Re: SSH 2.4.0/3.0.1 usernames guessable ?

[Marco van Berkum <m.v.berkum () obit nl>]

quentyn () fotango com wrote:

> This does appear to be the default in both configs
>
> I saw this in ssh2.40 an assumed that I was going mad ;o) (then promptly
> forgot about it)

:)

> I can confirm your results in rh 6.2 - 7.1
>
> you could set
>
>         PasswordGuesses                 3

Would not help in my first example, it quits after 1 illegal user login
attempt.


> to 1 (annoying) in the /etc/sshd2/sshd_config
>
> I would report this to the people at ssh.com as they will respond (in my
> experience) quickly

Yes, does anyone have the adres where to send this to ?

grtz,
Marco van Berkum

--
GCC dpu s:--- a- C+++ US++++ P++ L+++ E---- W N o-- K w---
O- M-- V-- PS+++ PE-- Y+ PGP--- t--- 5 X R* tv++ b+++ DI-- D----
G++ e- h+ r y*
+---------------------+------------------+-------------------+
|  Marco van Berkum   |   MB17300-RIPE   | Security Engineer |
|  http://ws.obit.nl  | "Chernobyl used  | Network Admin     |
|  m.v.berkum () obit nl |     Windows"     |      UNIX         |
+---------------------+------------------+-------------------+