Re: Logging attempted passwords

From: Derek Martin (
Date: 10/22/04

  • Next message: Chris Cheshire: "port forwarding and oracle"
    Date: Fri, 22 Oct 2004 14:57:24 +0900

    On Thu, Oct 21, 2004 at 03:26:36PM -0400, wrote:
    > > Is it possible to have sshd log the passwords and times of failed
    > > logins?
    > David,
    > I may be missunderstanding you but I believe sshd already does.

    I think you're misunderstanding... possibly as a result of the evil
    and dreaded top-post, which fails to retain context properly. =8^)

    David appears to be asking for the PASSWORD the user used on a failed
    attempt. I'm not 100% positive, but I believe OpenSSH does not
    provide a mechanism to get the password.

    > If you do a cat on the /var/log/secure it has info of failed login
    > attempts, the account they tried and the time. You cna easily use

    Also note that /var/log/secure is the default on most Linux systems,
    but by no means the only place these messages could appear. This
    depends entirely on where the system's LOG_AUTHPRIV log messages are
    going, and that's only if the user hasn't changed the SyslogFacility
    in the sshd config file.

    Derek D. Martin
    GPG Key ID: 0x81CFE75D

  • Next message: Chris Cheshire: "port forwarding and oracle"