Question about entry in auth.log

Steven Susbauer stupendoussteve at hotmail.com
Fri Nov 14 17:01:05 PST 2008 

Lisa Casey wrote:
> Hi,
> 
> I run several FreeBSD servers. Today I noticed  an entry in the auth.log
> on one of them that concerns me. The entry is this:
> 
> Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam for
> michael from 89.123.165.3 po
> rt 55185 ssh2
> 
> There is a user michael on the system, but whoever was doing this was
> not him.
> 
> I am assuming someone tried to break in using a valid username (michael)
> but with an incorrect password. So I just conducted an experiment to see
> if I could replicate that log entry using another valid username: mandy.
> I ssh'ed into the server, gave mandy as the username with an incorrect
> password. The auth.log entry for that attempt is this:
> 
> Nov 14 19:44:54 mail sshd[96194]: Failed password for mandy from
> 72.155.127.223 port 51919 ssh2
> 
> and when I used something called keyboard interactive as the primary
> authentication method in my ssh client, I get this:
> 
> sshd[96348]: error: PAM: authentication error for mandy from 72.155.127.223
> 
> Nothing about Accepted keyboard-interactive/pam.  What does Accepted
> keyboard-interactive/pam mean?
> 
> Also, in my ssh client, for authentication methods I have a choice of
> password, publickey or keyboard interactive. I've always used password,
> and never even noticed that keyboard interactive before. What is that?
> 
> Thanks,
> 
> Lisa Casey
> 
Keyboard-interactive includes when the server sends requests such as
"Password:" to which the connector responds by typing their password.
This is different from entering the password in your client before
connecting. Example:

$ ssh steve at thinkpad
steve at thinkpad's password:

Try doing similar with the correct password and I bet you will see the
"Accepted/keyboard-interactive", it may be possible that michael's
password is no longer secure.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081115/390ebee9/signature.pgp

More information about the freebsd-questions mailing list