Security Incidents mailing list archives
Re: SSH probe attack afoot?
From: "Steve Bonds" <lf5w3i702 () sneakemail com>
Date: Mon, 7 Feb 2005 13:48:23 -0800
On Mon, 07 Feb 2005 15:42:32 -0300, Martin Sarsale wrote:
And: does ssh provides this kind of functionality? (I know it could be a security breach in case you type your root password in uppercase and it ends on your logs)
It's generally a Bad Idea to log passwords. This can open you up to accusations of the US Federal crime of trafficking in passwords, even if you're just using them internally. It also allows potentially malicious users to deflect blame by claiming someone else had their password. Check this thread on the OpenSSH mailing list (Oct 20 2004) for details on logging passwords: http://marc.theaimsgroup.com/?t=109838679600001 With that said, this post (Oct 22 2004 by Baqrtek Krajnik) provides a patch to auth-passwd.c to log each password used whether successful or not. http://marc.theaimsgroup.com/?l=secure-shell&m=109863906400531 -- Steve
Current thread:
- SSH probe attack afoot? Bernie Cosell (Feb 07)
- Re: SSH probe attack afoot? Martin Sarsale (Feb 07)
- Re: SSH probe attack afoot? Steve Bonds (Feb 07)
- Re: SSH probe attack afoot? Steven Harrison (Feb 07)
- Re: SSH probe attack afoot? xyberpix (Feb 07)
- Re: SSH probe attack afoot? Stephen Warren (Feb 08)
- Re: SSH probe attack afoot? j () 65535 com (Feb 08)
- Re: SSH probe attack afoot? Stephen Warren (Feb 08)
- Re: SSH probe attack afoot? Barrie Dempster (Feb 07)
- Re: SSH probe attack afoot? j lake (Feb 08)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 12)
- Re: SSH probe attack afoot? Stephen J. Smoogen (Feb 12)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 16)
- <Possible follow-ups>
- Re: SSH probe attack afoot? Joe Egloff (Feb 07)
(Thread continues...)
- Re: SSH probe attack afoot? Martin Sarsale (Feb 07)