[19159] in bugtraq
Re: SSHD-1 Logging Vulnerability
daemon@ATHENA.MIT.EDU (Ben Greenbaum)
Mon Feb 12 19:53:08 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.30.0102121053580.14167-100000@mail>
Date: Mon, 12 Feb 2001 10:55:54 -0700
Reply-To: Ben Greenbaum <bgreenbaum@SECURITYFOCUS.COM>
From: Ben Greenbaum <bgreenbaum@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010211214508.9C20F24C433@lists.securityfocus.com>
> While I understand you concern, I am not sure whether this
> applies to SSH clients, since they are usually very
> different from telnet clients. You enter the usename when you
> start the client, so it's hard to get out of sync, e.g. I
> have never seen a user enter
> $ ssh -l mypasswd host
> This even applies to Windows SSH vs. telnet clients.
Not always. I can think of one Windows SSH client off the top of my head
that will prompt for the username and password seperately - SecureCRT. I'm
sure there are others as well that I'm just not thinking of right now...
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
