What part of „Password Authentication is disabled“ do you not understand? > Am 18.12.2016 um 11:21 schrieb Nico Kadel-Garcia <nkadel@xxxxxxxxx>: > > On Sat, Dec 17, 2016 at 7:37 PM, Philipp Vlassakakis > <philipp@xxxxxxxxxxxxxx> wrote: >> Dear list members, >> >> I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;) > > Oh, dear lord. What part of "a really bad idea and begging for pure > abuse" is not clear about this idea? Simply setting up a fake server > with a hostname similar to a common could encourage password > harvesting. > > It would be much safer to simply avoid activating debugging tools that > can be so abused. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
