Re: SSH faking auth loop : what does it mean?

To: Debian-User List <debian-user@lists.debian.org>
Subject: Re: SSH faking auth loop : what does it mean?
From: brian moore <bem@cmc.net>
Date: Wed, 25 Apr 2001 11:14:32 -0700
Message-id: <[🔎] 20010425111431.F27519@cmc.net>
Mail-followup-to: Debian-User List <debian-user@lists.debian.org>
In-reply-to: <[🔎] 3AE71170.EC89C3AC@hanaden.com>; from hanasaki@hanaden.com on Wed, Apr 25, 2001 at 01:03:28PM -0500
References: <[🔎] 3AE71170.EC89C3AC@hanaden.com>

On Wed, Apr 25, 2001 at 01:03:28PM -0500, hanasaki wrote:
> The below turned up in my syslog the other day... Can someone please
> explain it?  
> 
> TIA
> 
> Apr 25 00:45:00 portal sshd[23291]: Faking authloop for illegal user
> administrator from 4.60 ...

It means that someone tried to ssh in with the username of
'administrator' and sshd faked the authorization to not divulge that the
username was not valid.  (ie, it pretended the username/password pair
was invalid, not that the username itself was).

This limits the amount of information given to probers (ie, they can't
tell if they should try a different username or a different password).

-- 
CueCat decoder .signature by Larry Wall:
#!/usr/bin/perl -n
printf "Serial: %s Type: %s Code: %s\n", map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack
'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= "C" x length; } /\.([^.]+)/g;

Reply to:

Follow-Ups:
- Re: SSH faking auth loop : what does it mean?
  - From: "Karsten M. Self" <kmself@ix.netcom.com>

References:
- SSH faking auth loop : what does it mean?
  - From: hanasaki <hanasaki@hanaden.com>

Prev by Date: Re: need help configuring hosts.deny
Next by Date: Re: need help configuring hosts.deny
Previous by thread: SSH faking auth loop : what does it mean?
Next by thread: Re: SSH faking auth loop : what does it mean?
Index(es):
- Date
- Thread