FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-18-2009, 11:58 AM
"Dotan Cohen"
 
Default Logging passwords of SSH attacks

2009/1/18 Florian Mickler <florian@mickler.org>:
>> > people
>> > often confuse which password they have to enter where, and thus
>> > valid passwords would wander into the logs for malicous people to
>> > collect and use at other sites.
>>
>> auth.log is only readable to sysadmins.
>>
> <sarcasm> oh what a wonderful world </sarcasm>
>
> The only way to prevent misuse of such information is to _not_ _log_
> _it_.
>

Naturally, I would not log invalid password attempts on a machine to
which valid users log into remotely. But if I am being attacked, then
I would like to log that info. Maybe they know my password and not my
username? Or an older password? It is entirely possible, as I change
the username each time I install but not always the password.

> If you really need to satisfy your curiosity hack the sources or look
> at 'john' or something like that.
>

Thanks, I will google "john".

--
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ا-ب-ت-ث-ج-*-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه*-و-ي
А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-*-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-*-Ю-Я
а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я
ä-ö-ü-ß-Ä-Ö-Ü
 

Thread Tools




All times are GMT. The time now is 04:37 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org