On Fri, Feb 09, 2001 at 06:23:07PM +0100, Florian Weimer wrote:
+ log_msg("Rhosts authentication failed for '%.100s', remote '%.100s',
host '%.200s'.",
user, client_user, get_canonical_hostname());
I don't think this patch is a good idea. If a user accidentally
Markus Friedl [EMAIL PROTECTED] writes:
[Logging user names harmful or not?]
While I understand you concern, I am not sure whether this
applies to SSH clients, since they are usually very
different from telnet clients. You enter the usename when you
start the client, so it's hard to get out
While I understand you concern, I am not sure whether this
applies to SSH clients, since they are usually very
different from telnet clients. You enter the usename when you
start the client, so it's hard to get out of sync, e.g. I
have never seen a user enter
$ ssh -l mypasswd host
On Sun, 11 Feb 2001, Markus Friedl wrote:
On Fri, Feb 09, 2001 at 06:23:07PM +0100, Florian Weimer wrote:
+ log_msg("Rhosts authentication failed for '%.100s', remote '%.100s',
host '%.200s'.",
user, client_user, get_canonical_hostname());
I don't think this
jose nazario [EMAIL PROTECTED] writes:
- debug("Rhosts authentication failed for '%.100s', remote '%.100s', host
'%.200s'.",
+ log_msg("Rhosts authentication failed for '%.100s', remote '%.100s', host
'%.200s'.",
user, client_user,
Crimelabs, Inc. www.crimelabs.net
Security Note
Crimelabs Security Note CLABS200101
Title: SSH-1 Brute Force Password Vulnerability
Date: 5 February, 2001
Vendors: Any supported by