On Feb 14, 11:05 pm, Keith Keller <kkeller-use...@wombat.san-
francisco.ca.us> wrote:
> On 2008-02-15, jarek.pad...@gmail.com <jarek.pad...@gmail.com> wrote:
>
> > When someone attempts to ssh into my machine, in /var/log/secureI can
> > see the username the attacker is trying to use...I would like to be
> > able to see the invalid passwords as well. Can anyone help me out
> > with that. Thanks
>
> This is actually a big security hole, as you will see all the
> unintentional typos your legitimate users make.
>
> What do you hope to accomplish seeing these passwords?
>
> --keith
>
> --
> kkeller-use...@wombat.san-francisco.ca.us
> (try just my userid to email me)
> AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
> see X- headers for PGP signature information

I'm the only user on this machine....and to be able to view /var/log/
secure one needs root privileges so I'm not too concerned about other
users seeing mistyped passwords in that log or anything like that.
What I would like to know is if the passwords being used for invalid
ssh attempts to my machine (by "hackers") are my actual passwords I
use with for online purposes (email, banking, etc). I don't care if
invalid users try to ssh into my machine, but if those invalid users
use MY VALID PASSWORDS then its a different story