[ale] possible ssh compromise?

wbpaule at smartwebsystems.net wbpaule at smartwebsystems.net
Mon Nov 24 16:15:15 EST 2003


> Ok....someone sanity check me here...
>
>
> I'm sshing into my home box and mistype my password a few times (fat
> fingered morning).
>
> Here's what it looks like:
>
> $ ssh myuser at myhome.net
> Password:
> Password:
> Password:
> myuser at myhome.net's password:
> myuser at myhome.net's password:
> myuser at myhome.net's password:
> Received disconnect from 66.22.42.XX 2: Too many authentication failures
> for myuser
>
> So, if I mistype the password 6 times, I get the following scenario above.
>
> If I ssh to a box on the local lan here at work, I instantly get
> myuser at mylocalhost's password:
>
> 3 times, then failure.
>
> no "Password:" only prompts.
>
> Still, it seems to me that I've used ssh a lot in the past and only gotten
> simply "Password:".
>
> I'm wondering if this is some configuration thing I've set incorrectly or
> something else.  My home machine is a Red Hat 7.3 system.
>
> Course, it could be wishful thinking...and I could be compromised.  Any
> insight?

Depending on which box I ssh to (one Solaris, two debian, one BSD), I get
either prompt but if I screw up the password 3 times when presented with
the just the password: prompt, I am presented with user at mydomain.com's
password:

A quick guess would be that ssh changes the prompt to remind you of who
you are.

Bill



More information about the Ale mailing list