Re: Logging passwords of SSH attacks

To: debian-user@lists.debian.org
Subject: Re: Logging passwords of SSH attacks
From: Thierry Chatelet <tchatelet@free.fr>
Date: Thu, 15 Jan 2009 19:38:09 +0100
Message-id: <[🔎] 200901151938.09408.tchatelet@free.fr>
In-reply-to: <[🔎] 880dece00901151010m6322cf14if12d15939ba276be@mail.gmail.com>
References: <[🔎] 880dece00901151010m6322cf14if12d15939ba276be@mail.gmail.com>

On Thursday 15 January 2009 19:10:44 Dotan Cohen wrote:
> I get a few thousands of these every day in the logs:
> Illegal users from:
>     70.85.222.106 (sales.gbdweb.com): 518 times
>        anna/password: 1 time
>        apache/password: 1 time
>        arthur/password: 1 time
>        attack/password: 1 time
>        awharton/password: 1 time
>
> How can I start logging the passwords attempted as well as the
> usernames? Thanks.

You can try fail2ban to first cick the attaquer out.

Reply to:

Follow-Ups:
- Re: Logging passwords of SSH attacks
  - From: "Dotan Cohen" <dotancohen@gmail.com>

References:
- Logging passwords of SSH attacks
  - From: "Dotan Cohen" <dotancohen@gmail.com>

Prev by Date: Re: Remove pls
Next by Date: Re: k3b & brasero don't work, nerolinux does- works ar 2X
Previous by thread: Logging passwords of SSH attacks
Next by thread: Re: Logging passwords of SSH attacks
Index(es):
- Date
- Thread