2

How can I check if a username exists at a ssh server address using command line tools? For example, I would love to type,

isvaliduser [username] [ssh_server]
result: True

where isvaliduser is some magical function that tests whether a user with name username exists at ssh_server. But is this feasible?

My specific application: The remote server I need to access has a dynamic IP (I can't use a Dynamic DNS service). I can come up with a list of server addresses that contains my target address, but I need a way to figure out which one is mine. I thought one way of doing this would be to test if any of the addresses have the user myusername. But if you have another suggestion for solving my particular problem, I would be happy to hear it.

Delyle
  • 529
  • 3
  • 14
  • The best way to do this is a dynamic DNS service, where a program running on the server updates a DNS record with its own IP. – Dark Falcon Dec 23 '16 at 17:22
  • @DarkFalcon Unfortunately a dynamic DNS service is not an option for me – Delyle Dec 23 '16 at 17:23
  • Neither is finding out a username is valid on a server unless you also wish to attempt to log into the server, which may be a security risk depending on how you intend to do it. You'll certainly need to provide more info than just the username. – Dark Falcon Dec 23 '16 at 17:23
  • Keep in mind that ssh servers are designed to not be able to reveal valid user names unless you also supply the proper credentials (password) to log in. – nos Dec 23 '16 at 17:24
  • @nos is there a way I could test whether the user and password combination is valid, using a script? – Delyle Dec 23 '16 at 17:25

1 Answers1

1

You have to connect to that server and check if the user is in the passwd for example:

ssh your_account_at_serve@[ssh_server] grep [username] /etc/passwd

If you would be able to enumerate users without authentication, it is considered as a information disclosure and security threat.

Jakuje
  • 24,773
  • 12
  • 69
  • 75
  • Thanks, I think this should work. Would I be exposing myself to a security vulnerability by using this method? That is, if I attempt to log in to a ssh server using my username and password, would a person at the other end be able to record the name and password I've tried to use? – Delyle Dec 27 '16 at 17:07
  • No. If you have one account you can log in, you can check the other accounts this way without any security issue. – Jakuje Dec 27 '16 at 17:08