If, using public keys only, an SSH client logs into (or is already logged into) a compromised SSH server, is the SSH client at risk too?
Solution 1:
Plain SSH client is generally safe from anything on the server at least for as long as no security vulnerabilities are found in it. But the following SSH features will pose security problems:
-
Remote port forwarding (with
-R
). The person/malware on the remote system will gain access to the local port. -
Tunnel device forwarding (with
-w
). The person/malware on the remote system will be able to send traffic through the tunnel. -
Authentication agent connection forwarding (
-A
). The person/malware on the remote system will be able to use your ssh-agent keyring to authenticate with other SSH servers you have keys for. -
X11 forwarding (
-X
or-Y
). As others have noted X11 protocol was designed with trusted clients in mind. The malicious software may read content of other windows, send keystrokes or simply show a window asking for a password.
Another thing to take account of is the terminal emulator you are using. Most probably it's a GUI one like konsole
or GNOME's Terminal. If it is vulnerable it can also be exploited with a program on the compromised server (e.g. the remote server could send a character sequence which causes a buffer overflow and allows the attacker to execute code on your client computer).
I've never heard of a worm or an automated attacking software use these attack vectors, but if it's a targeted attack, these (especially the Agent Forwarding) may be used against you.
Solution 2:
There are (I believe only) theoretical attacks using X forwarding that could do this.
X essentially requires fully trusting all clients (applications), and can scrape data off your client using an invisible window.
Also, if you enable agent forwarding to that host an attacker could use that combined with any "known hosts" files already on the compromised host to potentially extend their reach.
Solution 3:
Intrinsically this does not pose any security threat (except insofar as you are using a compromised machine), unless you are using X forwarding also (X windows are not sandboxed).
However, if it happens that someone has a vector for exploiting some bug in your SSH client through the action of the server to which you connect, you could be somehow compromised. For instance, an attack might exploit a buffer overflow in the key negotiation process or something.
This sort of thing is purely theoretical. While it's certainly possible for something like that to exist, I've never heard of it.