Re: TTYSnooping error

To: debian-user@lists.debian.org
Subject: Re: TTYSnooping error
From: Reco <recoverym4n@gmail.com>
Date: Sat, 29 Oct 2016 13:50:42 +0300
Message-id: <[🔎] 20161029135042.23407f527539c68250791da6@gmail.com>
In-reply-to: <[🔎] 87h97vlc9a.fsf@posteo.net>
References: <[🔎] 87h97vlc9a.fsf@posteo.net>

	Hi.

On Sat, 29 Oct 2016 09:45:21 +0000
Pietro <pulsarpietro@posteo.net> wrote:

> Hi,
> 
> I have tried to write directly to the author  (carl@miskatonic.inbe.net)
> as reported in the man page but the domain does not exist anymore.

It's an old tool. Such things are to be expected.

> I am lost in a glass of water - as we use to say in Italy - and I really
> do not know where to get some light from as Google is very good ..
> in giving partial answers or to increase the amount of confusion in
> somebody's mind :-)
> 
> The ttysnooping tool which comes with Debian seems to be broken, I can
> successfully log in after having modified the inittabfile but I can't
> snoop anything as all I get from the ttysnooping client is a prompt for
> a password which is swiftly refused - I am assuming the root password is
> what the tool is asking for.

Personally I could never understand why bother implementing such a tool
in the first place, since tty snooping (among the other things) can be
done with relatively simple strace invocation.

Still, according to the package's README.Debian, 'ttysnoop ttyFOO'
requires a root password.

You should probably ensure that your gettys are running with
'-L /usr/sbin/ttysnoops' commandline option.

> I really do not understand as I am sure I am typing the correct
> password, what's happening ?

Install ltrace. Run as root (crucial!):

ltrace ttysnoop <needed_tty_here>

Post the result here. Feel free to edit out any references to a real
passwords, usernames or hashes of above.

> I have tried to download the sources and compile them for Slackware but
> I am still experiencing the same issue, I am a bit confused by the fact
> that I can't find any "main" repository for the project while there are
> plenty of tarball coming from different Linux distros.

According to [1], upstream site was http://ftp.cc.gatech.edu/, which is
now considered unavailable. According to the 'control' file, one should
be able to grab the source via svn, by using [2].

> Is there a "vanilla" version I can download and play with or, as
> alternative, would you be able to tell me the terribly naive mistake I
> am making ?

Not anymore. Upstream is unavailable.

> The first Google's result does not contain anything "down-loadable" and
> what I have been playing with gives me the issues I have just described:
> 
> https://packages.debian.org/sid/admin/ttysnoop

That's the Debian package's page.

> Is this the "official" website for the project ?
> 
> https://sourceforge.net/projects/ttysnoop/

SourceForge is a warez dump. Don't trust anything downloaded from
there.

Reco

[1]
http://http.debian.net/debian/pool/main/t/ttysnoop/ttysnoop_0.12d-6.debian.tar.gz

[2] svn://anonscm.debian.org/collab-maint/deb-maint/ttysnoop/trunk/

Reply to:

References:
- TTYSnooping error
  - From: Pietro <pulsarpietro@posteo.net>

Prev by Date: TTYSnooping error
Next by Date: ulogd2-pcap - tcpdump unknown file format
Previous by thread: TTYSnooping error
Next by thread: Re: TTYSnooping error
Index(es):
- Date
- Thread