Re: make ssh log massword entered?
From: Darren Tucker (dtucker_at_gate.dodgy.net.au)
Date: 11/23/05
- Next message: feekoh: "ssh won't connect"
- Previous message: Darren Tucker: "Re: SSH unable to connect"
- In reply to: ash_at_fakedomainxx.com: "make ssh log massword entered?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Nov 2005 13:36:50 GMT
On 2005-11-23, ash@fakedomainxx.com <ash@fakedomainxx.com> wrote:
> Recently there has been dozens of ssh cracking on my site. They were not
> real hackers because they simply tried to guess the passwords using all
> kind of imaginable usernames, admin, webmaster, oracle. . . you name it,
> but they were very patient, the log shows they worked on it for over an
> hour.
>
> While no harm is done, I'm interested in knowing what kind of passwords
> they would guess. Is there a way to make ssh log the password entered?
Depends on what SSH software you're using. For OpenSSH, no, there's no
way to make it log passwords unless you modify the code (although such a
modification is trivial, see auth-passwd.c:auth_password()).
Also be aware that even if you only log failures, there's a good chance
that someone's real password (eg for another service) or an almost-right
password will end up in that log. That log would be another potential
problem if the box hosting it compromised (or if it's sent to a syslog
host, or...)
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Next message: feekoh: "ssh won't connect"
- Previous message: Darren Tucker: "Re: SSH unable to connect"
- In reply to: ash_at_fakedomainxx.com: "make ssh log massword entered?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
