Network Security: Detailed info on RE: On why debugging OpenSSH can be so hard

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Secure-Shell

[Top] [All Lists]

RE: On why debugging OpenSSH can be so hard

from [Parsons, Rick] Network Security

[Permanent Link]

Subject:	RE: On why debugging OpenSSH can be so hard
Date:	Tue, 8 Jul 2008 12:46:43 +0200

No.  He's saying that it leaks information that doesn't need to be

leaked.

That is fair enough as regards not leaking information to the client, but there 
is no excuse for not providing sufficient diagnostics to the server log so that 
at least the SysAdmin can help the guy. There is no information leak problem 
there - indeed it may help diagnose attacks as well.

-- 
Cheers,

Rick Parsons

EDS - UKIMEA - Data Centre - Midrange Unix
address: c/o Rolls Royce plc, GP1-2, PO Box 3, Filton, Bristol, BS34 7QE, UK
email: mailto:rick.parsons@eds.com
telephone: +(44) 117 979 7883 fax: +(44) 117 979 7353 mobile: +(44) 7790 493162

 
If you have received this email in error, please advise me by reply and delete 
it.

Electronic Data Systems Ltd
Registered Office:, Lansdowne House, Berkeley Square, London W1J 6ER 
Registered in England no: 53419
VAT number: 432 99 5915
web: http://www.eds.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
On why debugging OpenSSH can be so hard, Maurice Volaski Re: On why debugging OpenSSH can be so hard, Tonnerre Lombard Re: On why debugging OpenSSH can be so hard, Maurice Volaski Re: On why debugging OpenSSH can be so hard, Ben Ford Re: On why debugging OpenSSH can be so hard, Tonnerre Lombard Re: On why debugging OpenSSH can be so hard, Maurice Volaski Re: On why debugging OpenSSH can be so hard, Tonnerre Lombard Re: On why debugging OpenSSH can be so hard, Maurice Volaski Re: On why debugging OpenSSH can be so hard, Ben Ford Re: On why debugging OpenSSH can be so hard, Vladimir Levijev RE: On why debugging OpenSSH can be so hard, Parsons, Rick <= Re: On why debugging OpenSSH can be so hard, Derek Martin Re: On why debugging OpenSSH can be so hard, Maurice Volaski Re: On why debugging OpenSSH can be so hard, Maurice Volaski

Previous by Date:	Re: SSH VPN trouble, David R Green
Next by Date:	Re: SSH VPN trouble, Knut Saastad
Previous by Thread:	Re: On why debugging OpenSSH can be so hard, Vladimir Levijev
Next by Thread:	Re: On why debugging OpenSSH can be so hard, Derek Martin
Indexes:	[Date] [Thread] [Top] [All Lists]