RE: Logging passwords of SSH attacks

To: "Dotan Cohen" <dotancohen@gmail.com>, "Florian Mickler" <florian@mickler.org>
Cc: "debian-user @ lists. debian. org" <debian-user@lists.debian.org>
Subject: RE: Logging passwords of SSH attacks
From: "Om Prakash Singh //Kotak /Bank" <omprakash.singh@kotak.com>
Date: Fri, 16 Jan 2009 19:20:38 +0530
Message-id: <[🔎] 84E3CBE9E8E072478C6E6C5D9E224C2303101728@AND-EXC-002.bank.kotak.com>

 If I am not wrong in this issue  I would rather suggest that one can
check the login attempts by users in their system log files. As the
syslog system logs all the user.info and user.error messages in
/var/log/messages or syslog file.





Regards,
Om Prakash Singh 

Please report the problems smartly and accurately by providing all the
relevant details. It will help me  answer you quickly.



-----Original Message-----
From: Dotan Cohen [mailto:dotancohen@gmail.com] 
Sent: Friday, January 16, 2009 7:15 PM
To: Florian Mickler
Cc: debian-user @ lists. debian. org
Subject: Re: Logging passwords of SSH attacks

2009/1/16 Florian Mickler <florian@mickler.org>:

>> How can I start logging the passwords attempted as well as the 
>> usernames? Thanks.
>>
> That's not possible without hacking in the ssh-sourcecodes, I assume.
>
> It would be a security nightmare to have the passwords of users being 
> logged. even if it would only be on failed attempts. people often 
> confuse which password they have to enter where, and thus valid 
> passwords would wander into the logs for malicous people to collect 
> and use at other sites.
>

While in general I agree, in this case you could say that I am sitting
here as a honeypot. No legitimate users will try connecting via SSH on
port 22, and certainly not over the big bad internet. The only reason
that I have sshd running here is for another machine on the LAN to ssh
in on a different port.

--
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه‍-و-ي
А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я
а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я
ä-ö-ü-ß-Ä-Ö-Ü


DISCLAIMER:
This communication is confidential and privileged and is directed to and for the use of the addressee only. The recipient if not the addressee should not use this message if erroneously received, and access and use of this e-mail in any manner by anyone other than the addressee is unauthorized. The recipient acknowledges that Kotak Mahindra Bank may be unable to exercise control or ensure or guarantee the integrity of the text of the email message and the text is not warranted as to completeness and accuracy. Before opening and accessing the attachment, if any, please check and scan for virus.

Reply to:

Prev by Date: Re: k3b & brasero don't work, nerolinux does- works ar 2X
Next by Date: Re: Labeling backup DVD+RW's
Previous by thread: Re: Logging passwords of SSH attacks
Next by thread: unable to install flashplugin
Index(es):
- Date
- Thread