Record Failed Passwords
Christian Pfaffel-Janser
christian.pfaffel-janser at siemens.com
Wed Jul 21 17:46:02 EST 2010
Alan Neville wrote:
> Hi OpenSSH'ers,
>
> I am emailing you to ask is it possible to record failed passwords
> attempts and log them to syslog? Are there patches available for this?
> Has anyone managed to do this before? Are there alternitive methods?
>
> Many Thanks,
>
> A
>
Hi Alan,
use a pam module and put it in common-auth
auth sufficient pam_unix.so nullok_secure
auth required pam_log_pw.so
auth requisite pam_deny.so
Use something like (untestet)
---- begin pam_log_pw.c -----------
#define PAM_SM_AUTHENTICATE
#include <security/pam_modules.h>
extern int pam_sm_authenticate(pam_handle_t *pamh,
int flags, int argc, const char ** argv) {
const char *user, *pass, *rhost, *ruser;
pam_get_item(pamh, PAM_USER, (const void **) &user);
pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
pam_get_item(pamh, PAM_RHOST, (const void **) &rhost);
pam_get_item(pamh, PAM_RUSER, (const void **) &ruser);
/* do your logging stuff here*/
return PAM_AUTH_ERR;
}
----- end ----
compile using something like:
gcc -O2 -fPIC -Wall -pedantic -shared -lpam -o pam_log_pw.so \
pam_log_pw.c
Best regards,
Christian
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Firma: Siemens Aktiengesellschaft Österreich
Rechtsform: Aktiengesellschaft
Firmensitz: Wien, Firmenbuchnummer: FN 60562 m
Firmenbuchgericht: Handelsgericht Wien, DVR: 0001708
More information about the openssh-unix-dev
mailing list