[H-GEN] Just been checking /var/log/secure on my home computer ...
Greg Black
gjb at gbch.net
Wed Sep 14 23:29:41 EDT 2005
On 2005-09-15, Ewan Edwards wrote:
[Please don't drop attribution for stuff that you quote; it
makes it quite difficult to follow a thread after a while.]
> Must be the configuration of the firewall I am behind here, or the
> combined network latencies ... there's no noticeable difference from
> my workstation.
When testing these things, always start (as in my previous
example) with a connection to localhost (preferably while
physically sitting at the host in question, but remotely if it's
the only way).
> Same with mine. Just thought there may have been something in the
> format or structure of the ip packet that a script may be able to
> extract and use.
That's why you have to test against the actual installation. In
general, more modern SSH setups will do a better job of making
all failures look alike.
What I was hoping you'd do, after seeing my example bad login
attempts, was to run some tests yourself with ssh's -v (or even
-vvv) verbose option. There is further information available
there, and careful analysis of that output is the only way to be
sure what the bad guys are seeing.
>> $ ssh -V
>> OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e 25 Oct 2004
>
> OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
>
> Hhmmm ... seems I may be a version or two behind. :-/
> Better look at updating.
As you can see, the version I'm running on this box dates back
to April last year -- it's not up to date. (That's not very
important in this case, as this box is not accessible from the
outside.)
Cheers, Greg
More information about the General
mailing list