Re: Logging passwords of SSH attacks

To: debian-user@lists.debian.org <debian-user@lists.debian.org>
Subject: Re: Logging passwords of SSH attacks
From: Florian Mickler <florian@mickler.org>
Date: Sat, 17 Jan 2009 23:19:01 +0100
Message-id: <[🔎] 20090117231901.7e51c957@schatten>
In-reply-to: <[🔎] 20090117114438.GE1009@pear.tzafrir.org.il>
References: <[🔎] 880dece00901151010m6322cf14if12d15939ba276be@mail.gmail.com> <[🔎] 20090116142535.2bd8de50@schatten> <[🔎] 20090117114438.GE1009@pear.tzafrir.org.il>

On Sat, 17 Jan 2009 11:44:38 +0000
Tzafrir Cohen <tzafrir@cohens.org.il> wrote:

> > people
> > often confuse which password they have to enter where, and thus
> > valid passwords would wander into the logs for malicous people to
> > collect and use at other sites.
> 
> auth.log is only readable to sysadmins.
> 
<sarcasm> oh what a wonderful world </sarcasm>

The only way to prevent misuse of such information is to _not_ _log_
_it_. 

If you really need to satisfy your curiosity hack the sources or look
at 'john' or something like that.

Sincerely

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Logging passwords of SSH attacks
  - From: "Dotan Cohen" <dotancohen@gmail.com>

References:
- Logging passwords of SSH attacks
  - From: "Dotan Cohen" <dotancohen@gmail.com>
- Re: Logging passwords of SSH attacks
  - From: Florian Mickler <florian@mickler.org>
- Re: Logging passwords of SSH attacks
  - From: Tzafrir Cohen <tzafrir@cohens.org.il>

Prev by Date: Re: aptitude freezes after install
Next by Date: test ignore
Previous by thread: Re: Logging passwords of SSH attacks
Next by thread: Re: Logging passwords of SSH attacks
Index(es):
- Date
- Thread