[Bug 234793] Failed unknown for $USER in sshd logs even if I got authenticated
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Oct 18 17:53:08 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234793
lysfjord.daniel at smokepit.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |lysfjord.daniel at smokepit.ne
| |t
--- Comment #20 from lysfjord.daniel at smokepit.net ---
Just chiming in..
It has been like this for a good while:
SELECT COUNT(1) FROM logs WHERE program = 'sshd' AND msg like 'Failed unknown
for %';
+----------+
| COUNT(1) |
+----------+
| 17695 |
+----------+
First entry: 2019-01-07 17:33:52 (aka the same day as I upgraded to 12.0 on
that server).
Full sshd.conf:
PermitRootLogin no
StrictModes yes
MaxAuthTries 2
AllowGroups sshlogin
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication yes
UsePAM yes
UseDNS no
Subsystem sftp /usr/libexec/sftp-server
AuthenticationMethods publickey,keyboard-interactive
pam.d/sshd:
auth required /usr/local/lib/pam_google_authenticator.so
nullok
auth required /usr/local/lib/pam_ldap.so
account required pam_nologin.so
account required pam_login_access.so
account sufficient /usr/local/lib/pam_ldap.so no_warn
ignore_authinfo_unavail ignore_unknown_user
account required pam_unix.so
session required pam_permit.so
password sufficient /usr/local/lib/pam_ldap.so no_warn
ignore_authinfo_unavail ignore_unknown_user
password required pam_unix.so
I may have missed something glaringly obvious, but so far, I've just put the
line "Failed unknown for" on whitelists.. The config, both for sshd and pam, is
an almost word-for-word copy from the linux install the server used to have,
where this message did not occur.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list