
OpenSSH Username Enumeration - cytzol
http://seclists.org/oss-sec/2018/q3/124
======
jsiepkes
Meh...the patch is a nice improvement and I can see why a CVE is allocated but
I never considered my username a secret anyway. If you only allow strong auth
mechanisms like public keys I don't really see how knowing someone's user name
is going to make your life much easier as penetrator. Its like knowing
someone's Google account name, its the same as his/hers gmail....

