logging wrong passwords in /var/log/auth.log
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
/var/log/auth.log logs (among other things) failed login attempts to my debian linux.
I was wandering if it is possible to ask it to log the password that was used in the failed attempt.
This is out of curiosity as to the nature of those failed attempts,
are they using dictionaries? combinations of words? length of passwords used?
and so on
I feel that knowing the passwords that are being tried might help me to better understand the level of risk posed by those attempts.
security logs password
 |Â
show 1 more comment
up vote
1
down vote
favorite
/var/log/auth.log logs (among other things) failed login attempts to my debian linux.
I was wandering if it is possible to ask it to log the password that was used in the failed attempt.
This is out of curiosity as to the nature of those failed attempts,
are they using dictionaries? combinations of words? length of passwords used?
and so on
I feel that knowing the passwords that are being tried might help me to better understand the level of risk posed by those attempts.
security logs password
2
I'm not sure if this is possible but I'm sure it is definitely not something that even should be possible as this leaks any passwords that are entered with as little mistake as a single typo. If you've ever made a typo while entering your password (and there's no single man on Earth that hasn't) then you'd never even want that to happen.
â Erathiel
Apr 30 '15 at 8:21
@epeleg: assuming Linux and other supported platforms, you could presumably write your own PAM module to achieve what you want. Clearly modules likepam_unix.so
andpam_cracklib.so
have access to the password.
â 0xC0000022L
Apr 30 '15 at 8:25
3
@0xC0000022L, as fas as I remember they have access to hash, not the password itself. epeleg, from security point of view this is very bad idea.
â Romeo Ninov
Apr 30 '15 at 8:43
1
@RomeoNinov: I guess your memory betrays you. How wouldpam_cracklib
be able to check for palindromes, passwords containing the username and similar conditions merely based on the hash?
â 0xC0000022L
Apr 30 '15 at 10:15
@0xC0000022L, probably :) But my humble opinion is not to store passwords in log file :)
â Romeo Ninov
Apr 30 '15 at 10:20
 |Â
show 1 more comment
up vote
1
down vote
favorite
up vote
1
down vote
favorite
/var/log/auth.log logs (among other things) failed login attempts to my debian linux.
I was wandering if it is possible to ask it to log the password that was used in the failed attempt.
This is out of curiosity as to the nature of those failed attempts,
are they using dictionaries? combinations of words? length of passwords used?
and so on
I feel that knowing the passwords that are being tried might help me to better understand the level of risk posed by those attempts.
security logs password
/var/log/auth.log logs (among other things) failed login attempts to my debian linux.
I was wandering if it is possible to ask it to log the password that was used in the failed attempt.
This is out of curiosity as to the nature of those failed attempts,
are they using dictionaries? combinations of words? length of passwords used?
and so on
I feel that knowing the passwords that are being tried might help me to better understand the level of risk posed by those attempts.
security logs password
security logs password
asked Apr 30 '15 at 8:16
epeleg
1064
1064
2
I'm not sure if this is possible but I'm sure it is definitely not something that even should be possible as this leaks any passwords that are entered with as little mistake as a single typo. If you've ever made a typo while entering your password (and there's no single man on Earth that hasn't) then you'd never even want that to happen.
â Erathiel
Apr 30 '15 at 8:21
@epeleg: assuming Linux and other supported platforms, you could presumably write your own PAM module to achieve what you want. Clearly modules likepam_unix.so
andpam_cracklib.so
have access to the password.
â 0xC0000022L
Apr 30 '15 at 8:25
3
@0xC0000022L, as fas as I remember they have access to hash, not the password itself. epeleg, from security point of view this is very bad idea.
â Romeo Ninov
Apr 30 '15 at 8:43
1
@RomeoNinov: I guess your memory betrays you. How wouldpam_cracklib
be able to check for palindromes, passwords containing the username and similar conditions merely based on the hash?
â 0xC0000022L
Apr 30 '15 at 10:15
@0xC0000022L, probably :) But my humble opinion is not to store passwords in log file :)
â Romeo Ninov
Apr 30 '15 at 10:20
 |Â
show 1 more comment
2
I'm not sure if this is possible but I'm sure it is definitely not something that even should be possible as this leaks any passwords that are entered with as little mistake as a single typo. If you've ever made a typo while entering your password (and there's no single man on Earth that hasn't) then you'd never even want that to happen.
â Erathiel
Apr 30 '15 at 8:21
@epeleg: assuming Linux and other supported platforms, you could presumably write your own PAM module to achieve what you want. Clearly modules likepam_unix.so
andpam_cracklib.so
have access to the password.
â 0xC0000022L
Apr 30 '15 at 8:25
3
@0xC0000022L, as fas as I remember they have access to hash, not the password itself. epeleg, from security point of view this is very bad idea.
