[Patch] TCP MD5SIG for OpenSSH
Thomas ☃ Habets
habets at google.com
Fri Jan 15 22:54:52 AEDT 2016
On 14 January 2016 at 20:57, Darren Tucker <dtucker at zip.com.au> wrote:
>> * Add "TCPMD5 foorbarSecret" to sshd_config
>> * SSH with "-oTCPMD5=foobarSecret"
> Have you considered making this a stand-alone tool? Something that
> listens and execs sshd -i on the server side and could be used as a
> ProxyCommand on the client side. That'd be potentially usable by
> other services.
No I hadn't. Good idea.
I think there may be some aspects you'd be missing out on (or
reimplement, or outsource to e.g. inetd), such as (account) password
brute force protection. I haven't tried it, but I suspect sshd -i
can't limit to 10 concurrent preauth sessions each getting one attempt
per second which sshd otherwise does by default.
--
☢ Thomas ☢
More information about the openssh-unix-dev
mailing list