Displaying 4 results from an estimated 4 matches for "ensure_minimum_time_since".
2023 Apr 12
1
Defend against user enumeration timing attacks - overkill
Dear colleagues,
I have a question about this commit:
https://github.com/openssh/openssh-portable/commit/e9d910b0289c820852f7afa67f584cef1c05fe95#diff-a25e40214ca9c9f78abce22f23bf2abdb2a24384c6610d60bbb314aed534eb48R216
The function ensure_minimum_time_since effectively doubles the time
spent in the input_userauth_request (mostly presumably in PAM). So if
PAM processing is really slow, it will cause huge delays - but if it
is so slow, it's more difficult to perform the enumeration attack.
So doesn't it make sense to provide an upper limit here...
2023 Jun 28
1
Defend against user enumeration timing attacks - overkill
...s at redhat.com> wrote:
>
> Dear colleagues,
>
> I have a question about this commit:
>
> https://github.com/openssh/openssh-portable/commit/e9d910b0289c820852f7afa67f584cef1c05fe95#diff-a25e40214ca9c9f78abce22f23bf2abdb2a24384c6610d60bbb314aed534eb48R216
>
> The function ensure_minimum_time_since effectively doubles the time
> spent in the input_userauth_request (mostly presumably in PAM). So if
> PAM processing is really slow, it will cause huge delays - but if it
> is so slow, it's more difficult to perform the enumeration attack.
>
> So doesn't it make sense to pro...
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote:
> It's very hard to figure out what is happening here without a debug log.
>
> You can get one by stopping the listening sshd and running it manually
> in debug mode, e.g. "/usr/sbin/sshd -ddd"
Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2020 Jul 07
3
libssh2 is hanging during a file transfert
...5 TOTO sshd[19126]: debug1: userauth_send_banner: sent
[preauth]
Jul 7 11:52:15 TOTO sshd[19126]: debug2: input_userauth_request: try
method none [preauth]
Jul 7 11:52:15 TOTO sshd[19126]: debug3: user_specific_delay: user
specific delay 0.000ms [preauth]
Jul 7 11:52:15 TOTO sshd[19126]: debug3: ensure_minimum_time_since:
elapsed 73.257ms, delaying 64.508ms (requested 8.610ms) [preauth]
Jul 7 11:52:15 TOTO sshd[19126]: debug3: userauth_finish: failure
partial=0 next methods="publickey" [preauth]
Jul 7 11:52:15 TOTO sshd[19126]: debug3: send packet: type 51 [preauth]
Jul 7 11:52:15 TOTO sshd[19126]: deb...