needs to do it's part by
logging it to the authpriv facility so you can separate it, and after
that you need to make sure you set up syslog right.
-Bob
cc:
Subject: Ben Greenbaum: Re: SSHD-1 Logging Vulnerability
>> [users getting out of sync and passwords getting logged
On Sun, 11 Feb 2001, Markus Friedl wrote:
> On Fri, Feb 09, 2001 at 06:23:07PM +0100, Florian Weimer wrote:
> > > + log_msg("Rhosts authentication failed for '%.100s', remote '%.100s',
>host '%.200s'.",
> > > user, client_user, get_canonical_hostname());
> >
> > I don't
> While I understand you concern, I am not sure whether this
> applies to SSH clients, since they are usually very
> different from telnet clients. You enter the usename when you
> start the client, so it's hard to get out of sync, e.g. I
> have never seen a user enter
> $ ssh -l mypasswd ho
Markus Friedl <[EMAIL PROTECTED]> writes:
[Logging user names harmful or not?]
> While I understand you concern, I am not sure whether this
> applies to SSH clients, since they are usually very
> different from telnet clients. You enter the usename when you
> start the client, so it's hard to ge
On Fri, Feb 09, 2001 at 06:23:07PM +0100, Florian Weimer wrote:
> > + log_msg("Rhosts authentication failed for '%.100s', remote '%.100s',
>host '%.200s'.",
> > user, client_user, get_canonical_hostname());
>
> I don't think this patch is a good idea. If a user accident
jose nazario <[EMAIL PROTECTED]> writes:
> - debug("Rhosts authentication failed for '%.100s', remote '%.100s', host
>'%.200s'.",
> + log_msg("Rhosts authentication failed for '%.100s', remote '%.100s', host
>'%.200s'.",
> user, client_user, get_canonical_host
Crimelabs, Inc. www.crimelabs.net
Security Note
Crimelabs Security Note CLABS200101
Title: SSH-1 Brute Force Password Vulnerability
Date: 5 February, 2001
Vendors: Any supported by SSH-