search for: deir

...ries to log in as root or other administrtive accounts. * The honeypoyt now has copies of the login names, and passphrases, stored in cleartext, without having to modify a single line of their OpenSSH source code or a single byte of their binary. * Voila: stashed passphrases and login names for the deired "www.example.com". The possibilities, individually, may not seem to be high. But there are so very many potential ways to abuse this it seems extremely wise to enable at all, much less as a built-in feature. -------------- next part -------------- A non-text attachment was scrubbed......

I concur with Nico ? logging plaintext passwords is an extremely bad idea. The tone of the poster also leaves much to be desired ? but I?ll hold my tongue for now. -- Regards, Uri Blumenthal On 12/18/16, 11:48, "openssh-unix-dev on behalf of Nico Kadel-Garcia" <openssh-unix-dev-bounces+uri=ll.mit.edu at mindrot.org on behalf of nkadel at gmail.com> wrote: On Sun, Dec 18,