â Romeo Ninov
Apr 30 '15 at 8:43
1
@RomeoNinov: I guess your memory betrays you. How wouldpam_cracklib
be able to check for palindromes, passwords containing the username and similar conditions merely based on the hash?
â 0xC0000022L
Apr 30 '15 at 10:15
@0xC0000022L, probably :) But my humble opinion is not to store passwords in log file :)
â Romeo Ninov
Apr 30 '15 at 10:20
2
2
I'm not sure if this is possible but I'm sure it is definitely not something that even should be possible as this leaks any passwords that are entered with as little mistake as a single typo. If you've ever made a typo while entering your password (and there's no single man on Earth that hasn't) then you'd never even want that to happen.
â Erathiel
Apr 30 '15 at 8:21
I'm not sure if this is possible but I'm sure it is definitely not something that even should be possible as this leaks any passwords that are entered with as little mistake as a single typo. If you've ever made a typo while entering your password (and there's no single man on Earth that hasn't) then you'd never even want that to happen.
â Erathiel
Apr 30 '15 at 8:21
@epeleg: assuming Linux and other supported platforms, you could presumably write your own PAM module to achieve what you want. Clearly modules like
pam_unix.so
and pam_cracklib.so
have access to the password.â 0xC0000022L
Apr 30 '15 at 8:25
@epeleg: assuming Linux and other supported platforms, you could presumably write your own PAM module to achieve what you want. Clearly modules like
pam_unix.so
and pam_cracklib.so
have access to the password.â 0xC0000022L
Apr 30 '15 at 8:25
3
3
@0xC0000022L, as fas as I remember they have access to hash, not the password itself. epeleg, from security point of view this is very bad idea.
â Romeo Ninov
Apr 30 '15 at 8:43
@0xC0000022L, as fas as I remember they have access to hash, not the password itself. epeleg, from security point of view this is very bad idea.
â Romeo Ninov
Apr 30 '15 at 8:43
1
1
@RomeoNinov: I guess your memory betrays you. How would
pam_cracklib
be able to check for palindromes, passwords containing the username and similar conditions merely based on the hash?â 0xC0000022L
Apr 30 '15 at 10:15
@RomeoNinov: I guess your memory betrays you. How would
pam_cracklib
be able to check for palindromes, passwords containing the username and similar conditions merely based on the hash?â 0xC0000022L
Apr 30 '15 at 10:15
@0xC0000022L, probably :) But my humble opinion is not to store passwords in log file :)
â Romeo Ninov
Apr 30 '15 at 10:20
@0xC0000022L, probably :) But my humble opinion is not to store passwords in log file :)
â Romeo Ninov
Apr 30 '15 at 10:20
 |Â
show 1 more comment
1 Answer
1
active
oldest
votes
up vote
0
down vote
You can do it the trick mentioned in this blog post,
You edit a line in one of the files of OpenSSH, then compile it and use it.
Short version, just run following script:
OPENSSH=/opt/openssh2
mkdir -p /opt/openssh2/dist/
cd $OPENSSH
wget http://zlib.net/zlib-1.2.11.tar.gz
tar xvfz zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=$OPENSSH/dist/ && make && make install
cd $OPENSSH
wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz
tar xvfz openssl-1.0.1e.tar.gz
cd openssl-1.0.1e
./config --prefix=$OPENSSH/dist/ && make && make install
cd $OPENSSH
wget https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p1.tar.gz
tar xvfz openssh-6.2p1.tar.gz
cd openssh-6.2p1
sed -e 's/struct passwd * pw = authctxt->pw;/logit("Honey: Username: %s Password: %s", authctxt->user, password);nstruct passwd * pw = authctxt->pw;/' -i auth-passwd.c
./configure --prefix=$OPENSSH/dist/ --with-zlib=$OPENSSH/dist --with-ssl-dir=$OPENSSH/dist/ && make && make install
For the long and interesting version, read the blog post.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
You can do it the trick mentioned in this blog post,
You edit a line in one of the files of OpenSSH, then compile it and use it.
Short version, just run following script:
OPENSSH=/opt/openssh2
mkdir -p /opt/openssh2/dist/
cd $OPENSSH
wget http://zlib.net/zlib-1.2.11.tar.gz
tar xvfz zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=$OPENSSH/dist/ && make && make install
cd $OPENSSH
wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz
tar xvfz openssl-1.0.1e.tar.gz
cd openssl-1.0.1e
./config --prefix=$OPENSSH/dist/ && make && make install
cd $OPENSSH
wget https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p1.tar.gz
tar xvfz openssh-6.2p1.tar.gz
cd openssh-6.2p1
sed -e 's/struct passwd * pw = authctxt->pw;/logit("Honey: Username: %s Password: %s", authctxt->user, password);nstruct passwd * pw = authctxt->pw;/' -i auth-passwd.c
./configure --prefix=$OPENSSH/dist/ --with-zlib=$OPENSSH/dist --with-ssl-dir=$OPENSSH/dist/ && make && make install
For the long and interesting version, read the blog post.
add a comment |Â
up vote
0
down vote
You can do it the trick mentioned in this blog post,
You edit a line in one of the files of OpenSSH, then compile it and use it.
