On Wed, Apr 23 2008 at 01:00, Jon Radel wrote: > Sam Fourman Jr. wrote: > >> Is there a way to login the passwords that were used in the bruteforce > >> attack? > > > > I am siting trying to come up with a good reason why you would give a > > damn what passwords they tried? > > > > I mean for the most part they are scripts trying to BRUTE your ssh port > > anyhow. > > Not only that, if you read any history of Unix's early days you should > come across some instructive stories as to why logging the passwords of > failed attempts is now generally considered a really bad idea. > Basically has something to do with that between all the garbage from > brute force attempts you'll find entries of legitimate attempts with > small typos in the password. Suddenly your log file has become really > dangerous. > If it's for honeypot and educationnal reasons, it's best to not use the same daemon as the production one.
Searching a little I found this program : http://kojoney.sourceforge.net/ You can use it as your base to do what you wanted.