[19146] in bugtraq
Re: SSHD-1 Logging Vulnerability
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Feb 12 17:16:00 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <tgitmg9c5f.fsf@mercury.rus.uni-stuttgart.de>
Date: Mon, 12 Feb 2001 16:03:24 +0100
Reply-To: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
From: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
X-To: Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010211194210.A32573@folly>
Markus Friedl <markus.friedl@informatik.uni-erlangen.de> writes:
[Logging user names harmful or not?]
> While I understand you concern, I am not sure whether this
> applies to SSH clients, since they are usually very
> different from telnet clients. You enter the usename when you
> start the client, so it's hard to get out of sync, e.g. I
> have never seen a user enter
> $ ssh -l mypasswd host
Yes, this is certainly correct for the traditional command line
clients.
> This even applies to Windows SSH vs. telnet clients.
IIRC, Teraterm has a combined dialog box for entering password and
user name, and I think you can confuse one with the other.
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
