[SOLVED] need to find out by sniffing the value of password being sent over terminal
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
need to find out by sniffing the value of password being sent over terminal
i have a dilemma. I have live rhel system running which I can login through after enabling serial console redirection.
basically root + password.
however i am automating the login process using pythin pexpect interactive module which can emulate the login process. it essentially works except the login is always denied. I double checked everything in the code and can find any fault, it always sends the username when prompted and sends correct password when prompted.
that means i need to do some debugging. is there any way i can sniff the value of password being received from the linux side? as always the login is over the ssh protocol?
as i said the serial console redirection is done through ssh connection that redirects the whole display terminal not just linux and the automation module uses this out-of-band terminal to interact with the linux.
so I can not use this terminal to do debugging. if i manage to login through host os IP and do some sniffing, what options available? Thanks.,
Creds sniffing is frowned upon (for good reason) and a questionable tactic if you have not exhausted your other options. On top of that root logins are (rightfully so) subject to restrictions and its not clear from your case (not having seen you check system configs, securetty, PAM, system logs etc, etc) if that's what's blocking what you try to do. I strongly suggest you first test your process with an unprivileged user account to be able to validate the login process, run your code in debug mode and post code snippets / output to support your case.
i figured out thanks.
i was sending password and ENTER char in a separate line. That obviously introduced some char in between. I had to send password+enter char in one line.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.