[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TTYSnooping error


On Sat, 29 Oct 2016 09:45:21 +0000
Pietro <pulsarpietro@posteo.net> wrote:

> Hi,
> I have tried to write directly to the author  (carl@miskatonic.inbe.net)
> as reported in the man page but the domain does not exist anymore.

It's an old tool. Such things are to be expected.

> I am lost in a glass of water - as we use to say in Italy - and I really
> do not know where to get some light from as Google is very good ..
> in giving partial answers or to increase the amount of confusion in
> somebody's mind :-)
> The ttysnooping tool which comes with Debian seems to be broken, I can
> successfully log in after having modified the inittabfile but I can't
> snoop anything as all I get from the ttysnooping client is a prompt for
> a password which is swiftly refused - I am assuming the root password is
> what the tool is asking for.

Personally I could never understand why bother implementing such a tool
in the first place, since tty snooping (among the other things) can be
done with relatively simple strace invocation.

Still, according to the package's README.Debian, 'ttysnoop ttyFOO'
requires a root password.

You should probably ensure that your gettys are running with
'-L /usr/sbin/ttysnoops' commandline option.

> I really do not understand as I am sure I am typing the correct
> password, what's happening ?

Install ltrace. Run as root (crucial!):

ltrace ttysnoop <needed_tty_here>

Post the result here. Feel free to edit out any references to a real
passwords, usernames or hashes of above.

> I have tried to download the sources and compile them for Slackware but
> I am still experiencing the same issue, I am a bit confused by the fact
> that I can't find any "main" repository for the project while there are
> plenty of tarball coming from different Linux distros.

According to [1], upstream site was http://ftp.cc.gatech.edu/, which is
now considered unavailable. According to the 'control' file, one should
be able to grab the source via svn, by using [2].

> Is there a "vanilla" version I can download and play with or, as
> alternative, would you be able to tell me the terribly naive mistake I
> am making ?

Not anymore. Upstream is unavailable.

> The first Google's result does not contain anything "down-loadable" and
> what I have been playing with gives me the issues I have just described:
> https://packages.debian.org/sid/admin/ttysnoop

That's the Debian package's page.

> Is this the "official" website for the project ?
> https://sourceforge.net/projects/ttysnoop/

SourceForge is a warez dump. Don't trust anything downloaded from



[2] svn://anonscm.debian.org/collab-maint/deb-maint/ttysnoop/trunk/

Reply to: