On Fri, Jan 16, 2009 at 02:25:35PM +0100, Florian Mickler wrote: > On Thu, 15 Jan 2009 20:10:44 +0200 > "Dotan Cohen" <[email protected]> wrote: > > > I get a few thousands of these every day in the logs: > > Illegal users from: > > 70.85.222.106 (sales.gbdweb.com): 518 times > > anna/password: 1 time > > apache/password: 1 time > > arthur/password: 1 time > > attack/password: 1 time > > awharton/password: 1 time > > > > How can I start logging the passwords attempted as well as the > > usernames? Thanks. > > > That's not possible without hacking in the ssh-sourcecodes, I assume.
Or alternatively the pam module that is used. Openssh here checks passwords using PAM. > > It would be a security nightmare to have the passwords of users being > logged. even if it would only be on failed attempts. And even then it owuld give some interesting clues, as it would also log real passwords with typos. > people > often confuse which password they have to enter where, and thus valid > passwords would wander into the logs for malicous people to collect and > use at other sites. auth.log is only readable to sysadmins. -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
