make ssh log massword entered? - SSH

This is a discussion on make ssh log massword entered? - SSH ; Recently there has been dozens of ssh cracking on my site. They were not real hackers because they simply tried to guess the passwords using all kind of imaginable usernames, admin, webmaster, oracle. . . you name it, but they ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: make ssh log massword entered?

  1. make ssh log massword entered?


    Recently there has been dozens of ssh cracking on my site. They were not
    real hackers because they simply tried to guess the passwords using all
    kind of imaginable usernames, admin, webmaster, oracle. . . you name it,
    but they were very patient, the log shows they worked on it for over an
    hour.

    While no harm is done, I'm interested in knowing what kind of passwords
    they would guess. Is there a way to make ssh log the password entered?
    Thanks.


  2. Re: make ssh log massword entered?


    wrote in message
    news:newscache$sjqeqi$9rl$1@news.rootshell.be...
    >
    > Recently there has been dozens of ssh cracking on my site. They were not
    > real hackers because they simply tried to guess the passwords using all
    > kind of imaginable usernames, admin, webmaster, oracle. . . you name it,
    > but they were very patient, the log shows they worked on it for over an
    > hour.
    >
    > While no harm is done, I'm interested in knowing what kind of passwords
    > they would guess. Is there a way to make ssh log the password entered?
    > Thanks.


    For an example, take a look at the old Alec Moffett written "crack" program.
    I still use it or variants of it occasionally against sites that use the old
    "crypt" style passwords, and consistently get about 10% of the passwords.



  3. Re: make ssh log massword entered?

    On 2005-11-23, ash@fakedomainxx.com wrote:
    > Recently there has been dozens of ssh cracking on my site. They were not
    > real hackers because they simply tried to guess the passwords using all
    > kind of imaginable usernames, admin, webmaster, oracle. . . you name it,
    > but they were very patient, the log shows they worked on it for over an
    > hour.
    >
    > While no harm is done, I'm interested in knowing what kind of passwords
    > they would guess. Is there a way to make ssh log the password entered?


    Depends on what SSH software you're using. For OpenSSH, no, there's no
    way to make it log passwords unless you modify the code (although such a
    modification is trivial, see auth-passwd.c:auth_password()).

    Also be aware that even if you only log failures, there's a good chance
    that someone's real password (eg for another service) or an almost-right
    password will end up in that log. That log would be another potential
    problem if the box hosting it compromised (or if it's sent to a syslog
    host, or...)

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

+ Reply to Thread