Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2508
Views
5
Helpful
3
Replies

SSH Failed Login logging Username/Password

hobbe
Level 7
Level 7

‎12-27-2011 02:57 AM - edited ‎03-04-2019 02:45 PM

Hi

I would like to know if anyone knows if there is a way to log the username and password for a failed ssh login for a Cisco router running IOS 15.x ?

What I would like to do is to gather the information (username/pass/ip/time/and so on) on all the failed logins that occur so that I can setup statistics and get more information out on what the aggressors are doing. Sort of keeping track that they are not getting to close for comfort.

I do not want to block their attempts but I do want to keep track and be able to make statistics on the realworld data.

Today I can get all the information I want but for the password.

Is there any way to get the password also ?

It would be ok to log my own passwords also if that is what is needed to get this to work.

this would not be a security risk in itself due to config reasons.

Regards

Hobbe

Labels:
0 Helpful
3 Replies 3

cadet alain
VIP Alumni
VIP Alumni

‎12-27-2011 03:03 AM

Hi,

maybe this would fullfill your needs.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_login.html

Regards.

Alain

Don't forget to rate helpful posts.

hobbe
Level 7
Level 7
In response to cadet alain

‎12-27-2011 03:21 AM

Hi Alain

Sorry it does not give me the password information (although the link has some other nice features)

I have setup logging on the ssh session and that gives me everything I need but the password the agressors try.

but thanks for trying to help

0 Helpful

hobbe
Level 7
Level 7
In response to hobbe

‎12-28-2011 03:25 PM

Due to no answer I take it that it is not possible to do such a thing on the routers ?

I know it is possible on the linux boxes with some tweaks.

I would love to have this feature since that would give me the oportunity to know if we are way off on our policies and also to see what is going on.

I do understand the concerns that one can look at passwords traveling over the net via syslog and so on so if one could configure it to just display failed attempts that would be a nice thing to add also.

Anyone else thinks this is a good idea ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card