OpenSSH Brute Password Capture Patch
The next thing I discovered, is that I really didn't like the logging format... The logs record Epoch time, username, password, and IP address... However, these are spread across 4 separate lines. So, a sample entry looks something like this:
Not very easy to parse. Since I was interested in using the data for other things, I also decided to modify the logging as well. The format is still all the same fields, but now in a colon-delimited format, with one attempt per line. It now looks something like this:
I've placed the patch on my Google code site for now. Its not very clean, but appears to work with the portable version of openssh for Linux. I tested it on version 4.7p1 on CentOS.
I'll attempt to clean it up and refine it later.