From owner-freebsd-questions@FreeBSD.ORG Sat Nov 1 02:32:30 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA61B16A4CE for ; Sat, 1 Nov 2003 02:32:30 -0800 (PST) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B7DB43FE0 for ; Sat, 1 Nov 2003 02:32:28 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) hA1AWDdl064071 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 1 Nov 2003 10:32:13 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id hA1AWCMm064066; Sat, 1 Nov 2003 10:32:12 GMT (envelope-from matthew) Date: Sat, 1 Nov 2003 10:32:12 +0000 From: Matthew Seaman To: Mike Loiterman Message-ID: <20031101103212.GA63746@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Mike Loiterman , 'Daniel' , freebsd-questions@freebsd.org References: <3FA35A36.3040101@hawton.org> <200311010708.hA178D490745@fat_man.ascendency.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline In-Reply-To: <200311010708.hA178D490745@fat_man.ascendency.net> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on happy-idiot-talk.infracaninophile.co.uk cc: 'Daniel' cc: freebsd-questions@freebsd.org Subject: Re: Ssh missing 'login as' prompt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2003 10:32:31 -0000 --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 01, 2003 at 01:07:05AM -0600, Mike Loiterman wrote: > =20 > Daniel wrote: > > ssh -l (username) (host) >=20 > I understand that you can use the -l command to specifiy a user to > login as. =20 You can't with ssh(1) -- it just doesn't work like that. ssh(1) will try and log you into an account with the same name as your current login by default, or you can log into an atlternate username by: % ssh -l username remotehost or % ssh username@remotehost =20 > I want the person ssh'ing into the server to have to enter a valid > username before they get a password prompt.=20 It's also the case that it's a bad move in security terms for the system to ever let on to an attacker that their attempted login failed because they got a correct username but the wrong password. That should be indistinguishable from attempting to log in to a non-existent username. The principle being that once you know what usernames exist on a server, you can target your attempts to crack the passwords a lot more efficiently. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/o4usdtESqEQa7a0RAs3+AJ4m5BSEqXnnw/AjHH8iMzMjy0OD1wCfeaCj VZ3Ms9PeuBVdU1F5FUWXUbU= =I/z5 -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt--