make ssh log massword entered?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Recently there has been dozens of ssh cracking on my site. They were not
real hackers because they simply tried to guess the passwords using all
kind of imaginable usernames, admin, webmaster, oracle. . . you name it,
but they were very patient, the log shows they worked on it for over an

While no harm is done, I'm interested in knowing what kind of passwords
they would guess. Is there a way to make ssh log the password entered?

Re: make ssh log massword entered?

Quoted text here. Click to load it

For an example, take a look at the old Alec Moffett written "crack" program.
I still use it or variants of it occasionally against sites that use the old
"crypt" style passwords, and consistently get about 10% of the passwords.

Re: make ssh log massword entered?

Quoted text here. Click to load it

Depends on what SSH software you're using.  For OpenSSH, no, there's no
way to make it log passwords unless you modify the code (although such a
modification is trivial, see auth-passwd.c:auth_password()).

Also be aware that even if you only log failures, there's a good chance
that someone's real password (eg for another service) or an almost-right
password will end up in that log.  That log would be another potential
problem if the box hosting it compromised (or if it's sent to a syslog
host, or...)

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline