You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A: First it estabilishes an encrypted connection with the OpenSSH Server then sends a malformed packeage(SSH2_MSG_USERAUTH_REQUEST), the script analyze the anwser, discovering if the username exists or not by the messeage receved by the server, if there's no anwser, then the user exists. Otherwise, it will send a messeage of invalid user.
Why this happens?
A: You can read about it on this article: https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/
where you'll find a detailed explanation about the case.