Bugtraq mailing list archives

Re: SSHD-1 Logging Vulnerability

From: Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>
Date: Mon, 12 Feb 2001 16:03:24 +0100

Markus Friedl <markus.friedl () informatik uni-erlangen de> writes:

[Logging user names harmful or not?]

While I understand you concern, I am not sure whether this
applies to SSH clients, since they are usually very
different from telnet clients. You enter the usename when you
start the client, so it's hard to get out of sync, e.g. I
have never seen a user enter
      $ ssh -l mypasswd host


Yes, this is certainly correct for the traditional command line
clients.

This even applies to Windows SSH vs. telnet clients.


IIRC, Teraterm has a combined dialog box for entering password and
user name, and I think you can confuse one with the other.

--
Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Current thread:

Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 10)
- Re: SSHD-1 Logging Vulnerability Markus Friedl (Feb 12)
  - Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 12)
  - Re: SSHD-1 Logging Vulnerability Grecni, Steve (Feb 12)
- <Possible follow-ups>
- Re: SSHD-1 Logging Vulnerability Ben Greenbaum (Feb 12)