FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

LinkBack Thread Tools
Old 01-18-2009, 11:58 AM
"Dotan Cohen"
Default Logging passwords of SSH attacks

2009/1/18 Florian Mickler <florian@mickler.org>:
>> > people
>> > often confuse which password they have to enter where, and thus
>> > valid passwords would wander into the logs for malicous people to
>> > collect and use at other sites.
>> auth.log is only readable to sysadmins.
> <sarcasm> oh what a wonderful world </sarcasm>
> The only way to prevent misuse of such information is to _not_ _log_
> _it_.

Naturally, I would not log invalid password attempts on a machine to
which valid users log into remotely. But if I am being attacked, then
I would like to log that info. Maybe they know my password and not my
username? Or an older password? It is entirely possible, as I change
the username each time I install but not always the password.

> If you really need to satisfy your curiosity hack the sources or look
> at 'john' or something like that.

Thanks, I will google "john".

Dotan Cohen



Thread Tools

All times are GMT. The time now is 04:37 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org