Re: SSH faking auth loop : what does it mean?

To: hanasaki <hanasaki@hanaden.com>
Cc: Debian-User List <debian-user@lists.debian.org>
Subject: Re: SSH faking auth loop : what does it mean?
From: Jason Healy <jhealy@logn.net>
Date: Wed, 25 Apr 2001 14:15:12 -0400
Message-id: <[🔎] 20010425141512.A14810@logn.net>
In-reply-to: <[🔎] 3AE71170.EC89C3AC@hanaden.com>; from hanasaki@hanaden.com on Wed, Apr 25, 2001 at 01:03:28PM -0500
References: <[🔎] 3AE71170.EC89C3AC@hanaden.com>

At 988221808s since epoch (04/25/01 14:03:28 -0400 UTC), hanasaki wrote:
> The below turned up in my syslog the other day... Can someone please
> explain it?  
> 
> Apr 25 00:45:00 portal sshd[23291]: Faking authloop for illegal user
> administrator from 4.60 ...

When somebody tries to log on to your machine with a username that doesn't
exist, SSH 'goes through the motions' of asking for the user's password,
even though it knows that the username won't work.

It does this so that somebody can't figure out which accounts are valid on
your machine by guessing and seeing which it gets a valid authloop for.
After all, if SSH just dumped connections that had a bad username, it would
be easy to find out which accounts exist, and thus which ones to try to
break into.

Since you don't have an 'administrator' account, you should probably
administer The Smack to whoever is trying to guess their way into your box.

Jason

--
Jason Healy    |     jhealy@logn.net
LogN Systems   |   http://www.logn.net/

Reply to:

References:
- SSH faking auth loop : what does it mean?
  - From: hanasaki <hanasaki@hanaden.com>

Prev by Date: Re: need help configuring hosts.deny
Next by Date: Re: need help configuring hosts.deny
Previous by thread: Re: SSH faking auth loop : what does it mean?
Next by thread: kdebase-crypto?
Index(es):
- Date
- Thread