Date: Tue, 26 Apr 2005 13:54:16 +0200 From: Karol Kwiatkowski <freebsd@orchid.homeunix.org> To: Daniel Bye <freebsd-questions@slightlystrange.org> Cc: freebsd-questions@freebsd.org Subject: Re: illegal user root user failed login attempts Message-ID: <426E2BE8.5030603@orchid.homeunix.org> In-Reply-To: <20050426104206.GA53044@catflap.slightlystrange.org> References: <ec0b1e25b6de0216c5744ed8d40d560c@zen.co.uk> <20050426104206.GA53044@catflap.slightlystrange.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Bye wrote: > On Tue, Apr 26, 2005 at 09:22:34AM +0100, Peter Kropholler wrote: >>Is there any way to actually record what passwords >>the hackers' scripts are trying? I am just really intrigued >>to know what they are thinking might work. > > > No - ssh transport is encrypted even by the time passwords are involved. But in this scenario it is me (sshd) who does encryption/decryption :) As I understand it, there's no way to log password except hacking ssh daemon source code. This link might help: http://seclists.org/lists/incidents/2005/Feb/0004.html (I haven't tried it and patch is against OpenSSH 3.5p1 - be careful) Regards, Karol -- Karol Kwiatkowski <freebsd at orchid dot homeunix dot org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?426E2BE8.5030603>