> A bug in the SSH integration feature caused input and output to be logged to a...

rad_gruchalski · on Jan 2, 2025

This seems relevant:

When does this occur? --------------------- The issue occurs if both of the following conditions are true:

1. Either: a) You used the it2ssh command, or b) In Settings > Profiles > General, the Command popup menu was set to "SSH" (not "Login Shell", "Command", or "Custom Command") AND "SSH Integration" was checked in the SSH configuration dialog. That dialog is shown when you click the Configure button next to the ssh arguments field in Settings.

2. The remote host has Python 3.7 or later installed in its default search path.

mattpavelle · on Jan 2, 2025

Yeah #1 reduces the surface area for sure, #2 maybe not so much :)

fn-mote · on Jan 2, 2025

1B looks like a common situation

kccqzy · on Jan 3, 2025

It seems incredibly uncommon to set your terminal emulator to run SSH rather than starting a shell.

karel-3d · on Jan 3, 2025

It is not very common.

prophesi · on Jan 3, 2025

#1 greatly reduces the surface area, and #2 doesn't _increase_ the surface attack limited by #1, in case people are reading this incorrectly.

welder · on Jan 3, 2025

I have Python 3.7 or later installed on my default search path, but after checking none of my servers have a `/tmp/framer.txt` file.

barkingcat · on Jan 3, 2025

you need both #1 and #2 to be true.

cozzyd · on Jan 3, 2025

Long live EL8

soheil · on Jan 3, 2025

This bug almost never occurs as it's a very esoteric feature that 99% of people here never heard or used. If you're, however, the type of user who decides not to use `bash` or `zsh` and instead wants `ssh` as their default terminal command there are probably other unusual features that you use in other apps exposing you to many other attack surfaces that you also need to worry about beyond just iTerm.