SSH Login Attempts

SlowCoder · 10-05-2007, 07:18 PM

I get bombarded with SSH root login attempts constantly. I'm working on my firewall to block multiple attempts. But I am curious, can passwords be captured into the log when a login fails?

mjmwired · 10-05-2007, 08:40 PM

I am just curious, do you have root logins permitted on this machine?

SlowCoder · 10-05-2007, 09:03 PM

No. I'm not concerned that they'll get in. I'm just curious what passwords they're attempting. They're probably using a dictionary attack.

osor · 10-06-2007, 11:12 AM

Wait… you don’t have root permissions? How do you expect to dictate what ssh is doing?

In any case, you might be able to get this information by enabling a high debugging loglevel.

SlowCoder · 10-06-2007, 07:19 PM

Quote:

Originally Posted by osor

Wait… you don’t have root permissions? How do you expect to dictate what ssh is doing?

In any case, you might be able to get this information by enabling a high debugging loglevel.

You asked if I have root logins permitted on my machine, which I assumed related to SSH. In other words, weren't you asking if root could log in through SSH?

If that was your question, then the answer is no. I disabled that in sshd.

I am admin/root of my machine, though.

osor · 10-06-2007, 10:43 PM

Quote:

Originally Posted by SlowCoder

If that was your question, then the answer is no. I disabled that in sshd.

Sorry, I misread the posts. In any case, try enabling debuglevel logging in sshd (IIRC, there are three levels of debug output). That might get your passwords logged.

It is not, however, recommended to run like that on a daily basis, since there is quite a bit of sensitive information exposed by the logs.

SlowCoder · 10-07-2007, 07:16 PM

Thanks. I'll take a look. Don't know what I'm doing with the debug level logs, but I'll give it a shot.