subject:"RE\: Ssh missing 'login as' prompt"

Re: Ssh missing 'login as' prompt

2003-11-06 Thread Jean-Baptiste Quenot

* Mike Loiterman:

> Whenever  I try  to  ssh into  my  machie, it  just  goes straight  to
> [EMAIL PROTECTED] password: by  passing the traditional login as: .  How can I
> turn that back on?

You could instead pass the login name when invoking ssh:

ssh -l otheruser somehost

-- or --

ssh [EMAIL PROTECTED]

You can also arrange that logging into somehost is always achieved with
otheruser by adding the following fragment into ~/.ssh/config:

Host somehost
User otheruser

Cheers,
-- 
Jean-Baptiste Quenot
http://caraldi.com/jbq/


pgp0.pgp
Description: PGP signature

Re: Ssh missing 'login as' prompt

2003-11-03 Thread Malcolm Kay

On Mon, 3 Nov 2003 12:10, Mike Loiterman wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Micheal Patterson <mailto:[EMAIL PROTECTED]> wrote:
> > - Original Message -
> > From: "Mike Loiterman" <[EMAIL PROTECTED]>
> > To: "'Kevin Stevens'" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Sunday, November 02, 2003 3:33 PM
> > Subject: RE: Ssh missing 'login as' prompt
> >
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA1
> >>
> >> Kevin Stevens <mailto:[EMAIL PROTECTED]> wrote:
> >>> On Oct 31, 2003, at 22:25, Mike Loiterman wrote:
> >>>> -BEGIN PGP SIGNED MESSAGE-
> >>>> Hash: SHA1
> >>>>
> >>>> Whenever I try to ssh into my machie, it just goes straight to
> >>>> [EMAIL PROTECTED] password: by passing the traditional login as: . How
> >>>> can I turn that back on?
> >>>
> >>> Remove the client machine's public key from the server's
> >>> ~/.ssh/authorized_keys2 file for that user id.
> >>>
> >>> KeS
> >>
> >> That works but only temporarily.  The next time I login, it goes
> >> directly to the password prompt.  Am I fooling myself?  Is it any
> >> more secure to get a login as: prompt and then a password prompt
> >> as compared to just going directly to a password prompt?
> >>
> >> - --
> >> Mike Loiterman
> >> grantADLER
> >> Tel: 630-302-4944
> >> Fax: 773-868-0071
> >> Email: [EMAIL PROTECTED]
> >> PGP Key 0xD1B9D18E
> >
> > What you're describing is normal behavior for ssh. Telnet does the
> > same thing from a fbsd to fbsd system. It uses the login id on the
> > connecting terminal as the user to auth against on the remote. I
> > would recommend using an rsa pass phrase instead of the password if
> > you wish it to be more secure.
>
> That's strange, to me at least.  I have a number of other systems
> that just give a login as: prompt.  Specifically FreeBSD 4.x.  Has
> things changed?
>

I think you need:
 UseLogin yes
in /etc/sshd_config at the far end.

Malcolm Kay

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Ssh missing 'login as' prompt

2003-11-02 Thread Micheal Patterson

- Original Message - 
From: "Mike Loiterman" <[EMAIL PROTECTED]>
To: "'Micheal Patterson'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, November 02, 2003 7:40 PM
Subject: RE: Ssh missing 'login as' prompt

> >
> > What you're describing is normal behavior for ssh. Telnet does the
> > same thing from a fbsd to fbsd system. It uses the login id on the
> > connecting terminal as the user to auth against on the remote. I
> > would recommend using an rsa pass phrase instead of the password if
> > you wish it to be more secure.
>
> That's strange, to me at least.  I have a number of other systems
> that just give a login as: prompt.  Specifically FreeBSD 4.x.  Has
> things changed?
>
> - --
> Mike Loiterman
> grantADLER
> Tel: 630-302-4944
> Fax: 773-868-0071
> Email: [EMAIL PROTECTED]
> PGP Key 0xD1B9D18E

Fbsd telnet attempts and SRA secure login on when connecting to another FBSD
box and will include the detected login ID in ()'s at the User prompt.
Hitting enter will pass you on to the password prompt.  With SSH/SSHD, the
hosts exchange keys to encrypt the initial connection. Once done, the client
sends the logon ID to the remote server. Regardless if the ID exists or not,
you'll be prompted for the password.  I honestly can't remember the last
time that I've been prompted with a login as: prompt. It's been quite a long
time ago. Of course, it could be because ssh/sshd is incorporated into the
system core now instead of requiring an install from ports with the
ssh.com's version of sshd.

