From: Michael Rutledge (michael4447@gmail.com)
Date: Wed May 31 2006 - 17:33:17 EDT
You could grab the source for sshd and recompile with a small
modification to add in password logging. Granted, as
john.fellers@gmail.com says, you will expose any legitimate password
logins by doing this, but if you only use public key logins yourself
(and your users if you have any) those will not show up. Depending on
the version of sshd you use, you can add a single line to do this (on
OpenSSH_4.2p1):
(in the source file auth-passwd.c):
int auth_password(Authctxt *authctxt, const char *password)
{
logit("Password: %s",password); /* This line adds password logging */
struct passwd * pw = authctxt->pw;
int result, ok = authctxt->valid;
... and so on
The "logit" line will add "Password: thepasswordused" in your security
log for each password attempt (check to see if "logit" is the correct
function in your version of openssh). I have a setup like this and
have syslog email me the log. Having your email contain your
/var/log/secure is not the most secure option, but if it is a test box
and you want to see the password trends, it is really convenient and
works well.
This method can be found other places on the web for different
versions of sshd as well.
-Michael
On 26 May 2006 19:19:43 -0000, john.fellers@gmail.com
<john.fellers@gmail.com> wrote:
> I assume that you are not using these for legitimet login reasons, otherwise you could compromise the security of your own server by storing legitimet user/pass combinations in the same file.
>
>
> If this is the case and you aren't using these ports for anything production I would recommend installing a listener on those ssh ports. You could then log anything they type in. You could even write your own "fake" ssh server to present the user with a login prompt, ie. login: , so they aren't thrown off.
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:01 EDT