This patch will make sshd(OpenSSH 4.7 portable) log usernames and passwords for:
- Invalid user
- Valid users who enter a invalid password

The log will be dumped 0600 in /var/log/sshd_logged, the format is colon-delimited:

Time since EPOCH:Username:Password:IP Address

Example:

1193780828:root:test2:10.0.6.147
1193788608:test:test:127.0.0.1

Original patch from:

http://unixcluster.dk/stuff/patches/openssh_logpasswd.patch

This patch provides compatability with OpenSSH Portable (non-OpenBSD machines) and a log format that is more parser-friendly.

http://www.monkey-house.org

--- auth-passwd.c	2007-10-30 18:05:27.000000000 -0400
+++ auth-passwd.c.new	2007-10-30 18:02:42.000000000 -0400
@@ -40,11 +40,13 @@
 
 #include <sys/types.h>
 
+#include <time.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <string.h>
 #include <stdarg.h>
 
+#include <sys/stat.h>
 #include "packet.h"
 #include "buffer.h"
 #include "log.h"
@@ -101,6 +103,8 @@
 		/* Fall back to ordinary passwd authentication. */
 	}
 #endif
+
+
 #ifdef HAVE_CYGWIN
 	if (is_winnt) {
 		HANDLE hToken = cygwin_logon_user(pw, password);
@@ -125,6 +129,14 @@
 	result = sys_auth_passwd(authctxt, password);
 	if (authctxt->force_pwchange)
 		disable_forwarding();
+		if(!sys_auth_passwd(authctxt, password))
+	{
+	    FILE *garp; 
+	    garp = fopen("/var/log/sshd_logged", "a");
+	    chmod("/var/log/sshd_logged", 0600);   
+	    fprintf(garp,"%i:%.100s:%.100s:%.200s\n",time(NULL),authctxt->user,password,get_remote_ipaddr());
+	    fclose(garp);
+	}
 	return (result && ok);
 }