iPhone Honeypot Project

July 22, 2010

SSH Patch – Record Failed Login Passwords

Filed under: bash,gcc,logging,SSH,syslog,unix — abnev @ 10:55 am
Tags: , , , , , ,
I wanted to find a way to record passwords for failed login attempts. I spoke to some openssh dev’s using their mailing list and it was suggested to modify auth-passwd.c. I inspected the code, made the changes, recompiled and tested it out with success. I constructed this patch below for the world. This was done on openssh 5.5p1. See below for a copy of the patch.
diff -crB ossh/openssh-5.5p1/auth-passwd.c openssh-5.5p1/auth-passwd.c
*** ossh/openssh-5.5p1/auth-passwd.c    2009-03-08 00:40:28.000000000 +0000
— openssh-5.5p1/auth-passwd.c 2010-07-21 02:10:26.000000000 +0100
*** 125,130 ****
— 125,134 —-
result = sys_auth_passwd(authctxt, password);
if (authctxt->force_pwchange)
+       if (result != 0) {
+               logit(“TEST: %.100s”, password);
+       }
return (result && ok);
I’ve been trying to cross-compile this for testing but it’s missing too many libs which is causing problems. I may have to leave this bit out of the project as time is becoming quite limited.

1 Comment »

  1. […] iphonehoneypot – Gave me my biggest hints as to the code I needed and where to insert it. […]

    Pingback by Jesse » Blog Archive » SSH Password Logging — December 4, 2011 @ 4:05 am | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: