[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Logging passwords of SSH attacks



Dotan Cohen wrote:
2009/1/16 Gavin Elliot Jones <gavin@grassfield.co.uk>:
On Thu, Jan 15, 2009 at 08:10:44PM +0200, Dotan Cohen wrote:
How can I start logging the passwords attempted as well as the
usernames? Thanks.
I don't think the standard SSH daemon can log passwords. After all it
would be a security risk if passwords started appearing in log files.

As I understand it, you would need to alter the source code of the SSH
daemon and rebuild it to get that functionality. People doing that
though usually only run the modified SSH on a 'honeypot' box that is
there purely to capture log in attempts for further analysis.


I see, Gavin, and I do agree that this is honeypot area. Thanks.

I would try either honeyd or tinyhoneypot for that. You don't need a full blown ssh dameon for this.

Sjoerd

--
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: