Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 1 Nov 2003 10:32:12 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Mike Loiterman <mike@ascendency.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Ssh missing 'login as' prompt
Message-ID:  <20031101103212.GA63746@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <200311010708.hA178D490745@fat_man.ascendency.net>
References:  <3FA35A36.3040101@hawton.org> <200311010708.hA178D490745@fat_man.ascendency.net>

next in thread | previous in thread | raw e-mail | index | archive | help

--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Nov 01, 2003 at 01:07:05AM -0600, Mike Loiterman wrote:
> =20
> Daniel <mailto:daniel@hawton.org> wrote:
> > ssh -l (username) (host)
>=20
> I understand that you can use the -l command to specifiy a user to
> login as. =20

You can't with ssh(1) -- it just doesn't work like that.

ssh(1) will try and log you into an account with the same name as your
current login by default, or you can log into an atlternate username
by:

    % ssh -l username remotehost

or

    % ssh username@remotehost

=20
> I want the person ssh'ing into the server to have to enter a valid
> username before they get a password prompt.=20

It's also the case that it's a bad move in security terms for the
system to ever let on to an attacker that their attempted login failed
because they got a correct username but the wrong password.  That
should be indistinguishable from attempting to log in to a
non-existent username.  The principle being that once you know what
usernames exist on a server, you can target your attempts to crack the
passwords a lot more efficiently.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/o4usdtESqEQa7a0RAs3+AJ4m5BSEqXnnw/AjHH8iMzMjy0OD1wCfeaCj
VZ3Ms9PeuBVdU1F5FUWXUbU=
=I/z5
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031101103212.GA63746>