Date: Tue, 16 Nov 1999 17:45:08 -0800 (PST) From: mike@sentex.net To: freebsd-gnats-submit@freebsd.org Subject: ports/14933: Simple patch to log password attempts on ssh connections Message-ID: <19991117014508.718E814FB4@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 14933
>Category: ports
>Synopsis: Simple patch to log password attempts on ssh connections
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 16 17:50:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator: Mike Tancsa
>Release: FreeBSD
>Organization:
Sentex Communications
>Environment:
FreeBSD 3.3-STABLE #0: Mon Nov 8 09:15:21 EST 1999
>Description:
The following patch will log to syslog password attempts when connecting via SSH. Currently, an attacker can guess all they want, with out any real auditing.
>How-To-Repeat:
slogin example.com
>Fix:
*** sshd.c.orig2 Tue Nov 16 13:59:12 1999
--- work/ssh-1.2.27/sshd.c Tue Nov 16 13:59:48 1999
***************
*** 2673,2678 ****
--- 2673,2679 ----
break;
}
debug("Password authentication for %.100s failed.", user);
+ log_msg("Password LOGIN FAILURE for user: %.100s from: %.100s", user,get_canonical_hostname());
memset(password, 0, strlen(password));
xfree(password);
break;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991117014508.718E814FB4>