--

Micheal Patterson
Network Administration
Cancer Care Network
405-917-0600

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Ssh missing 'login as' prompt

2003-11-02 Thread Lowell Gilbert

"Mike Loiterman" <[EMAIL PROTECTED]> writes:

> That works but only temporarily.  The next time I login, it goes
> directly to the password prompt.  Am I fooling myself?  Is it any
> more secure to get a login as: prompt and then a password prompt as
> compared to just going directly to a password prompt?

The initiating side has to provide a username before it does anything
else, so I don't understand what you think you're gaining.  Certainly
the machine you connect to won't notice any difference either way, and
if you can't trust the machine you're connecting from, you're dead in
the water (security-wise) anyway.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Ssh missing 'login as' prompt

2003-11-02 Thread Mike Loiterman

 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Micheal Patterson <mailto:[EMAIL PROTECTED]> wrote:
> - Original Message -
> From: "Mike Loiterman" <[EMAIL PROTECTED]>
> To: "'Kevin Stevens'" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Sunday, November 02, 2003 3:33 PM
> Subject: RE: Ssh missing 'login as' prompt
> 
> 
>> 
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>> 
>> Kevin Stevens <mailto:[EMAIL PROTECTED]> wrote:
>>> On Oct 31, 2003, at 22:25, Mike Loiterman wrote:
>>> 
>>>> 
>>>> -BEGIN PGP SIGNED MESSAGE-
>>>> Hash: SHA1
>>>> 
>>>> Whenever I try to ssh into my machie, it just goes straight to
>>>> [EMAIL PROTECTED] password: by passing the traditional login as: . How
>>>> can I turn that back on?
>>> 
>>> Remove the client machine's public key from the server's
>>> ~/.ssh/authorized_keys2 file for that user id.
>>> 
>>> KeS
>> 
>> That works but only temporarily.  The next time I login, it goes
>> directly to the password prompt.  Am I fooling myself?  Is it any
>> more secure to get a login as: prompt and then a password prompt
>> as compared to just going directly to a password prompt?
>> 
>> - --
>> Mike Loiterman
>> grantADLER
>> Tel: 630-302-4944
>> Fax: 773-868-0071
>> Email: [EMAIL PROTECTED]
>> PGP Key 0xD1B9D18E
>> 
> 
> What you're describing is normal behavior for ssh. Telnet does the
> same thing from a fbsd to fbsd system. It uses the login id on the
> connecting terminal as the user to auth against on the remote. I
> would recommend using an rsa pass phrase instead of the password if
> you wish it to be more secure.

That's strange, to me at least.  I have a number of other systems
that just give a login as: prompt.  Specifically FreeBSD 4.x.  Has
things changed?

- --
Mike Loiterman
grantADLER
Tel: 630-302-4944
Fax: 773-868-0071
Email: [EMAIL PROTECTED]
PGP Key 0xD1B9D18E

-BEGIN PGP SIGNATURE-
Version: PGP 8.0.3
Comment: Digitally signed by Mike Loiterman

iQA/AwUBP6Wx/2jZbUnRudGOEQKC1QCg6OStKDsBVuOCcnLTKQ6P7R1ujuEAni6q
S/ZX4+Gr5zFRMSfZ6bOlwsOl
=HnVZ
-END PGP SIGNATURE-

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Ssh missing 'login as' prompt

2003-11-02 Thread Micheal Patterson



- Original Message - 
From: "Mike Loiterman" <[EMAIL PROTECTED]>
To: "'Kevin Stevens'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, November 02, 2003 3:33 PM
Subject: RE: Ssh missing 'login as' prompt


>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Kevin Stevens <mailto:[EMAIL PROTECTED]> wrote:
> > On Oct 31, 2003, at 22:25, Mike Loiterman wrote:
> >
> >>
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA1
> >>
> >> Whenever I try to ssh into my machie, it just goes straight to
> >> [EMAIL PROTECTED] password: by passing the traditional login as: . How can
> >> I turn that back on?
> >
> > Remove the client machine's public key from the server's
> > ~/.ssh/authorized_keys2 file for that user id.
> >
> > KeS
>
> That works but only temporarily.  The next time I login, it goes
> directly to the password prompt.  Am I fooling myself?  Is it any
> more secure to get a login as: prompt and then a password prompt as
> compared to just going directly to a password prompt?
>
> - --
> Mike Loiterman
> grantADLER
> Tel: 630-302-4944
> Fax: 773-868-0071
> Email: [EMAIL PROTECTED]
> PGP Key 0xD1B9D18E
>

What you're describing is normal behavior for ssh. Telnet does the same
thing from a fbsd to fbsd system. It uses the login id on the connecting
terminal as the user to auth against on the remote. I would recommend using
an rsa pass phrase instead of the password if you wish it to be more secure.


