to myself, “Fine, no shell for me. I wonder if port forwarding works?”