If you've ever had your SSH server dictionary attacked and wondered what
usernames / passwords the attackers were trying...
I've posted detailed instructions on modifying openssh on Ubuntu 9.04 in
order to log username / password attempts made by bots. This information
can then be used to track down the tools / dictionaries being used against
you, and may even lead to discovery of IRC command & control channels used
by the botnet herders/masters (the topic of my next post).
Full username / password logs included for your enjoyment:
<a href="http://paulmakowski.wordpress.com/2009/09/28/hacking-sshd-for-a-pass_file/">http://paulmakowski.wordpress.com/2009/09/28/hacking-sshd-for-a-pass_file/</a>
Intended for novices interested in honeypots.