Re: brute force

[jacob () esisys com (Jacob Langseth)]

> From: Christopher Klaus <cklaus () iss net>
[...]
> a tool like ssh.   But even ssh can be bruteforced, it is just a LOT more
> time consuming since it only allows 1 try per connection and there is
> quite a bit of time consumed generating the random keys for transferring.

Interestingly,
    o It is the ssh client that disconnects after the first failure.
    o Sshd (v1.2.13, atleast) will allow unlimited password attempts
      and does not produce logs regarding the failure(s).
    o Ssh is often allowed through otherwise restrictive filters or firewalls.

This makes ssh a bit more appealing for brute-force cracks than one might
first suspect...

-JwL

--- /usr/local/src/ssh-1.2.13/sshconnect.c      Sun Feb 11 14:45:19 1996
+++ sshconnect.c        Thu Jul 11 00:16:27 1996
@@ -1132,6 +1132,10 @@
       debug("Doing password authentication.");
       if (options->cipher == SSH_CIPHER_NONE)
        log("WARNING: Encryption is disabled! Password will be transmitted
in clear text.");
+
+type = SSH_SMSG_FAILURE;
+while( type==SSH_SMSG_FAILURE )
+  {
       password = read_passphrase(pw->pw_uid, "Password: ", 0);
       packet_start(SSH_CMSG_AUTH_PASSWORD);
       packet_put_string(password, strlen(password));
@@ -1147,6 +1151,7 @@
        packet_disconnect("Protocol error: got %d in response to passwd auth",
                          type);
     }
+  } /* endwhile( type==SSH_SMSG_FAILURE ) */

   /* All authentication methods have failed.  Exit with an error message. */
   fatal("Permission denied.");
--
Jacob Langseth                          -=-finger for PGP key-=-
Enhanced Systems, Inc.                  email:  jacob () esisys com
6961 PeachTree Ind Blvd                 voice:  (770) 662-1504 ext. 684
Norcross, GA  30092                     fax:    (770) 662-1537