

OpenSSH 6.6 released - mortenlarsen
http://www.openssh.com/txt/release-6.6

======
ef47d35620c1
Here's a one line patch to make OpenSSH log passwords:

[http://16s.us/docs/sshlog/sshlog.patch](http://16s.us/docs/sshlog/sshlog.patch)

I log passwords (just as a hobby) to see what type of passwords the brute-
force bots are currently using.

Here's the top 10:

    
    
        PASS COUNT
        123456 3785
        password 2531
        1234 2053
        admin 2005
        12345 1390
        root 1281
        123 1246
        1qaz2wsx 1207
        root123 1150
        passw0rd 1120
    

Here's the top 10 complex:

    
    
        PASS COUNT
        P@ssw0rd 1027
        1qaz@WSX 466
        !QAZ2wsx 357
        Admin@123 310
        P@$$w0rd 299
        P@ssw0rd1 177
        Admin123!@# 172
        P@ssw0rd123 166
        1qaz@WSX3edc 153
        1qazXSW@ 150
    

Don't use _any_ of those passwords on your systems.

Edit: Formatting.

~~~
brunoqc
Does that mean that you also log your user's password?

~~~
ef47d35620c1
These are not production systems, but yes, that patch logs all passwords. I
only use keys.

------
tenfingers
From the changelog:

* ssh(1): if hostname canonicalisation is enabled and results in the destination hostname being changed, then re-parse ssh_config(5) files using the new destination hostname. This gives 'Host' and 'Match' directives that use the expanded hostname a chance to be applied.

Finally makes canonicalisation /useful/, since before that you would still
need to have specialized Host/Match rules (this would make canonicalisation
only helpful for ControlPath basically).

------
Spittie
LWN has a good article on what's new, for those that prefer a more verbose
change log: [http://lwn.net/Articles/590870/](http://lwn.net/Articles/590870/)

