Re: Logging attempted passwords

• Previous message: Jerry: "Re: Controlling ssh from an external program"
• In reply to: mike_at_genxweb.net: "Re: Logging attempted passwords"
• Next in thread: Philip Le Riche: "Re: Logging attempted passwords"
• Reply: Philip Le Riche: "Re: Logging attempted passwords"
• Reply: Greg Wooledge: "Re: Logging attempted passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 22 Oct 2004 14:57:24 +0900
To: secureshell@securityfocus.com

On Thu, Oct 21, 2004 at 03:26:36PM -0400, mike@genxweb.net wrote:
> > Is it possible to have sshd log the passwords and times of failed
> > logins?
>
> David,
> I may be missunderstanding you but I believe sshd already does.

I think you're misunderstanding... possibly as a result of the evil
and dreaded top-post, which fails to retain context properly. =8^)

David appears to be asking for the PASSWORD the user used on a failed
attempt. I'm not 100% positive, but I believe OpenSSH does not
provide a mechanism to get the password.

> If you do a cat on the /var/log/secure it has info of failed login
> attempts, the account they tried and the time. You cna easily use

Also note that /var/log/secure is the default on most Linux systems,
but by no means the only place these messages could appear. This
depends entirely on where the system's LOG_AUTHPRIV log messages are
going, and that's only if the user hasn't changed the SyslogFacility
in the sshd config file.

-- 
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D

• application/pgp-signature attachment: stored

• Previous message: Jerry: "Re: Controlling ssh from an external program"
• In reply to: mike_at_genxweb.net: "Re: Logging attempted passwords"
• Next in thread: Philip Le Riche: "Re: Logging attempted passwords"
• Reply: Philip Le Riche: "Re: Logging attempted passwords"
• Reply: Greg Wooledge: "Re: Logging attempted passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]