Re: make ssh log massword entered?
From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: Wed, 23 Nov 2005 08:01:46 -0500
<firstname.lastname@example.org> wrote in message
> Recently there has been dozens of ssh cracking on my site. They were not
> real hackers because they simply tried to guess the passwords using all
> kind of imaginable usernames, admin, webmaster, oracle. . . you name it,
> but they were very patient, the log shows they worked on it for over an
> While no harm is done, I'm interested in knowing what kind of passwords
> they would guess. Is there a way to make ssh log the password entered?
For an example, take a look at the old Alec Moffett written "crack" program.
I still use it or variants of it occasionally against sites that use the old
"crypt" style passwords, and consistently get about 10% of the passwords.