search for: ensure_minimum_time_since

Dear colleagues, I have a question about this commit: https://github.com/openssh/openssh-portable/commit/e9d910b0289c820852f7afa67f584cef1c05fe95#diff-a25e40214ca9c9f78abce22f23bf2abdb2a24384c6610d60bbb314aed534eb48R216 The function ensure_minimum_time_since effectively doubles the time spent in the input_userauth_request (mostly presumably in PAM). So if PAM processing is really slow, it will cause huge delays - but if it is so slow, it's more difficult to perform the enumeration attack. So doesn't it make sense to provide an upper limit here...

...s at redhat.com> wrote: > > Dear colleagues, > > I have a question about this commit: > > https://github.com/openssh/openssh-portable/commit/e9d910b0289c820852f7afa67f584cef1c05fe95#diff-a25e40214ca9c9f78abce22f23bf2abdb2a24384c6610d60bbb314aed534eb48R216 > > The function ensure_minimum_time_since effectively doubles the time > spent in the input_userauth_request (mostly presumably in PAM). So if > PAM processing is really slow, it will cause huge delays - but if it > is so slow, it's more difficult to perform the enumeration attack. > > So doesn't it make sense to pro...

On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"

...5 TOTO sshd[19126]: debug1: userauth_send_banner: sent [preauth] Jul 7 11:52:15 TOTO sshd[19126]: debug2: input_userauth_request: try method none [preauth] Jul 7 11:52:15 TOTO sshd[19126]: debug3: user_specific_delay: user specific delay 0.000ms [preauth] Jul 7 11:52:15 TOTO sshd[19126]: debug3: ensure_minimum_time_since: elapsed 73.257ms, delaying 64.508ms (requested 8.610ms) [preauth] Jul 7 11:52:15 TOTO sshd[19126]: debug3: userauth_finish: failure partial=0 next methods="publickey" [preauth] Jul 7 11:52:15 TOTO sshd[19126]: debug3: send packet: type 51 [preauth] Jul 7 11:52:15 TOTO sshd[19126]: deb...