authentication failure in log files for ssh connection

From: Randy Brown (randy.brown_at_noaa.gov)
Date: 08/15/03 

Date: 15 Aug 2003 11:37:37 -0700

We are seeing the following sequence of messages in our log files:

Aug 13 05:19:32 <machinename-server> sshd(pam_unix)[1883]:
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=<machinename-client> user=<username>
Aug 15 14:29:19 <machinename-server> sshd[6773]: Accepted publickey
for <username> from <IP Addy of client> port 52344 ssh2
Aug 15 14:29:19 <machinename-server> sshd(pam_unix)[6773]: session
opened for user <username> by (uid=0)
Aug 15 14:29:19 <machinename-server> sshd(pam_unix)[6773]: session
closed for user <username>

My question is this - Why is the first authentication message
appearing. My thought was that it was trying hostbased authentication
first, which is not enabled, the proceeding to try Public-key
authentication, which is succeeding, opening and closing the session
as expected. I figured that Hostbased authentication was enabled
somewhere causing this first attempt error to occur. I have looked
thoroughly through ssh_config and sshd_config on both the server and
client machines and all hostbased entries are commented out and turned
off by default.

We are using openssh-3.1p1-8 on Redhat 7.2. I'd would appreciate any
thoughts on this and can provide more info as needed.

TIA,

Randy

Quantcast