[H-GEN] Just been checking /var/log/secure on my home computer ...
David Jericho
david.jericho at aarnet.edu.au
Wed Sep 14 21:31:07 EDT 2005
Ewan Edwards wrote:
> My query is to do with what is sent back to the connecting client, eg:
> Is there a way the connecting client (attacker) can determine if the
> user ID being used is 'illegal' or 'not allowed' on the box being
> attacked?
On many default SSHD/PAM setups, yes, it's possible to see. Wrong
passwords will give a pause, illegal users will return immediately
asking for the password.
The way to change this depends on your OS of choice, and I'd recommend
hitting Google up. Alternately someone may know the immediate answer if
you're game to fess up to the OS in question.
--
David Jericho
Systems Administrator, AARNet
Phone: +61 7 3317 9576
Mobile: +61 4 2302 7185
More information about the General
mailing list