Re: Extend logging of openssh-server - e.g. plaintext password

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Depends on the question, and the potential (likely) consequences of the answer being implemented.

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
  Original Message  
From: Alex Bligh
Sent: Sunday, December 18, 2016 16:14
To: Blumenthal, Uri - 0553 - MITLL
Cc: Alex Bligh; Nico Kadel-Garcia; Philipp Vlassakakis; openssh-unix-dev@xxxxxxxxxxx
Subject: Re: Extend logging of openssh-server - e.g. plaintext password


> On 18 Dec 2016, at 19:07, Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx> wrote:
> 
> Also, if password-based auth is not allowed, WTF would you want to log passwords?
> 
> This whole idea is ugly, and smacks of a teenage-level prank attempt.
> 
> I would strongly object against any such modification of the main source (though I'm sure the maintainers are sane enough to never let such a crap in).

Am I missing something? OP asked for a means of modifying *his own* openssh to
log passwords "only for his honeypots", and Stephen Harris replied telling him
how to do it, having done this as a demonstration that password authentication
is in general problematic (his blog article explains in essence that if
he can do this, anyone else can do this, and you might ssh to their server
by accident - let's ignore the unrecognised host key stuff).

No one has suggested adding this to the main source code. Clearly that
would be foolhardy.

Is it really necessary to jump down people's throats for a reasonably
phrased question, and an answer (with a reasonably well written blog
article) behind it?

--
Alex Bligh





Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux