Depends on the question, and the potential (likely) consequences of the answer being implemented. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Alex Bligh Sent: Sunday, December 18, 2016 16:14 To: Blumenthal, Uri - 0553 - MITLL Cc: Alex Bligh; Nico Kadel-Garcia; Philipp Vlassakakis; openssh-unix-dev@xxxxxxxxxxx Subject: Re: Extend logging of openssh-server - e.g. plaintext password > On 18 Dec 2016, at 19:07, Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx> wrote: > > Also, if password-based auth is not allowed, WTF would you want to log passwords? > > This whole idea is ugly, and smacks of a teenage-level prank attempt. > > I would strongly object against any such modification of the main source (though I'm sure the maintainers are sane enough to never let such a crap in). Am I missing something? OP asked for a means of modifying *his own* openssh to log passwords "only for his honeypots", and Stephen Harris replied telling him how to do it, having done this as a demonstration that password authentication is in general problematic (his blog article explains in essence that if he can do this, anyone else can do this, and you might ssh to their server by accident - let's ignore the unrecognised host key stuff). No one has suggested adding this to the main source code. Clearly that would be foolhardy. Is it really necessary to jump down people's throats for a reasonably phrased question, and an answer (with a reasonably well written blog article) behind it? -- Alex Bligh
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
