feature-request: trap-door

Emil 'nobs' Obermayr nobs at tigress.com
Sun Aug 7 23:08:38 EST 2005


Hi,

while discussing with friends how to 'hide' an ssh-entry to a system (using 
uncommon ports, "knocking" on a sequence of ports with telnet, etc) we saw 
the problem you need all that ports open on the client side as well. But 
maybe on the client side you are just a guest and those ports are locked for 
a good reason.

So we had another idea: using a sequence of login-names directly to the 
ssh-server. If someone gives the right sequence of accounts, the IP will be 
accepted for "real" logins for a while. If the sequence is wrong, the IP can 
be logged in syslog and locked out totally from the system by another tool 
with a firewall.

This could be a nice feature for people that need to have access to their 
system from varying clients all over the internet. Additionally when a hacker 
tries to hack the ssh he could be locked out from other services as well.

Is it possible to put such a feature in sshd? Could it be a patch or external 
addon?

What do you think?

Bye!

Emil 'nobs' Obermayr
Braunschweig, Germany
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20050807/50952442/attachment.bin 


More information about the openssh-unix-dev mailing list