Re: Logging passwords of SSH attacks
2009/1/16 Florian Mickler <firstname.lastname@example.org>:
>> How can I start logging the passwords attempted as well as the
>> usernames? Thanks.
> That's not possible without hacking in the ssh-sourcecodes, I assume.
> It would be a security nightmare to have the passwords of users being
> logged. even if it would only be on failed attempts. people
> often confuse which password they have to enter where, and thus valid
> passwords would wander into the logs for malicous people to collect and
> use at other sites.
While in general I agree, in this case you could say that I am sitting
here as a honeypot. No legitimate users will try connecting via SSH on
port 22, and certainly not over the big bad internet. The only reason
that I have sshd running here is for another machine on the LAN to ssh
in on a different port.