Vulnerability Development mailing list archives
Re: SSH 2.4.0/3.0.1 usernames guessable ?
From: Marco van Berkum <m.v.berkum () obit nl>
Date: Tue, 04 Sep 2001 09:25:43 +0200
quentyn () fotango com wrote:
This does appear to be the default in both configs I saw this in ssh2.40 an assumed that I was going mad ;o) (then promptly forgot about it)
:)
I can confirm your results in rh 6.2 - 7.1 you could set PasswordGuesses 3
Would not help in my first example, it quits after 1 illegal user login attempt.
to 1 (annoying) in the /etc/sshd2/sshd_config I would report this to the people at ssh.com as they will respond (in my experience) quickly
Yes, does anyone have the adres where to send this to ? grtz, Marco van Berkum -- GCC dpu s:--- a- C+++ US++++ P++ L+++ E---- W N o-- K w--- O- M-- V-- PS+++ PE-- Y+ PGP--- t--- 5 X R* tv++ b+++ DI-- D---- G++ e- h+ r y* +---------------------+------------------+-------------------+ | Marco van Berkum | MB17300-RIPE | Security Engineer | | http://ws.obit.nl | "Chernobyl used | Network Admin | | m.v.berkum () obit nl | Windows" | UNIX | +---------------------+------------------+-------------------+
Current thread:
- SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 03)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Samu (Sep 03)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? quentyn (Sep 03)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? quentyn (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Gordon Messmer (Sep 03)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Vince Hillier (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Vince Hillier (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Message not available
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 05)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Samu (Sep 03)
- <Possible follow-ups>
- RE: SSH 2.4.0/3.0.1 usernames guessable ? Liran Cohen (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)