Re: Log passwords from "authentication failure" logins

m sesser wrote:
Is it possible to log failed incoming passwords from opensshd sessions?

It's possible if you modify sshd (or whatever it uses to verify the password, eg PAM).

OpenSSH's stock sshd doesn't (and won't) provide the capability but by necessity it has access to the unencrypted password so it could be modified to do so by a nosy or malicious admin.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages

  • Re: PAM & RSA (SuSE Linux+OpenSSH)
    ... > (RSA Authentication) through LibPAM. ... You want to modify sshd so that RSAAuthentication is done via PAM calls? ... Good judgement comes with experience. ...
  • Re: deny access
    ... > I'm beating my brains out because I thought there was a way to do it. ... You could modify sshd to do that by adding a check for no homedir to ... If your sshd is built to use PAM, you might be able to get a PAM module ... Good judgement comes with experience. ...
  • Re: AIX rlogin=false ....Does this have to be set to "true" in order for SSH to work ?
    ... >stupid question but with all the configuration options of I thought I'd ask. ... Only if you modify sshd. ... This will make sshd check for the "login" attribute rather ... Good judgement comes with experience. ...