Extend logging of openssh-server - e.g. plaintext password
Philipp Vlassakakis
philipp at vlassakakis.de
Sun Dec 18 11:37:59 AEDT 2016
Dear list members,
I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;)
The logging is only used for collecting data on my honeypots.
After digging through the source, I´ve found a file called „auth.c"
auth.c:
#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && !authctxt->postponed &&
(strcmp(method, "password") == 0 ||
strncmp(method, "keyboard-interactive", 20) == 0 ||
strcmp(method, "challenge-response") == 0))
record_failed_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh");
# ifdef WITH_AIXAUTHENTICATE
if (authenticated)
sys_auth_record_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
# endif
#endif“
Now I´ve just thought adding „authctxt->password“ should do the trick…unfortunately not.
Is there any way to implement this?
Thanks.
Philipp
More information about the openssh-unix-dev
mailing list