Cada pocas horas, obtengo algunas de esas en los registros de mi servidor:
sshd[...]: Disconnecting: Change of username or service not allowed: (httpd,ssh-connection) -> (http,ssh-connection) [preauth]
sshd[...]: Disconnecting: Change of username or service not allowed: (identd,ssh-connection) -> (ident,ssh-connection) [preauth]
sshd[...]: Disconnecting: Change of username or service not allowed: (administrator,ssh-connection) -> (admin,ssh-connection) [preauth]
sshd[...]: Disconnecting: Change of username or service not allowed: (admins,ssh-connection) -> (admin,ssh-connection) [preauth]
sshd[...]: Disconnecting: Change of username or service not allowed: (admissions,ssh-connection) -> (adm,ssh-connection) [preauth]
...other attempts of the same kind: tony -> to, users -> user, wwwrun -> www, ...
Al parecer, alguien intenta confundir mi demonio ssh al primero identificarse como foo
y luego como somePrefixOfFoo
(sin éxito, obviamente).
¿Existe o hubo alguna vulnerabilidad específica en SSH que permita que tal ataque tenga éxito?