If I am not wrong in this issue I would rather suggest that one can check the login attempts by users in their system log files. As the syslog system logs all the user.info and user.error messages in /var/log/messages or syslog file.
Regards, Om Prakash Singh Please report the problems smartly and accurately by providing all the relevant details. It will help me answer you quickly. -----Original Message----- From: Dotan Cohen [mailto:[email protected]] Sent: Friday, January 16, 2009 7:15 PM To: Florian Mickler Cc: debian-user @ lists. debian. org Subject: Re: Logging passwords of SSH attacks 2009/1/16 Florian Mickler <[email protected]>: >> How can I start logging the passwords attempted as well as the >> usernames? Thanks. >> > That's not possible without hacking in the ssh-sourcecodes, I assume. > > It would be a security nightmare to have the passwords of users being > logged. even if it would only be on failed attempts. people often > confuse which password they have to enter where, and thus valid > passwords would wander into the logs for malicous people to collect > and use at other sites. > While in general I agree, in this case you could say that I am sitting here as a honeypot. No legitimate users will try connecting via SSH on port 22, and certainly not over the big bad internet. The only reason that I have sshd running here is for another machine on the LAN to ssh in on a different port. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я ä-ö-ü-ß-Ä-Ö-Ü DISCLAIMER: This communication is confidential and privileged and is directed to and for the use of the addressee only. The recipient if not the addressee should not use this message if erroneously received, and access and use of this e-mail in any manner by anyone other than the addressee is unauthorized. The recipient acknowledges that Kotak Mahindra Bank may be unable to exercise control or ensure or guarantee the integrity of the text of the email message and the text is not warranted as to completeness and accuracy. Before opening and accessing the attachment, if any, please check and scan for virus. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
