Samu wrote: > it was an old trick posted to bugtraq some time ago for openssh > ( i can't give you link 'cause search function today is not working ) > yeah, tried to find docu regarding this issue, didnt succeed because of this. > > anyway it can be avoided by setting ( on openssh conf ) > > NumberOfPasswordPrompts 1 > Yes, in the commercial version there is a 'password guesses' option which defaults to 3, but as you can see in the first example it just quits after 1 try when its a non-existant user. Appearently this does not apply on illegal users. grtz, Marco van Berkum -- GCC dpu s:--- a- C+++ US++++ P++ L+++ E---- W N o-- K w--- O- M-- V-- PS+++ PE-- Y+ PGP--- t--- 5 X R* tv++ b+++ DI-- D---- G++ e- h+ r y* +---------------------+------------------+-------------------+ | Marco van Berkum | MB17300-RIPE | Security Engineer | | http://ws.obit.nl | "Chernobyl used | Network Admin | | m.v.berkumat_private | Windows" | UNIX | +---------------------+------------------+-------------------+
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 08:33:00 PDT