Re: TTYSnooping error
On Sat, 29 Oct 2016 09:45:21 +0000
Pietro <firstname.lastname@example.org> wrote:
> I have tried to write directly to the author (email@example.com)
> as reported in the man page but the domain does not exist anymore.
It's an old tool. Such things are to be expected.
> I am lost in a glass of water - as we use to say in Italy - and I really
> do not know where to get some light from as Google is very good ..
> in giving partial answers or to increase the amount of confusion in
> somebody's mind :-)
> The ttysnooping tool which comes with Debian seems to be broken, I can
> successfully log in after having modified the inittabfile but I can't
> snoop anything as all I get from the ttysnooping client is a prompt for
> a password which is swiftly refused - I am assuming the root password is
> what the tool is asking for.
Personally I could never understand why bother implementing such a tool
in the first place, since tty snooping (among the other things) can be
done with relatively simple strace invocation.
Still, according to the package's README.Debian, 'ttysnoop ttyFOO'
requires a root password.
You should probably ensure that your gettys are running with
'-L /usr/sbin/ttysnoops' commandline option.
> I really do not understand as I am sure I am typing the correct
> password, what's happening ?
Install ltrace. Run as root (crucial!):
ltrace ttysnoop <needed_tty_here>
Post the result here. Feel free to edit out any references to a real
passwords, usernames or hashes of above.
> I have tried to download the sources and compile them for Slackware but
> I am still experiencing the same issue, I am a bit confused by the fact
> that I can't find any "main" repository for the project while there are
> plenty of tarball coming from different Linux distros.
According to , upstream site was http://ftp.cc.gatech.edu/, which is
now considered unavailable. According to the 'control' file, one should
be able to grab the source via svn, by using .
> Is there a "vanilla" version I can download and play with or, as
> alternative, would you be able to tell me the terribly naive mistake I
> am making ?
Not anymore. Upstream is unavailable.
> The first Google's result does not contain anything "down-loadable" and
> what I have been playing with gives me the issues I have just described:
That's the Debian package's page.
> Is this the "official" website for the project ?
SourceForge is a warez dump. Don't trust anything downloaded from