Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: connecting to server without user name

368 views
Skip to first unread message
Message has been deleted

Todd H.

unread,
Apr 25, 2009, 11:49:00 PM4/25/09
to
uz060742950 <admini...@autovirusscan.local> writes:
> Is there a command line way to connect to a unix server account with
> ssh without using the "l" option or the name@server option?

Not that I'm aware of.


> I'd like to avoid sending my user id across the air waves.

If you don't send it, how on earth is the server to know whom to
authenticate?

Since it's ssh, the only person who's going to see it would be the
server owner. And if you're afraid of them knowing your username,
it's sorta hard to get an account.

--
Todd H.
http://www.toddh.net/

Simon Tatham

unread,
Apr 26, 2009, 3:47:51 AM4/26/09
to
uz060742950 <admini...@autovirusscan.local> wrote:
> Is there a command line way to connect to a unix server account with ssh
> without using the "l" option or the name@server option? I'd like to avoid

> sending my user id across the air waves.

As Todd says in the other followup, your username is sent encrypted,
so it isn't exposed to listeners on the network. But it sounds as if
you might be more concerned about the remote user name showing up in
the local 'ps' listing and hence visible to other users on your
client machine?

If so, you can get round that by creating an entry in ~/.ssh/config
which specifies the remote host name and remote user name, and then
on the ssh command line just give the name of that entry. (And
~/.ssh/config can be made readable only to you.)
--
for k in [pow(x,37,0x13AC59F3ECAC3127065A9) for x in [0x195A0BCE1C2F0310B43C,
0x73A0CE584254AB23D5A0, 0x12878657EA814421CC92, 0x7373445BB3DA69996F4A,
0x77A7ED5BC3AA700E80B2, 0xE9C71C94ED87ADCF7367, 0xFE920395F414C1A5DB50]]:
print "".join([chr(32+3*((k>>x)&1))for x in range(79)]) # <ana...@pobox.com>

Unruh

unread,
Apr 26, 2009, 8:44:14 AM4/26/09
to
comp...@toddh.net (Todd H.) writes:

>uz060742950 <admini...@autovirusscan.local> writes:
>> Is there a command line way to connect to a unix server account with
>> ssh without using the "l" option or the name@server option?

>Not that I'm aware of.


>> I'd like to avoid sending my user id across the air waves.

>If you don't send it, how on earth is the server to know whom to
>authenticate?

Agreed-impossible. HOwever, you seem to think that the user name is sent in
the clear. It is not. ssh starts off by exchanging keys with the remote
server. This is a server to server negotiation and does NOT use your
username, not does it use anything connected with you. It uses the public
keys of the server and your system to generate an encryption key.
Thereafter all communication including your user name is encrypted. Noone
can read it.

Message has been deleted

Harrie

unread,
Apr 26, 2009, 8:55:41 PM4/26/09
to
uz060742950 wrote:

> I noticed with putty, nifty, and maybe some other ssh clients that there
> is an apparent server connection _before_ a user name is entered,
> thereby causing the user to be prompted for a user name. I was thinking
> that might be more private.

You're talking about (e.g.) PuTTY's "Auto-login username" under
Connection ==> Data in PuTTY's Configuration screen, aren't you?

Like Simon and Todd tried to explain, the username (either provided by
the user by typing it in or by some setting(s) somewhere) is sent
encrypted to the server. The *mechanism* used by both is the same.

> On an outsourced unix server other users could use the 'ps' or 'who'
> commands that might disclose an ssh user id.

Taken from:

http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch00_02.htm

"You can copy files between accounts, remotely log into one account
from the other, or execute remote commands, all with the confidence that
nobody can intercept your username, password, or data in transit."

I would like to emphasize the "in transit" part there.

SSH doesn't change anything about the account itself, so some of those
account activities will be locally exposed through commands like ps or
who or any command that uses wtmp.

--
Regards,
Harrie

Todd H.

unread,
Apr 27, 2009, 12:00:35 AM4/27/09
to
Unruh <unruh...@physics.ubc.ca> writes:

> comp...@toddh.net (Todd H.) writes:
>
>>uz060742950 <admini...@autovirusscan.local> writes:
>>> Is there a command line way to connect to a unix server account with
>>> ssh without using the "l" option or the name@server option?
>
>>Not that I'm aware of.
>
>
>>> I'd like to avoid sending my user id across the air waves.
>
>>If you don't send it, how on earth is the server to know whom to
>>authenticate?
>
> Agreed-impossible. HOwever, you seem to think that the user name is sent in
> the clear. It is not.

You seem to have no read something I wrote that you quoted below your
rush to correct what wasn't wrong. :-)

>>Since it's ssh, the only person who's going to see it would be the
>>server owner. And if you're afraid of them knowing your username,
>>it's sorta hard to get an account.

--
Todd H.
http://www.toddh.net/

0 new messages