Philipp Vlassakakis
2016-Dec-18 00:37 UTC
Extend logging of openssh-server - e.g. plaintext password
Dear list members, I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;) The logging is only used for collecting data on my honeypots. After digging through the source, I?ve found a file called ?auth.c" auth.c: #ifdef CUSTOM_FAILED_LOGIN if (authenticated == 0 && !authctxt->postponed && (strcmp(method, "password") == 0 || strncmp(method, "keyboard-interactive", 20) == 0 || strcmp(method, "challenge-response") == 0)) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); # ifdef WITH_AIXAUTHENTICATE if (authenticated) sys_auth_record_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh", &loginmsg); # endif #endif? Now I?ve just thought adding ?authctxt->password? should do the trick?unfortunately not. Is there any way to implement this? Thanks. Philipp
Stephen Harris
2016-Dec-18 00:48 UTC
Extend logging of openssh-server - e.g. plaintext password
On Sun, Dec 18, 2016 at 01:37:59AM +0100, Philipp Vlassakakis wrote:> I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;) > > The logging is only used for collecting data on my honeypots....> Is there any way to implement this?I explored this a few months back in a blog entry: https://www.sweharris.org/post/2016-09-18-ssh-password-exposure/ -- rgds Stephen
Philipp Vlassakakis
2016-Dec-18 08:27 UTC
Extend logging of openssh-server - e.g. plaintext password
Works like a charm. Thanks Stephen! :)> Am 18.12.2016 um 01:48 schrieb Stephen Harris <lists at spuddy.org>: > > On Sun, Dec 18, 2016 at 01:37:59AM +0100, Philipp Vlassakakis wrote: >> I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;) >> >> The logging is only used for collecting data on my honeypots. > ... >> Is there any way to implement this? > > I explored this a few months back in a blog entry: > https://www.sweharris.org/post/2016-09-18-ssh-password-exposure/ >
Nico Kadel-Garcia
2016-Dec-18 10:21 UTC
Extend logging of openssh-server - e.g. plaintext password
On Sat, Dec 17, 2016 at 7:37 PM, Philipp Vlassakakis <philipp at vlassakakis.de> wrote:> Dear list members, > > I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;)Oh, dear lord. What part of "a really bad idea and begging for pure abuse" is not clear about this idea? Simply setting up a fake server with a hostname similar to a common could encourage password harvesting. It would be much safer to simply avoid activating debugging tools that can be so abused.
Philipp Vlassakakis
2016-Dec-18 14:42 UTC
Extend logging of openssh-server - e.g. plaintext password
What part of ?Password Authentication is disabled? do you not understand?> Am 18.12.2016 um 11:21 schrieb Nico Kadel-Garcia <nkadel at gmail.com>: > > On Sat, Dec 17, 2016 at 7:37 PM, Philipp Vlassakakis > <philipp at vlassakakis.de> wrote: >> Dear list members, >> >> I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;) > > Oh, dear lord. What part of "a really bad idea and begging for pure > abuse" is not clear about this idea? Simply setting up a fake server > with a hostname similar to a common could encourage password > harvesting. > > It would be much safer to simply avoid activating debugging tools that > can be so abused.