Re: [tlug] sshd writes password in clear text into /var/log/messages

[Alain Hoang <hoanga@example.com>]

Niels Kobschaetzki wrote:
> Hi!
>
> I just noticed that sshd writes the passwords of the users which are  
> logging in via ssh (auth-method is a password) in clear text into / 
> var/log/messages.
>   
   Ouch, that sounds you have debug mode turned on.

> Google, man page and friends didn't help. Does anyone has an idea how  
> I can switch it off?
> My logging-settings in the sshd_config are
>
> # Logging
> #obsoletes QuietMode and FascistLogging
> SyslogFacility AUTH
> LogLevel INFO
>   
Did you restart the SSHD server to make sure those settings are actually 
the ones that are being read?  What does ps awwux | grep sshd tell you 
about the options that sshd is starting with? 
   '-d' is debugging mode which is probably what you don't want.

   Here's what I would do (besides panic).
1. Double check the sshd_config and make sure that is the one you want
2. Find the currently running sshd process information via 'ps' or your 
other favorite system overlord tool and find out what options it is 
running with.  If you have '-ddd'  or  '-o LogLevel DEBUG' or something 
odd like that I'd stop that quickly.
3. Find if there are any OTHER sshd processes running on your system
4. Check /etc/init.d/sshd and all other startup scripts to make sure 
they're not doing anything weird to the sshd startup options
5. Run sshd from the command line and double check it's not doing the 
same thing as using the normal init scripts.
6. Double check you're not being hacked  into or something aggravating
7. Wait for more suggestions from TLUG :-)

Hope that helps,
Alain