Re: SSH 2.4.0/3.0.1 usernames guessable ?

From: Marco van Berkum (m.v.berkum@obit.nl)
Date: 09/04/01


Message-ID: <3B949C67.E74A4508@obit.nl>
Date: Tue, 04 Sep 2001 11:18:31 +0200
From: Marco van Berkum <m.v.berkum@obit.nl>
To: Liran Cohen <Theog@ParadigmGeo.com>
Subject: Re: SSH 2.4.0/3.0.1 usernames guessable ?

Liran Cohen wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Well that is the case with most of the network applications except
> apache (the ones I encountered) , however there is tool called
> Languard port scanner which can show you host responses,(relly
> kneet), If it bothers you I'm sure you can always download the ssh
> source code and change that response (just search for the string....)
>

Sure, or try OpenSSH or SSH 3.0.1.
I'm still not entirely sure of 3.0.1, I hear some vuln, some not ??
Can someone doubletest this plz?

grtz,
Marco van Berkum

--
GCC dpu s:--- a- C+++ US++++ P++ L+++ E---- W N o-- K w---
O- M-- V-- PS+++ PE-- Y+ PGP--- t--- 5 X R* tv++ b+++ DI-- D----
G++ e- h+ r y*
+---------------------+------------------+-------------------+
|  Marco van Berkum   |   MB17300-RIPE   | Security Engineer |
|  http://ws.obit.nl  | "Chernobyl used  | Network Admin     |
|  m.v.berkum@obit.nl |     Windows"     |      UNIX         |
+---------------------+------------------+-------------------+



Relevant Pages

  • Re: [OT] Re: SSH versus SSHFS
    ... Hash: SHA1 ... to knock out the fruit vendor while you snag the apples. ... Of course this is all irrelevant to SSH, but this thread is so fun I ...
    (Debian-User)
  • Re: [SLE] using telnet
    ... Hash: SHA1 ... I can use SSH to reach one box and from there, ... to use telnet to reach the other. ...
    (SuSE)
  • Re: [opensuse] HPET and SuSE 10.3 Update
    ... Hash: SHA1 ... ssh and my screen changed to the test screen for resizing etc. ... loosing mouse and keyboard input? ...
    (SuSE)
  • Re: Randomly-generated challenge method ?
    ... > way collision-resistant hash function, ... I don't believe it is secure except in very carefully controlled ... checking against the server stored hash SSH. ...
    (sci.crypt)
  • Re: chroot ssh
    ... Hash: SHA1 ... ./ is not a real directory, it's just a directive for ssh... ... PGP public key: ...
    (RedHat)