How to see what login-password they are trying to access via ssh in Linux?

R

Rad1us2016-10-19 04:43:27

linux

Rad1us, 2016-10-19 04:43:27

Where and how can I configure logging of ssh login attempts? Interested in exactly what login and password they are trying to log in with.
Only failed login attempts are logged to /var/log/secure.

Reply

Answer the question

In order to leave comments, you need to log in

6 answer(s)

S

SagePtr, 2016-10-19
@SagePtr

The easiest way is to hang some honeypot on the 22nd port, which will log all attempts, and hang the real SSH server on another port.

A

Andrey Mikhalev, 2016-10-19
@Endru9

Why watch who is trying to hack which account, if you can set up fail2ban and nullify all possible password brute force attacks!?

X

xmoonlight, 2016-10-19
@xmoonlight

It all depends on the allowed authentication method and whether the client will accept it when trying to downgrade (from public-key to password plain text).
If it's standard, then just forget it. the exchange takes place when checking the correctness of authentication exclusively with hash messages in the public key mode.

S

Saboteur, 2016-10-19
@saboteur_kiev

/var/log/secure
/var/log/auth.log
and last command for success

R

Roman Mirilaczvili, 2016-10-19
@2ord

If login attempts are performed by a bot, then a brute-force attack is used to guess the password.

C

ComodoHacker, 2016-10-19
@ComodoHacker

Write a PAM module that will log everything.
And so in the logs everything is there, except for unsuccessful passwords. And do you really need them?