Bugtraq mailing list archives
Re: SSHD-1 Logging Vulnerability
From: Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>
Date: Mon, 12 Feb 2001 16:03:24 +0100
Markus Friedl <markus.friedl () informatik uni-erlangen de> writes: [Logging user names harmful or not?]
While I understand you concern, I am not sure whether this applies to SSH clients, since they are usually very different from telnet clients. You enter the usename when you start the client, so it's hard to get out of sync, e.g. I have never seen a user enter $ ssh -l mypasswd host
Yes, this is certainly correct for the traditional command line clients.
This even applies to Windows SSH vs. telnet clients.
IIRC, Teraterm has a combined dialog box for entering password and user name, and I think you can confuse one with the other. -- Florian Weimer Florian.Weimer () RUS Uni-Stuttgart DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Current thread:
- Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 10)
- Re: SSHD-1 Logging Vulnerability Markus Friedl (Feb 12)
- Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 12)
- Re: SSHD-1 Logging Vulnerability Grecni, Steve (Feb 12)
- <Possible follow-ups>
- Re: SSHD-1 Logging Vulnerability Ben Greenbaum (Feb 12)
- Re: SSHD-1 Logging Vulnerability Markus Friedl (Feb 12)