On Fri, Jan 16, 2009 at 02:25:35PM +0100, Florian Mickler wrote: > On Thu, 15 Jan 2009 20:10:44 +0200 > "Dotan Cohen" <dotanco...@gmail.com> wrote: > > > I get a few thousands of these every day in the logs: > > Illegal users from: > > 70.85.222.106 (sales.gbdweb.com): 518 times > > anna/password: 1 time > > apache/password: 1 time > > arthur/password: 1 time > > attack/password: 1 time > > awharton/password: 1 time > > > > How can I start logging the passwords attempted as well as the > > usernames? Thanks. > > > That's not possible without hacking in the ssh-sourcecodes, I assume.
Or alternatively the pam module that is used. Openssh here checks passwords using PAM. > > It would be a security nightmare to have the passwords of users being > logged. even if it would only be on failed attempts. And even then it owuld give some interesting clues, as it would also log real passwords with typos. > people > often confuse which password they have to enter where, and thus valid > passwords would wander into the logs for malicous people to collect and > use at other sites. auth.log is only readable to sysadmins. -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il | | a Mutt's tzaf...@cohens.org.il | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
