On Nov 14, 2008, at 8:00 PM, Steven Susbauer wrote:

Lisa Casey wrote:

I run several FreeBSD servers. Today I noticed an entry in the auth.log
on one of them that concerns me. The entry is this:

Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam for
michael from po
rt 55185 ssh2

There is a user michael on the system, but whoever was doing this was
not him.

I am assuming someone tried to break in using a valid username (michael) but with an incorrect password. So I just conducted an experiment to see if I could replicate that log entry using another valid username: mandy. I ssh'ed into the server, gave mandy as the username with an incorrect
password. The auth.log entry for that attempt is this:

Nov 14 19:44:54 mail sshd[96194]: Failed password for mandy from port 51919 ssh2

and when I used something called keyboard interactive as the primary
authentication method in my ssh client, I get this:

sshd[96348]: error: PAM: authentication error for mandy from

Nothing about Accepted keyboard-interactive/pam.  What does Accepted
keyboard-interactive/pam mean?

Also, in my ssh client, for authentication methods I have a choice of
password, publickey or keyboard interactive. I've always used password, and never even noticed that keyboard interactive before. What is that?


Lisa Casey

Keyboard-interactive includes when the server sends requests such as
"Password:" to which the connector responds by typing their password.
This is different from entering the password in your client before
connecting. Example:

[EMAIL PROTECTED]'s password:

Try doing similar with the correct password and I bet you will see the
"Accepted/keyboard-interactive", it may be possible that michael's
password is no longer secure.

Or michael is vacationing in Romania.

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to