Vulnerability Development mailing list archives
RE: SSH 2.4.0/3.0.1 usernames guessable ?
From: Liran Cohen <Theog () ParadigmGeo com>
Date: Tue, 4 Sep 2001 12:12:49 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well that is the case with most of the network applications except apache (the ones I encountered) , however there is tool called Languard port scanner which can show you host responses,(relly kneet), If it bothers you I'm sure you can always download the ssh source code and change that response (just search for the string....) TheOg Liran Cohen e-mail:LiranC () Paradigmgeo com Tel. office:+972-9-9709387 FAX.:+972-9-9709365 Tel. mobile:+972-54-898817 - -----Original Message----- From: quentyn () fotango com [mailto:quentyn () fotango com] Sent: Monday, September 03, 2001 6:53 PM To: m.v.berkum () obit nl Cc: vuln Subject: Re: SSH 2.4.0/3.0.1 usernames guessable ? This does appear to be the default in both configs I saw this in ssh2.40 an assumed that I was going mad ;o) (then promptly forgot about it) I can confirm your results in rh 6.2 - 7.1 you could set PasswordGuesses 3 to 1 (annoying) in the /etc/sshd2/sshd_config I would report this to the people at ssh.com as they will respond (in my experience) quickly Q - -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### "Usenet is like a herd of performing elephants with diarrhea -- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind- boggling amounts of excrement when you least expect it." Gene "spaf" Spafford (1992) -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO5SoqyXZhGjHgDflEQJL0wCg1+l4lhW7Rp8G6UWhYqyOKd2AhIEAoOcU n7QiDmStlHG7IayMlqIrSNYU =evV0 -----END PGP SIGNATURE-----
Attachment:
Liran Cohen.vcf
Description:
Current thread:
- Re: SSH 2.4.0/3.0.1 usernames guessable ?, (continued)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? quentyn (Sep 03)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? quentyn (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Gordon Messmer (Sep 03)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Vince Hillier (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Vince Hillier (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Message not available
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 05)
- RE: SSH 2.4.0/3.0.1 usernames guessable ? Liran Cohen (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)