On Fri, Oct 22, 2004 at 08:03:19AM -0400, Greg Wooledge wrote:
On Fri, Oct 22, 2004 at 02:57:24PM +0900, Derek Martin wrote:
David appears to be asking for the PASSWORD the user used on a failed
attempt. I'm not 100% positive, but I believe OpenSSH does not
provide a mechanism to get the password.
Logging failed passwords is a Very Bad Idea if you actually *use*
password authentication.
In general, I agree. It's also not really cool for the admins to be
able to see what passwords people are using. But on the other hand,
that does not mean there might not be legitimate reasons to want to
see the passwords that people are trying... In some rare and extreme
cases, I can even conceive of it being possible to know passwords that
people are successfully using... such as (perhaps) when tracking a
cracker illegally accessing your systems. As others have pointed out,
desirable or not, it's not that hard to get this by making small
modifications to the source code...
In any event, that was what the OP asked for, and that was the
question I addressed.
Suppose your password is 'Open*SSH-3.9' (without the quotes). But
that's pretty hard to type on some keyboards with hyperactive Shift
keys, so maybe you fail by accidentally typing 'OPen*SSH-3.9', and
that gets logged. Now, someone gets hold of your logs (by whatever
means). Do you think your password is "safe" any more?
No, but even if my password is not logged in some log, I would think
my password was not safe if I knew that someone had gotten a hold of
the logs... If the system is compromised, then all bets are off.
It's that simple. Under such circumstances, you'd better change your
password, regardless (and re-install the OS from known-clean media,
and apply all updates before re-connecting it to the network, and)...
--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D
pgpams41jeh4U.pgp
Description: PGP signature
