feature-request: trap-door

This is a discussion on feature-request: trap-door within the OpenSSH Development forums, part of the Networking and Network Related category; --===============1883850320== Content-Type: multipart/signed; boundary="nextPart1351008.mZt36P2eec"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page feature-request: trap-door

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 08-07-2005
Emil 'nobs' Obermayr
 
Posts: n/a
Default feature-request: trap-door
--===============1883850320==
Content-Type: multipart/signed; boundary="nextPart1351008.mZt36P2eec";
protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart1351008.mZt36P2eec
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi,

while discussing with friends how to 'hide' an ssh-entry to a system (using=
=20
uncommon ports, "knocking" on a sequence of ports with telnet, etc) we saw=
=20
the problem you need all that ports open on the client side as well. But=20
maybe on the client side you are just a guest and those ports are locked fo=
r=20
a good reason.

So we had another idea: using a sequence of login-names directly to the=20
ssh-server. If someone gives the right sequence of accounts, the IP will be=
=20
accepted for "real" logins for a while. If the sequence is wrong, the IP ca=
n=20
be logged in syslog and locked out totally from the system by another tool=
=20
with a firewall.

This could be a nice feature for people that need to have access to their=20
system from varying clients all over the internet. Additionally when a hack=
er=20
tries to hack the ssh he could be locked out from other services as well.

Is it possible to put such a feature in sshd? Could it be a patch or extern=
al=20
addon?

What do you think?

Bye!

Emil 'nobs' Obermayr
Braunschweig, Germany

--nextPart1351008.mZt36P2eec
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQBC9ghn5YzY3Sw4d9URAiLAAJ9ul9lLDgcZZ4W7/vaap4VpjOF7kACggBFw
mgUGsW8QupKehIm2PYOyxWE=
=Fzyb
-----END PGP SIGNATURE-----

--nextPart1351008.mZt36P2eec--


--===============1883850320==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev

--===============1883850320==--

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 06:57 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0