m sesser wrote:
> Is it possible to log failed incoming passwords from opensshd sessions?

It's possible if you modify sshd (or whatever it uses to verify the
password, eg PAM).

OpenSSH's stock sshd doesn't (and won't) provide the capability but by
necessity it has access to the unencrypted password so it could be
modified to do so by a nosy or malicious admin.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.