Hello List, I'm not very firm with debian so I'm would like to ask the ML before I post something to the BTS. I know this is not the right place, but the bug is soo trival that I'm afraid I'm missing maybe the real point.
Okay where we go. I'm talking about the sarge distribution in generell and the package "ssh-3.8p1-3 Secure rlogin/rsh/rcp replacement (OpenSSH)" in specific. The computers name is "wolke": % ssh -l root wolke Password: <pressing RETURN> sleeps for 3 seconds... Password: <pressing RETURN> sleeps for 3 seconds... Password: <pressing RETURN> sleeps for 3 seconds... Permission denied (publickey,keyboard-interactive). Everything is fine with that but now: miro:/etc/rc3.d# ssh -l root2 miro Password: No(!) wait Password: No(!) wait Password: No(!) wait Permission denied (publickey,keyboard-interactive). "root2" doesn't exists on this computer so you can guess the user accounts on "wolke" and you can use this information for a real attack like password hacking or cracking... I tried other account names as well with the same results: long wait with existing users and no wait with non-existing users. Can someone confirm this behaviour? -- So long... Erik Wasser