Short version, just run following script:
OPENSSH=/opt/openssh2
mkdir -p /opt/openssh2/dist/
cd $OPENSSH
wget http://zlib.net/zlib-1.2.11.tar.gz
tar xvfz zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=$OPENSSH/dist/ && make && make install
cd $OPENSSH
wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz
tar xvfz openssl-1.0.1e.tar.gz
cd openssl-1.0.1e
./config --prefix=$OPENSSH/dist/ && make && make install
cd $OPENSSH
wget https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p1.tar.gz
tar xvfz openssh-6.2p1.tar.gz
cd openssh-6.2p1
sed -e 's/struct passwd * pw = authctxt->pw;/logit("Honey: Username: %s Password: %s", authctxt->user, password);nstruct passwd * pw = authctxt->pw;/' -i auth-passwd.c
./configure --prefix=$OPENSSH/dist/ --with-zlib=$OPENSSH/dist --with-ssl-dir=$OPENSSH/dist/ && make && make install
For the long and interesting version, read the blog post.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
You can do it the trick mentioned in this blog post,
You edit a line in one of the files of OpenSSH, then compile it and use it.
Short version, just run following script:
OPENSSH=/opt/openssh2
mkdir -p /opt/openssh2/dist/
cd $OPENSSH
wget http://zlib.net/zlib-1.2.11.tar.gz
tar xvfz zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=$OPENSSH/dist/ && make && make install
cd $OPENSSH
wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz
tar xvfz openssl-1.0.1e.tar.gz
cd openssl-1.0.1e
./config --prefix=$OPENSSH/dist/ && make && make install
cd $OPENSSH
wget https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p1.tar.gz
tar xvfz openssh-6.2p1.tar.gz
cd openssh-6.2p1
sed -e 's/struct passwd * pw = authctxt->pw;/logit("Honey: Username: %s Password: %s", authctxt->user, password);nstruct passwd * pw = authctxt->pw;/' -i auth-passwd.c
./configure --prefix=$OPENSSH/dist/ --with-zlib=$OPENSSH/dist --with-ssl-dir=$OPENSSH/dist/ && make && make install
For the long and interesting version, read the blog post.
You can do it the trick mentioned in this blog post,
You edit a line in one of the files of OpenSSH, then compile it and use it.
Short version, just run following script:
OPENSSH=/opt/openssh2
mkdir -p /opt/openssh2/dist/
cd $OPENSSH
wget http://zlib.net/zlib-1.2.11.tar.gz
tar xvfz zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=$OPENSSH/dist/ && make && make install
cd $OPENSSH
wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz
tar xvfz openssl-1.0.1e.tar.gz
cd openssl-1.0.1e
./config --prefix=$OPENSSH/dist/ && make && make install
cd $OPENSSH
wget https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p1.tar.gz
tar xvfz openssh-6.2p1.tar.gz
cd openssh-6.2p1
sed -e 's/struct passwd * pw = authctxt->pw;/logit("Honey: Username: %s Password: %s", authctxt->user, password);nstruct passwd * pw = authctxt->pw;/' -i auth-passwd.c
./configure --prefix=$OPENSSH/dist/ --with-zlib=$OPENSSH/dist --with-ssl-dir=$OPENSSH/dist/ && make && make install
For the long and interesting version, read the blog post.
answered Aug 28 at 20:29
FazeL
1012
1012
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f199572%2flogging-wrong-passwords-in-var-log-auth-log%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
2
I'm not sure if this is possible but I'm sure it is definitely not something that even should be possible as this leaks any passwords that are entered with as little mistake as a single typo. If you've ever made a typo while entering your password (and there's no single man on Earth that hasn't) then you'd never even want that to happen.
â Erathiel
Apr 30 '15 at 8:21
@epeleg: assuming Linux and other supported platforms, you could presumably write your own PAM module to achieve what you want. Clearly modules like
pam_unix.so
andpam_cracklib.so
have access to the password.â 0xC0000022L
Apr 30 '15 at 8:25
3
@0xC0000022L, as fas as I remember they have access to hash, not the password itself. epeleg, from security point of view this is very bad idea.
â Romeo Ninov
Apr 30 '15 at 8:43
1
@RomeoNinov: I guess your memory betrays you. How would
pam_cracklib
be able to check for palindromes, passwords containing the username and similar conditions merely based on the hash?â 0xC0000022L
Apr 30 '15 at 10:15
@0xC0000022L, probably :) But my humble opinion is not to store passwords in log file :)
â Romeo Ninov
Apr 30 '15 at 10:20