On Nov 14, 2008, at 8:00 PM, Steven Susbauer wrote:
Lisa Casey wrote:
I run several FreeBSD servers. Today I noticed an entry in the
on one of them that concerns me. The entry is this:
Nov 12 15:44:29 mail sshd: Accepted keyboard-interactive/pam
michael from 188.8.131.52 po
rt 55185 ssh2
There is a user michael on the system, but whoever was doing this was
I am assuming someone tried to break in using a valid username
but with an incorrect password. So I just conducted an experiment
if I could replicate that log entry using another valid username:
I ssh'ed into the server, gave mandy as the username with an
password. The auth.log entry for that attempt is this:
Nov 14 19:44:54 mail sshd: Failed password for mandy from
184.108.40.206 port 51919 ssh2
and when I used something called keyboard interactive as the primary
authentication method in my ssh client, I get this:
sshd: error: PAM: authentication error for mandy from
Nothing about Accepted keyboard-interactive/pam. What does Accepted
Also, in my ssh client, for authentication methods I have a choice of
password, publickey or keyboard interactive. I've always used
and never even noticed that keyboard interactive before. What is
Keyboard-interactive includes when the server sends requests such as
"Password:" to which the connector responds by typing their password.
This is different from entering the password in your client before
$ ssh [EMAIL PROTECTED]
[EMAIL PROTECTED]'s password:
Try doing similar with the correct password and I bet you will see the
"Accepted/keyboard-interactive", it may be possible that michael's
password is no longer secure.
Or michael is vacationing in Romania.
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"