On Wed, 9 Jun 1999 altellezat_private wrote: > Details > > when a ssh client connects to the daemon it has a number ( default > three ) of attempts to guess the correct password before > disconnecting if you try to connect with a correct login, but > you only have once if you try to connect with a no correct login. > > EXAMPLE > > alfonso is not user ( login ) in 192.168.0.1 > > > $ssh 192.168.0.1 -l alfonso > alfonso's password: <hit ENTER key> > > Disconnected; authentication error (Authentication method disabled.). > $ > > altellez is user ( login ) in 192.168.0.1 > > $ssh 192.168.0.1 -l altellez > altellez's password: <hit ENTER key> > altellez's password: > > Now the remote attacker known that altellez is a true login in > 192.168.0.1 > > QUICK FIX > > Edit the file sshd2_config (usually at /etc/ssh2), set the value > of "PasswordGuesses" to 1. > > I only has tested it with ssh-2.0.12 I just tried that error with ssh-2.0.13. It was more strange.. --- [ unexistant user `unknown' ] local:~> ssh -lunknown 192.168.0.1 Disconnected; authentication error (No further authentication methods available.). local:~> --- [ existant user `me' ] local:~> ssh -lme 192.168.0.1 me's password: [<ENTER>] Disconnected; authentication error (Authentication method disabled.). local:~> -- Delete yurself, you got no chance to win.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:47 PDT