[2901] in bugtraq
Re: brute force
daemon@ATHENA.MIT.EDU (Jacob Langseth)
Thu Jul 11 13:32:08 1996
Date: Thu, 11 Jul 1996 02:54:52 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Jacob Langseth <jacob@esisys.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
>From: Christopher Klaus <cklaus@iss.net>
[...]
>a tool like ssh. But even ssh can be bruteforced, it is just a LOT more
>time consuming since it only allows 1 try per connection and there is
>quite a bit of time consumed generating the random keys for transferring.
Interestingly,
o It is the ssh client that disconnects after the first failure.
o Sshd (v1.2.13, atleast) will allow unlimited password attempts
and does not produce logs regarding the failure(s).
o Ssh is often allowed through otherwise restrictive filters or firewalls.
This makes ssh a bit more appealing for brute-force cracks than one might
first suspect...
-JwL
--- /usr/local/src/ssh-1.2.13/sshconnect.c Sun Feb 11 14:45:19 1996
+++ sshconnect.c Thu Jul 11 00:16:27 1996
@@ -1132,6 +1132,10 @@
debug("Doing password authentication.");
if (options->cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! Password will be transmitted
in clear text.");
+
+type = SSH_SMSG_FAILURE;
+while( type==SSH_SMSG_FAILURE )
+ {
password = read_passphrase(pw->pw_uid, "Password: ", 0);
packet_start(SSH_CMSG_AUTH_PASSWORD);
packet_put_string(password, strlen(password));
@@ -1147,6 +1151,7 @@
packet_disconnect("Protocol error: got %d in response to passwd auth",
type);
}
+ } /* endwhile( type==SSH_SMSG_FAILURE ) */
/* All authentication methods have failed. Exit with an error message. */
fatal("Permission denied.");
--
Jacob Langseth -=-finger for PGP key-=-
Enhanced Systems, Inc. email: jacob@esisys.com
6961 PeachTree Ind Blvd voice: (770) 662-1504 ext. 684
Norcross, GA 30092 fax: (770) 662-1537
