SSH Rootkit is a software patch that enhances SSH 1.2 with "rootkit" capabilities such as the logging of incoming and outgoing passwords.
However, it's important to note that if configure fails on your system for some reason, you will need to re-run autoheader / autoconf in the SSH directory after patching. Additionally, if you encounter any issues regarding the signal 11 error when running SSH, please make sure to read the section about setting file modes for the username/password log file. Failure to do so can result in SSH Rootkit not working properly.
It's also worth noting that this version of SSH Rootkit includes patches from a number of contributors, including Zelea and spwn. The software now uses configure options to enable rootkit features and has a new logging facility that can save incoming and outgoing logins into a file. Outgoing logins are saved with a message indicating success or failure, which can be helpful in case a user types in the wrong password.
Other improvements include correcting a bug that prevented wtmp/utmp login when RSA authentication and .shosts were used, logging a message when logging in with the 'global' password, and encrypting the 'global' password. This ensures that the user's password is not stored in clear text in the sshd daemon. Instead, only the MD5 hash of the password is stored. However, it's important to note that the logfile is still stored in clear text, so it's essential to choose a safe location for it, preferably in /dev or /var/something.
To ensure that SSH Rootkit works correctly, it's crucial to set the file modes on the logfile to 666 (read/write by all). Failure to do so can result in SSH being unable to fopen() the log file, and it will die with sig11. Therefore, it's highly recommended to follow the instructions and set the file modes as instructed.
Version 6: N/A