Vulnerability Development mailing list archives
Re: SSH 2.4.0/3.0.1 usernames guessable ?
From: quentyn () fotango com
Date: Mon, 03 Sep 2001 17:53:05 +0100
This does appear to be the default in both configs
I saw this in ssh2.40 an assumed that I was going mad ;o) (then promptly
forgot about it)
I can confirm your results in rh 6.2 - 7.1
you could set
PasswordGuesses 3
to 1 (annoying) in the /etc/sshd2/sshd_config
I would report this to the people at ssh.com as they will respond (in my
experience) quickly
Q
--
#####################
Quentyn Taylor
Sysadmin - Fotango
#####################
"Usenet is like a herd of performing elephants with diarrhea -- massive,
difficult to redirect,
awe-inspiring, entertaining, and a source of mind- boggling amounts of
excrement when you
least expect it."
Gene "spaf" Spafford (1992)
Current thread:
- SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 03)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Samu (Sep 03)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? quentyn (Sep 03)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? quentyn (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Gordon Messmer (Sep 03)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Vince Hillier (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Vince Hillier (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)
- Message not available
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 05)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Samu (Sep 03)
- <Possible follow-ups>
- RE: SSH 2.4.0/3.0.1 usernames guessable ? Liran Cohen (Sep 04)
- Re: SSH 2.4.0/3.0.1 usernames guessable ? Marco van Berkum (Sep 04)