On Mon, 3 Sep 2001, Marco van Berkum wrote: > As we were playing a bit with some SSH versions we > came across some interesting 'bugs'. I hope this is not > a 'known' bug, but I wasn't able to find any documentation > regarding this flaw. ... > Lets try to make a ssh connection for a non existing user: > Now I try it for a existing user: > A clear difference in the output. This "bug" was fixed some time ago in OpenSSH, which will currently give the same prompts for real users and non-existant users. However, there is still a discernable difference between users that exist and those that don't in OpenSSH. If you attempt to connect as a user that exists, there will be a delay between password prompts. Connecting as a user that does not exist, the password prompts will lack the sleep() delay. Better, but not perfect. -- If I had a dollar for every brain that you don't have, I'd have one dollar. - Squidward to SpongeBob
This archive was generated by hypermail 2b30 : Mon Sep 03 2001 - 14:19:19 PDT