George,
sebek does not decrypt,
ssh communication has an encrypt step, a transfer step and then a
decrypt step
otherwise the remote operating system would not understand commands
like cp, ps, mv ...that
you sent via ssh.
sebek snaps the data stream after decryption has occurred.
yannis
George wrote:
> How you will intercept the crypted traffic from ssh? Is sebek so
> powerful to decrypt ssh? There is a honeypot that act as a ssh server
> but also write somewhere decrypted? You will make a forensics analyse?
>
> Thanks in advice,
>
> George
>
>
> --- Tom Doherty <tomd_at_singlesecond.com> escreveu:
>
> > Hi Guys,
> > Is anyone aware of a patch that shows passwords
> > tried when a user is
> > trying to log into OpenSSH?
> > The reason I ask is I have had a honeypot online for
> > a week with various
> > accounts with what I would consider obvious
> > passwords, "password" for
> > example. After 7 bruteforce attempts access still
> > hasn't been gained.
> > I'd like to know the passwords attempted so I can
> > update the passwords
> > on the accounts, is there a patch available for
> > this?
> > Thanks
> > Tom
> >
>
>
Received on Jul 06 2006
Intro
