Penetration Testing mailing list archives
Re: Restoring ssh session
From: "Michael Rutledge" <michael4447 () gmail com>
Date: Wed, 31 May 2006 16:33:17 -0500
You could grab the source for sshd and recompile with a small modification to add in password logging. Granted, as john.fellers () gmail com says, you will expose any legitimate password logins by doing this, but if you only use public key logins yourself (and your users if you have any) those will not show up. Depending on the version of sshd you use, you can add a single line to do this (on OpenSSH_4.2p1): (in the source file auth-passwd.c): int auth_password(Authctxt *authctxt, const char *password) { logit("Password: %s",password); /* This line adds password logging */ struct passwd * pw = authctxt->pw; int result, ok = authctxt->valid; ... and so on The "logit" line will add "Password: thepasswordused" in your security log for each password attempt (check to see if "logit" is the correct function in your version of openssh). I have a setup like this and have syslog email me the log. Having your email contain your /var/log/secure is not the most secure option, but if it is a test box and you want to see the password trends, it is really convenient and works well. This method can be found other places on the web for different versions of sshd as well. -Michael On 26 May 2006 19:19:43 -0000, john.fellers () gmail com <john.fellers () gmail com> wrote:
I assume that you are not using these for legitimet login reasons, otherwise you could compromise the security of your own server by storing legitimet user/pass combinations in the same file. If this is the case and you aren't using these ports for anything production I would recommend installing a listener on those ssh ports. You could then log anything they type in. You could even write your own "fake" ssh server to present the user with a login prompt, ie. login: , so they aren't thrown off. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Restoring ssh session foringer () gmail com (May 23)
- <Possible follow-ups>
- Re: Restoring ssh session john . fellers (May 31)
- Re: Restoring ssh session Michael Rutledge (May 31)
- Re: [pen-test] Re: Restoring ssh session Aaron Peterson (May 31)
- RE: Restoring ssh session Andy Meyers (May 31)
- Re: Restoring ssh session Michael Rutledge (May 31)
- RE: Restoring ssh session David Ball (May 31)