feature-request: trap-door
Emil 'nobs' Obermayr
nobs at tigress.com
Sun Aug 7 23:08:38 EST 2005
Hi,
while discussing with friends how to 'hide' an ssh-entry to a system (using
uncommon ports, "knocking" on a sequence of ports with telnet, etc) we saw
the problem you need all that ports open on the client side as well. But
maybe on the client side you are just a guest and those ports are locked for
a good reason.
So we had another idea: using a sequence of login-names directly to the
ssh-server. If someone gives the right sequence of accounts, the IP will be
accepted for "real" logins for a while. If the sequence is wrong, the IP can
be logged in syslog and locked out totally from the system by another tool
with a firewall.
This could be a nice feature for people that need to have access to their
system from varying clients all over the internet. Additionally when a hacker
tries to hack the ssh he could be locked out from other services as well.
Is it possible to put such a feature in sshd? Could it be a patch or external
addon?
What do you think?
Bye!
Emil 'nobs' Obermayr
Braunschweig, Germany
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20050807/50952442/attachment.bin
More information about the openssh-unix-dev
mailing list