--

Micheal Patterson
Network Administration
Cancer Care Network
405-917-0600

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Ssh missing 'login as' prompt

2003-11-02 Thread Mike Loiterman

 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Kevin Stevens  wrote:
> On Oct 31, 2003, at 22:25, Mike Loiterman wrote:
> 
>> 
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>> 
>> Whenever I try to ssh into my machie, it just goes straight to
>> [EMAIL PROTECTED] password: by passing the traditional login as: . How can
>> I turn that back on?
> 
> Remove the client machine's public key from the server's
> ~/.ssh/authorized_keys2 file for that user id.
> 
> KeS

That works but only temporarily.  The next time I login, it goes
directly to the password prompt.  Am I fooling myself?  Is it any
more secure to get a login as: prompt and then a password prompt as
compared to just going directly to a password prompt?

- --
Mike Loiterman
grantADLER
Tel: 630-302-4944
Fax: 773-868-0071
Email: [EMAIL PROTECTED]
PGP Key 0xD1B9D18E

-BEGIN PGP SIGNATURE-
Version: PGP 8.0.3
Comment: Digitally signed by Mike Loiterman

iQA/AwUBP6V4FmjZbUnRudGOEQIM8wCeJx37Judo6ufAXyNihusxaJqm1coAniwL
RDyrOAqxGAJDQiL6fSMQ0E6v
=Y7y/
-END PGP SIGNATURE-

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Ssh missing 'login as' prompt

2003-11-01 Thread Matthew Seaman

On Sat, Nov 01, 2003 at 01:07:05AM -0600, Mike Loiterman wrote:
>  
> Daniel  wrote:
> > ssh -l (username) (host)
> 
> I understand that you can use the -l command to specifiy a user to
> login as.  

You can't with ssh(1) -- it just doesn't work like that.

ssh(1) will try and log you into an account with the same name as your
current login by default, or you can log into an atlternate username
by:

% ssh -l username remotehost

or

% ssh [EMAIL PROTECTED]

> I want the person ssh'ing into the server to have to enter a valid
> username before they get a password prompt. 

It's also the case that it's a bad move in security terms for the
system to ever let on to an attacker that their attempted login failed
because they got a correct username but the wrong password.  That
should be indistinguishable from attempting to log in to a
non-existent username.  The principle being that once you know what
usernames exist on a server, you can target your attempts to crack the
passwords a lot more efficiently.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK

pgp0.pgp
Description: PGP signature

RE: Ssh missing 'login as' prompt

2003-11-01 Thread Mike Loiterman

 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Daniel  wrote:
> ssh -l (username) (host)

I understand that you can use the -l command to specifiy a user to
login as.  

I want the person ssh'ing into the server to have to enter a valid
username before they get a password prompt. 

- --
Mike Loiterman
grantADLER
Tel: 630-302-4944
Fax: 773-868-0071
Email: [EMAIL PROTECTED]
PGP Key 0xD1B9D18E

-BEGIN PGP SIGNATURE-
Version: PGP 8.0.3
Comment: Digitally signed by Mike Loiterman

iQA/AwUBP6NbmWjZbUnRudGOEQLCnACg5PJPN/rJ4JZNMPA9wVi523jw9j0AoMvh
3pOP2GMsU0OiToK9juhz4O0g
=idvR
-END PGP SIGNATURE-

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Ssh missing 'login as' prompt

Re: Ssh missing 'login as' prompt

Re: Ssh missing 'login as' prompt

Re: Ssh missing 'login as' prompt

RE: Ssh missing 'login as' prompt

Re: Ssh missing 'login as' prompt

RE: Ssh missing 'login as' prompt

Re: Ssh missing 'login as' prompt

RE: Ssh missing 'login as' prompt

9 matches

Site Navigation

Mail list logo

Footer information