> While in general I agree, in this case you could say that I am sitting > here as a honeypot. No legitimate users will try connecting via SSH on > port 22, and certainly not over the big bad internet. The only reason > that I have sshd running here is for another machine on the LAN to ssh > in on a different port.
That would seem to reduce the difficulties associates with logging random users' passwords. However, that makes me wonder what the point is -- are you just curious as to how random crackers start their dictionary attacks? Besides, if you're only SSHing on the lan, you might be better off from a security standpoint by just dropping foreign-IP packets to 22 and whatever SSH port you actually use. If there is no legitimate traffic, why even give attackers a login prompt? On Fri, Jan 16, 2009 at 8:45 AM, Dotan Cohen <dotanco...@gmail.com> wrote: > 2009/1/16 Florian Mickler <flor...@mickler.org>: > >>> How can I start logging the passwords attempted as well as the >>> usernames? Thanks. >>> >> That's not possible without hacking in the ssh-sourcecodes, I assume. >> >> It would be a security nightmare to have the passwords of users being >> logged. even if it would only be on failed attempts. people >> often confuse which password they have to enter where, and thus valid >> passwords would wander into the logs for malicous people to collect and >> use at other sites. >> > > While in general I agree, in this case you could say that I am sitting > here as a honeypot. No legitimate users will try connecting via SSH on > port 22, and certainly not over the big bad internet. The only reason > that I have sshd running here is for another machine on the LAN to ssh > in on a different port. > > -- > Dotan Cohen > > http://what-is-what.com > http://gibberish.co.il > > א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת > ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي > А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я > а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я > ä-ö-ü-ß-Ä-Ö-Ü > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
