On Sat, 4 Nov 2017, Hans Dedecker wrote:
On Sat, Nov 4, 2017 at 10:14 AM, Petr Štetiar wrote:
Hans Dedecker [2017-11-03 13:46:14]:
Hi,
By default dropbear logs to syslog which discloses info about account names
when doing connection attempts (e.g. "Bad password attempt for 'engineer'
from
> On Nov 4, 2017, at 3:14 AM, Petr Štetiar wrote:
>
> Hans Dedecker [2017-11-03 13:46:14]:
>
> Hi,
>
>> By default dropbear logs to syslog which discloses info about account names
>> when doing connection attempts (e.g. "Bad password attempt for 'engineer'
>> from x.x.x.x:y")
>
> I don't get
NAK, inline:
> On Nov 3, 2017, at 6:46 AM, Hans Dedecker wrote:
>
> By default dropbear logs to syslog which discloses info about account names
> when doing connection attempts (e.g. "Bad password attempt for 'engineer' from
> x.x.x.x:y")
> As this facilitates brute force attempts against accou
On Sat, Nov 4, 2017 at 10:14 AM, Petr Štetiar wrote:
> Hans Dedecker [2017-11-03 13:46:14]:
>
> Hi,
>
>> By default dropbear logs to syslog which discloses info about account names
>> when doing connection attempts (e.g. "Bad password attempt for 'engineer'
>> from x.x.x.x:y")
>
> I don't get it,
Hans Dedecker [2017-11-03 13:46:14]:
Hi,
> By default dropbear logs to syslog which discloses info about account names
> when doing connection attempts (e.g. "Bad password attempt for 'engineer'
> from x.x.x.x:y")
I don't get it, syslog discloses this information to whom and how?
> As this fac
By default dropbear logs to syslog which discloses info about account names
when doing connection attempts (e.g. "Bad password attempt for 'engineer' from
x.x.x.x:y")
As this facilitates brute force attempts against account names; make syslog
support configurable in order not to leak sensitive info
