Re: Logging attempted passwords
From: Derek Martin (code_at_pizzashack.org)
Date: Fri, 22 Oct 2004 14:57:24 +0900 To: firstname.lastname@example.org
On Thu, Oct 21, 2004 at 03:26:36PM -0400, email@example.com wrote:
> > Is it possible to have sshd log the passwords and times of failed
> > logins?
> I may be missunderstanding you but I believe sshd already does.
I think you're misunderstanding... possibly as a result of the evil
and dreaded top-post, which fails to retain context properly. =8^)
David appears to be asking for the PASSWORD the user used on a failed
attempt. I'm not 100% positive, but I believe OpenSSH does not
provide a mechanism to get the password.
> If you do a cat on the /var/log/secure it has info of failed login
> attempts, the account they tried and the time. You cna easily use
Also note that /var/log/secure is the default on most Linux systems,
but by no means the only place these messages could appear. This
depends entirely on where the system's LOG_AUTHPRIV log messages are
going, and that's only if the user hasn't changed the SyslogFacility
in the sshd config file.
-- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
- application/pgp-signature attachment: stored