Re: make ssh log massword entered?

From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: 11/23/05


Date: Wed, 23 Nov 2005 08:01:46 -0500


<ash@fakedomainxx.com> wrote in message
news:newscache$sjqeqi$9rl$1@news.rootshell.be...
>
> Recently there has been dozens of ssh cracking on my site. They were not
> real hackers because they simply tried to guess the passwords using all
> kind of imaginable usernames, admin, webmaster, oracle. . . you name it,
> but they were very patient, the log shows they worked on it for over an
> hour.
>
> While no harm is done, I'm interested in knowing what kind of passwords
> they would guess. Is there a way to make ssh log the password entered?
> Thanks.

For an example, take a look at the old Alec Moffett written "crack" program.
I still use it or variants of it occasionally against sites that use the old
"crypt" style passwords, and consistently get about 10% of the passwords.



Relevant Pages

  • make ssh log massword entered?
    ... Recently there has been dozens of ssh cracking on my site. ... real hackers because they simply tried to guess the passwords using all ... I'm interested in knowing what kind of passwords ... Is there a way to make ssh log the password entered? ...
    (comp.security.ssh)
  • "Hot Keys"
    ... ('binary' encoding is not supported, ... someone suggested using "hot keys" for sending ... passwords for ssh log on. ...
    (RedHat)
  • Re: make ssh log massword entered?
    ... > Recently there has been dozens of ssh cracking on my site. ... > real hackers because they simply tried to guess the passwords using all ... Good judgement comes with experience. ...
    (comp.security.ssh)