Hi Tom,
I did something similar in the past and to print out
the passwords I just grabbed the last openssh package
and modified the auth-passwd.c file (around line 80)
and added the following code(just after the beginning
of the auth_password function):
if(strlen(password) > 1))
error("user: %s, pass: %s", authctxt->user, password);
Some of the information I found about the passwords
are available here:
http://www.ossec.net/ossec-list/2006-March/msg00004.html
hope it helps,
--
Daniel B. Cid
dcid ( at ) ossec.net
--- Tom Doherty <tomd_at_singlesecond.com> escreveu:
> Hi Guys,
> Is anyone aware of a patch that shows passwords
> tried when a user is
> trying to log into OpenSSH?
> The reason I ask is I have had a honeypot online for
> a week with various
> accounts with what I would consider obvious
> passwords, "password" for
> example. After 7 bruteforce attempts access still
> hasn't been gained.
> I'd like to know the passwords attempted so I can
> update the passwords
> on the accounts, is there a patch available for
> this?
> Thanks
> Tom
>
_______________________________________________________
Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e anti-spam realmente eficaz.
http://mail.yahoo.com.br/
Received on Jul 05 2006
Intro
