LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-05-2007, 07:18 PM   #1
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Rep: Reputation: 38
SSH Login Attempts - Can passwords be captured?


I get bombarded with SSH root login attempts constantly. I'm working on my firewall to block multiple attempts. But I am curious, can passwords be captured into the log when a login fails?
 
Old 10-05-2007, 08:40 PM   #2
mjmwired
Member
 
Registered: Apr 2004
Distribution: CentOS6, CentOS5, F16, F15, Ubuntu, OpenSuse
Posts: 620

Rep: Reputation: 39
I am just curious, do you have root logins permitted on this machine?
 
Old 10-05-2007, 09:03 PM   #3
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Original Poster
Rep: Reputation: 38
No. I'm not concerned that they'll get in. I'm just curious what passwords they're attempting. They're probably using a dictionary attack.
 
Old 10-06-2007, 11:12 AM   #4
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 70
Wait… you don’t have root permissions? How do you expect to dictate what ssh is doing?

In any case, you might be able to get this information by enabling a high debugging loglevel.
 
Old 10-06-2007, 07:19 PM   #5
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Original Poster
Rep: Reputation: 38
Quote:
Originally Posted by osor View Post
Wait… you don’t have root permissions? How do you expect to dictate what ssh is doing?

In any case, you might be able to get this information by enabling a high debugging loglevel.
You asked if I have root logins permitted on my machine, which I assumed related to SSH. In other words, weren't you asking if root could log in through SSH?

If that was your question, then the answer is no. I disabled that in sshd.

I am admin/root of my machine, though.
 
Old 10-06-2007, 10:43 PM   #6
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 70
Quote:
Originally Posted by SlowCoder View Post
If that was your question, then the answer is no. I disabled that in sshd.
Sorry, I misread the posts. In any case, try enabling debuglevel logging in sshd (IIRC, there are three levels of debug output). That might get your passwords logged.

It is not, however, recommended to run like that on a daily basis, since there is quite a bit of sensitive information exposed by the logs.
 
Old 10-07-2007, 07:16 PM   #7
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Original Poster
Rep: Reputation: 38
Thanks. I'll take a look. Don't know what I'm doing with the debug level logs, but I'll give it a shot.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH login attempts Capt_Caveman Linux - Security 225 11-07-2009 09:55 AM
Question about failed ssh login attempts natv Linux - Security 3 02-11-2007 06:46 AM
Failed SSH login attempts Capt_Caveman Linux - Security 38 01-03-2006 03:22 PM
ssh login attempts from localhost?! sovietpower Linux - Security 2 05-29-2005 01:19 AM
SSH login attempts - how to get rid of the automated malware? alexberk Linux - Security 1 05-24-2005 04:57 AM


All times are GMT -5. The time now is 07:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration