Ogni poche ore ne ottengo alcuni nei registri del server:
sshd[...]: Disconnecting: Change of username or service not allowed: (httpd,ssh-connection) -> (http,ssh-connection) [preauth]
sshd[...]: Disconnecting: Change of username or service not allowed: (identd,ssh-connection) -> (ident,ssh-connection) [preauth]
sshd[...]: Disconnecting: Change of username or service not allowed: (administrator,ssh-connection) -> (admin,ssh-connection) [preauth]
sshd[...]: Disconnecting: Change of username or service not allowed: (admins,ssh-connection) -> (admin,ssh-connection) [preauth]
sshd[...]: Disconnecting: Change of username or service not allowed: (admissions,ssh-connection) -> (adm,ssh-connection) [preauth]
...other attempts of the same kind: tony -> to, users -> user, wwwrun -> www, ...
A quanto pare, qualcuno cerca di confondere il mio demone ssh identificandosi prima come foo
e poi come somePrefixOfFoo
(senza successo, ovviamente).
C'è o c'era qualche vulnerabilità specifica in SSH che consentirebbe un tale attacco di avere successo?