Extend logging of openssh-server - e.g. plaintext password

Alex Bligh alex at alex.org.uk
Mon Dec 19 08:13:55 AEDT 2016

> On 18 Dec 2016, at 19:07, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu> wrote:
> Also, if password-based auth is not allowed, WTF would you want to log passwords?
> This whole idea is ugly, and smacks of a teenage-level prank attempt.
> I would strongly object against any such modification of the main source (though I'm sure the maintainers are sane enough to never let such a crap in).

Am I missing something? OP asked for a means of modifying *his own* openssh to
log passwords "only for his honeypots", and Stephen Harris replied telling him
how to do it, having done this as a demonstration that password authentication
is in general problematic (his blog article explains in essence that if
he can do this, anyone else can do this, and you might ssh to their server
by accident - let's ignore the unrecognised host key stuff).

No one has suggested adding this to the main source code. Clearly that
would be foolhardy.

Is it really necessary to jump down people's throats for a reasonably
phrased question, and an answer (with a reasonably well written blog
article) behind it?

Alex Bligh

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20161218/1870ac46/attachment.bin>

More information about the openssh-unix-dev mailing list