Extend logging of openssh-server - e.g. plaintext password

Philipp Vlassakakis philipp at vlassakakis.de
Mon Dec 19 01:42:18 AEDT 2016


What part of „Password Authentication is disabled“ do you not understand?


> Am 18.12.2016 um 11:21 schrieb Nico Kadel-Garcia <nkadel at gmail.com>:
> 
> On Sat, Dec 17, 2016 at 7:37 PM, Philipp Vlassakakis
> <philipp at vlassakakis.de> wrote:
>> Dear list members,
>> 
>> I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;)
> 
> Oh, dear lord. What part of "a really bad idea and begging for pure
> abuse" is not clear about this idea? Simply setting up a fake server
> with a hostname similar to a common could encourage password
> harvesting.
> 
> It would be much safer to simply avoid activating debugging tools that
> can be so abused.



More information about the openssh-unix-dev mailing list