Re: Logging passwords of SSH attacks
2009/1/16 Gavin Elliot Jones <gavin@grassfield.co.uk>:
> On Thu, Jan 15, 2009 at 08:10:44PM +0200, Dotan Cohen wrote:
>> How can I start logging the passwords attempted as well as the
>> usernames? Thanks.
>
> I don't think the standard SSH daemon can log passwords. After all it
> would be a security risk if passwords started appearing in log files.
>
> As I understand it, you would need to alter the source code of the SSH
> daemon and rebuild it to get that functionality. People doing that
> though usually only run the modified SSH on a 'honeypot' box that is
> there purely to capture log in attempts for further analysis.
>
I see, Gavin, and I do agree that this is honeypot area. Thanks.
--
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي
А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я
а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я
ä-ö-ü-ß-Ä-Ö-Ü
Reply to: