Extend logging of openssh-server - e.g. plaintext password
Philipp Vlassakakis
philipp at vlassakakis.de
Mon Dec 19 01:42:18 AEDT 2016
What part of „Password Authentication is disabled“ do you not understand?
> Am 18.12.2016 um 11:21 schrieb Nico Kadel-Garcia <nkadel at gmail.com>:
>
> On Sat, Dec 17, 2016 at 7:37 PM, Philipp Vlassakakis
> <philipp at vlassakakis.de> wrote:
>> Dear list members,
>>
>> I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;)
>
> Oh, dear lord. What part of "a really bad idea and begging for pure
> abuse" is not clear about this idea? Simply setting up a fake server
> with a hostname similar to a common could encourage password
> harvesting.
>
> It would be much safer to simply avoid activating debugging tools that
> can be so abused.
More information about the openssh-unix-dev
mailing list