Re: On why debugging OpenSSH can be so hard

2008/7/8, Ben Ford <ben@xxxxxxxxxxxxxx>:

No. He's saying that it leaks information that doesn't need to be leaked.

For comparison, long long ago, there used to be different error messages
when authentication failed. It would helpfully tell you that your password
was wrong, or that you'd supplied the wrong username. Great for debugging,
right? Well yeah ... and it was great for enumerating the users on the box,
making further attacks much simpler.

How about leaving what ssh server sends to the client as it is but
making it at least log in syslog that the key was not found?


Relevant Pages

  • Re: LDAP Kerberos Bind Error in Trace
    ... then for the LDAP diagnostics via the NTDS registry key. ... > doing a search via a z/OS IBM client. ... > back immediately but then the server seems to hand and the ... > sure what to make of the error messages or the associated ...
  • Samba 2.2.8 vs CIFS Evaluation Release 3
    ... we see following error messages in the Logs, ... Error was socket is not connected ... Denied connection from ... Error writing 5 bytes to client. ...
  • Re: PFDAVAdmin Tool for Exchange 2000
    ... The error messages stays the same - no matter if ISA ... client is installed or not. ... >We┬┤re using a corporate authenticating Proxy server for ...
  • Re: Event ID: 1000 Windows cannot access the registry information at \mydomainsysvol...
    ... distributed file system client to make a connection. ... If the Dfs ... the error messages are generated. ...
  • Re: Office XP installed over trial ver 2003
    ... The client says that she sees the XP Home splash screen ... >Do you receive any error messages when the OS will not ... Now the system fails to boot into any mode. ... Would the previous version install ...