"PermitRootLogin no" should not proceed with root login

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Steps to reproduce:
1) PermitRootLogin no in sshd_config
2) login with "root" user from other host

Present behaviour:
1) it asks for password 3 times and only then close the connection.
2) cpu consumption during bruteforce "attacks".

Expected behaviour:
Immediate disconnect/login fail

Workaround is to change ssh port, or ban IP after some login fails, or
limit IP that can connect to this port or number of connections per IP
per unit of time using firewall. All of them have disadvantages.

I use patched version 6.7_p1-r3 from Gentoo portage. But I guess it's
unlikely that this behaviour is affected by patches.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux