|
|
Have a look at your SSH logs and you will see a lot of login attempts from users and addresses that you are not familiar with. This intrigued me and I went looking for the culprit, but at the time could not find which worm was causing this. I wanted to know more and therefore created a new SSH daemon that would log the passwords in the log file. The box I installed it on has only one user, me, and I log in using a private key. But if you do this on your own box, make sure that no other users are using it, since it is a major disruption of their privacy.
You need to alter the auth-passwd.c and change the following line:
int auth_password(Authctxt *authctxt, const char *password) {
logit('Password: %s',password); /* This line adds password logging */
struct passwd * pw = authctxt->pw;
int result, ok = authctxt->valid;
Run configure with a different install path, like:
./configure -prefix=/usr/local/ssh
After the configure script has finished, run make and switch to the root user to run make install.
Change the way the SSH daemon is started, by pointing to the new daemon. On Red Hat based systems you need to edit the /etc/rc.d/init.d/sshd file. Change the following line:
SSHD=/usr/sbin/sshd
To
SSHD= /usr/local/ssh/sbin/sshd
Copy the host keys from your original sshd daemon to the new sshd daemon. Normally the host keys are located in /etc/sshd:
cp /etc/sshd/host_* /usr/local/sshd/etc
and change the sshd_config to your needs.
Finally restart the service with the following command:
service sshd restart
Now have a look at the logs and see the username and password combinations in the log file.
|
| Hits: | 522
| | Added: | 2006-05-03 15:30:23
| | Updated: | 2008-11-13 13:50:28
| |
|
|
