Marco Ivaldi wrote:
> It needs expect, and target ssh hostkey must be already added. I'd be
> very interested in knowing the results of tests performed on other
> distros and configurations.
>
Hi Marco,
nice to meet you :-). I tried to do this test over my 10 Mbps lan and
this is the result:
giangy@thor:~/dev$ ./sshtime calipso users.txt
a@calipso real 9.55
root@calipso real 9.33 <- valid user with shell
wheel@calipso real 10.44
giangy@calipso real 9.49
cdrom@calipso real 9.68
burning@calipso real 9.47
mysql@calipso real 9.35
operator@calipso real 9.59 <- valid user with shell
test@calipso real 9.51 <- valid user with shell
Another test:
a@calipso real 9.37
root@calipso real 9.90 <- valid user with shell
wheel@calipso real 10.66
giangy@calipso real 9.41
cdrom@calipso real 9.30
burning@calipso real 10.30
mysql@calipso real 9.47
operator@calipso real 10.21 <- valid user with shell
test@calipso real 10.98 <- valid user with shell
daemon@calipso real 7.14
abcd@calipso real 7.20
"root", "operator" and "test" are valid users with a valid shell
enabled. I made this test on Slackware 11.0 (fresh installation) with
OpenSSH_4.4p1. I used the default sshd_config (see
http://slackware.osuosl.org/slackware-current/source/n/openssh/ for more
informations about the package). So, I don't received any timing leak in
this session.
I'll try as possible other distributions and configurations. However,
good work Marco :-).
> It needs expect, and target ssh hostkey must be already added. I'd be
> very interested in knowing the results of tests performed on other
> distros and configurations.
>
Hi Marco,
nice to meet you :-). I tried to do this test over my 10 Mbps lan and
this is the result:
giangy@thor:~/dev$ ./sshtime calipso users.txt
a@calipso real 9.55
root@calipso real 9.33 <- valid user with shell
wheel@calipso real 10.44
giangy@calipso real 9.49
cdrom@calipso real 9.68
burning@calipso real 9.47
mysql@calipso real 9.35
operator@calipso real 9.59 <- valid user with shell
test@calipso real 9.51 <- valid user with shell
Another test:
a@calipso real 9.37
root@calipso real 9.90 <- valid user with shell
wheel@calipso real 10.66
giangy@calipso real 9.41
cdrom@calipso real 9.30
burning@calipso real 10.30
mysql@calipso real 9.47
operator@calipso real 10.21 <- valid user with shell
test@calipso real 10.98 <- valid user with shell
daemon@calipso real 7.14
abcd@calipso real 7.20
"root", "operator" and "test" are valid users with a valid shell
enabled. I made this test on Slackware 11.0 (fresh installation) with
OpenSSH_4.4p1. I used the default sshd_config (see
http://slackware.osuosl.org/slackware-current/source/n/openssh/ for more
informations about the package). So, I don't received any timing leak in
this session.
I'll try as possible other distributions and configurations. However,
good work Marco :-).
Best Regards,
Gianluca Varisco
[ reply ]