SSH "failed none" syslog entries causing Linux failed login counter to advance.

From: Chris (cwhipple_at_hertz.com)
Date: 08/08/03

• Next message: Jessie Zhen: "how to configure ssh after installation on irix 6.5.9 on sgi"
• Previous message: Alex Walker: "17th Systems Administration Conference (LISA 2003)"
• Next in thread: Richard E. Silverman: "Re: SSH "failed none" syslog entries causing Linux failed login counter to advance."
• Reply: Richard E. Silverman: "Re: SSH "failed none" syslog entries causing Linux failed login counter to advance."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 8 Aug 2003 14:57:41 -0700

I am trying to troubleshoot why on my Linux systems, the faillog
counter advances by 1 before the user even enters a password.

When looking at the syslog entries (in debug mode) it shows a failed
login attempt while the user is still at the password prompt. I assume
that it is from SSH attempting either a host-based or null password
before requesting a password and the failure is being logged (and
triggers the pam_tally counter).

I have turned off rhost and even public key authentication in both the
client and server configuration files. I've even modified the clients
preferred authentication order to remove the host-based and publickey
methods.

Here are the "sanitized" log entries:

  debug1: PAM Password authentication for "USERNAME" failed[7]:
          Authentication failure
  debug3: mm_answer_authpassword: sending result 0
  debug3: mm_request_send entering: type 11
  Failed none for USERNAME from xxx.xxx.xxx.xxx port 33370 ssh2

What is SSH attempting before the password is entered, and how do I
turn it off?

Thank you
-Chris

• Next message: Jessie Zhen: "how to configure ssh after installation on irix 6.5.9 on sgi"
• Previous message: Alex Walker: "17th Systems Administration Conference (LISA 2003)"
• Next in thread: Richard E. Silverman: "Re: SSH "failed none" syslog entries causing Linux failed login counter to advance."
• Reply: Richard E. Silverman: "Re: SSH "failed none" syslog entries causing Linux failed login counter to advance."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: OpenSSH: force password authentication ... > server to run an automated backup job. ... > close the ssh connection, ... client in the default location for the client identity. ... Or just disable public key authentication. ... (comp.security.ssh) Bug#137492: PAM pam_set_item: NULL pam handle passed ... Package: ssh ... It may only happen when the client does something ... Versions of packages ssh depends on: ... (Incidents) Multiple issues with Mac OS X AFP client ... Multiple issues with Mac OS X AFP client ... connections to an Apple file server over SSH - a commendable effort to ... .GlobalPreferences.plist (the AFP client does not follow Apple's ... (Bugtraq) [Full-Disclosure] Multiple issues with Mac OS X AFP client ... Multiple issues with Mac OS X AFP client ... connections to an Apple file server over SSH - a commendable effort to ... .GlobalPreferences.plist (the AFP client does not follow Apple's ... (Full-Disclosure) Multiple issues with Mac OS X AFP client ... Multiple issues with Mac OS X AFP client ... connections to an Apple file server over SSH - a commendable effort to ... .GlobalPreferences.plist (the AFP client does not follow Apple's ... (Full-Disclosure)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint