Extend logging of openssh-server - e.g. plaintext password

Nico Kadel-Garcia nkadel at gmail.com
Sun Dec 18 21:21:46 AEDT 2016


On Sat, Dec 17, 2016 at 7:37 PM, Philipp Vlassakakis
<philipp at vlassakakis.de> wrote:
> Dear list members,
>
> I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;)

Oh, dear lord. What part of "a really bad idea and begging for pure
abuse" is not clear about this idea? Simply setting up a fake server
with a hostname similar to a common could encourage password
harvesting.

It would be much safer to simply avoid activating debugging tools that
can be so abused.


More information about the openssh-unix-dev mailing list