Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
If the usernames on local and remote machines match, you don't have to specify the username in the SSH command. Also, when it doesn't show the exact error messages, possible attacker doesn't know what exactly went wrong so it is harder for him to get into your server.
-
You are partially right.
https://tools.ietf.org/html/...
The reason there is no "user doesn't exist" is by design.
You can turn up the fun and use eg. ssh -vv to see what's really going on.
SSH is designed in a simple fashion - the ssh client sends something, the server answers with success or failure.
The "this might be wrong, the user doesn't exist" part was left out intentionally.
The verbose flag is pretty handy. One -v should be enough.
I think you're right at the point that the username should be written out.
But (run it with -v) under the hood SSH tries more than one authentication if possible, as such it's hard to cover that part - I guess most people would be pissed if one v would be default. I love it. -
@Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root @Root
-
I think PAM is designed in such a way that it's very hard to determine the list of users because they can come from so many sources, so you'll see that the notion of a user isn't very specific in *nix. In this particular case though the intent is to improve security by letting attackers ring both nonexistent and specifically blocked doorbells.
I try to log in via SSH to a remote server. In the beginning all is well. It asks for my password, so I enter the password. Next thing: connection closed by the remote server.
So I wonder what the problem might be... I guess that perhaps I forgot to specify the username. Indeed when I try the 2nd time with my user name added in front of the host name - it works just fine.
But why is there no error message? Why not tell the user what's wrong? "User name is required". Can't be that hard?
Sometimes I see stuff and it just blows my mind why on Earth some things function so poorly. SSH exists for dozens of years yet the error message is not there -> it's guessing time.
random