[Bug 58074] Re: sshd hacked in only 50,000 tries

Brian Visel aeon.descriptor at gmail.com
Wed Dec 17 09:16:09 GMT 2008

:-/  I didn't get badk to this, and this bug is closed now.  ..but for
informational purposes...

Regarding password probabilities reflecting reality, I was assuming that the
root password that came with the system was randomly generated, and wouldn't
be subject to dictionary or probabilistic attacks.

I may have done an expert install, I'm not sure (too long ago).   I know I
did not set a root password, though.

I don't know how long the password is, I didn't set it and was not prompted
for it.

Given that my problem was before the fix for the debian SSL key generation
issue, it could be presumed that someone realized the existence of the bug
before it was reported and fixed, and was exploiting that.

sshd hacked in only 50,000 tries
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

More information about the Ubuntu-server-bugs mailing list