lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: SNMP Broadcasts

J.A. Terranson wrote:

>>Oh, I get it.  So if root executes "sshd -p 45522"  --this is not
>>*technically* ssh, right?
>>    
>>
>
>If sshd is running on 45522 it's a back door Marty :-)  And no, in this
>case, pedantic or not, it's not "ssh" as is commonly accepted.
>
>  
>

(Responding to essentially the only on-topic issue in this e-mail...)


I disagree.  It may not be completely standard compliant (in so far as 
the standard assigns a common usage port), but it sure as hell is the 
SSH protocol.

When you say "that's running on this port, but it's not SSH" you're not 
sending the message to people that it's not SSH because it has to be 
compliant, you're sending the message to people that it's *not the SSH 
protocol at all*...

I think the fact that you're being pedantic with this issue confuses the 
point and is, pretty much, worthless.  No one, frankly, gives a sh*t if 
you consider it to not be SSH because it's not on the port that makes 
you happy -- especially if you're not happy about it because you woke up 
on the wrong side of the bed or because someone pissed in your cheerios 
or whatever reason.

Saying what you said above is counterproductive and will only serve to 
confuse people.  Perhaps you should wratchet up your pedantic nature and 
instead of saying that it's "not SSH because it's on the wrong port" say 
"it's non-compliant SSH because it's on the wrong port".

Otherwise it's a case of the pot calling the kettle black.

          -Barry

p.s. This is the end of that issue as far as I'm concerned.  If you 
continue to claim that it's "not the SSH protocol", you're just being 
difficult.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