Keep SSH Sessions Active, Or Reconnect?
borjonx writes "Is it safer to log out of an SSH session, and re-establish it later, or just keep the connection open? Like many of you, I use OpenSSH to connect to my Slackware Linux boxes remotely from Linux and WinXP (putty.exe) clients. At home and at work, I wonder if it would be safer to just leave the connection open (my clients are physically secured, the servers limit connections with hosts.allow). Is it more secure to re-establish the connection over an insecure link (big bad internet) where people can sniff that handshaking, or is it more secure to just remain connected? I connect 1 to 4 times per day, most days."
I'll agree owch.
But you're quoting a vulnerability in a piece of software that was patched 3 years ago, in response to an article about running PuTTy on a Windows system.
A windows system that today likely has so many unpatched 0-day vulnerabilities, that they can't be counted, not even on all the current and past Windows developers' fingers, put together.
This is just a variant of tried-and-true character-based attacks against terminals. Smart people use mesg n on multi-user systems, especially when running as root.