Re: SSH 2.4.0/3.0.1 usernames guessable ?

From: Marco van Berkum (
Date: 09/04/01

Message-ID: <>
Date: Tue, 04 Sep 2001 11:18:31 +0200
From: Marco van Berkum <>
To: Liran Cohen <>
Subject: Re: SSH 2.4.0/3.0.1 usernames guessable ?

Liran Cohen wrote:

> Hash: SHA1
> Well that is the case with most of the network applications except
> apache (the ones I encountered) , however there is tool called
> Languard port scanner which can show you host responses,(relly
> kneet), If it bothers you I'm sure you can always download the ssh
> source code and change that response (just search for the string....)

Sure, or try OpenSSH or SSH 3.0.1.
I'm still not entirely sure of 3.0.1, I hear some vuln, some not ??
Can someone doubletest this plz?

Marco van Berkum

GCC dpu s:--- a- C+++ US++++ P++ L+++ E---- W N o-- K w---
O- M-- V-- PS+++ PE-- Y+ PGP--- t--- 5 X R* tv++ b+++ DI-- D----
G++ e- h+ r y*
|  Marco van Berkum   |   MB17300-RIPE   | Security Engineer |
|  | "Chernobyl used  | Network Admin     |
| |     Windows"     |      UNIX         |

Relevant Pages

  • Re: [OT] Re: SSH versus SSHFS
    ... Hash: SHA1 ... to knock out the fruit vendor while you snag the apples. ... Of course this is all irrelevant to SSH, but this thread is so fun I ...
  • Re: [SLE] using telnet
    ... Hash: SHA1 ... I can use SSH to reach one box and from there, ... to use telnet to reach the other. ...
  • Re: [opensuse] HPET and SuSE 10.3 Update
    ... Hash: SHA1 ... ssh and my screen changed to the test screen for resizing etc. ... loosing mouse and keyboard input? ...
  • Re: Randomly-generated challenge method ?
    ... > way collision-resistant hash function, ... I don't believe it is secure except in very carefully controlled ... checking against the server stored hash SSH. ...
  • Re: chroot ssh
    ... Hash: SHA1 ... ./ is not a real directory, it's just a directive for ssh... ... PGP public key: ...