[Patch] TCP MD5SIG for OpenSSH
Thomas ☃ Habets
habets at google.com
Thu Feb 18 12:33:03 AEDT 2016
On 15 January 2016 at 06:54, Thomas ☃ Habets <habets at google.com> wrote:
> >> * SSH with "-oTCPMD5=foobarSecret"
> > Have you considered making this a stand-alone tool? Something that
> > listens and execs sshd -i on the server side and could be used as a
> > ProxyCommand on the client side. That'd be potentially usable by
> > other services.
> No I hadn't. Good idea.
>
> I think there may be some aspects you'd be missing out on (or
> reimplement, or outsource to e.g. inetd), such as (account) password
> brute force protection. I haven't tried it, but I suspect sshd -i
> can't limit to 10 concurrent preauth sessions each getting one attempt
> per second which sshd otherwise does by default.
I've now made this and cleaned it up so that it's a usable start.
https://github.com/google/tcpauth
Pull requests welcome.
--
☢ Thomas ☢
More information about the openssh-unix-dev
mailing list