> Does anyone know what the cause is of this fail message ? > > (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234793) > > its triggered by a normal ssh key'd login, but sshd is running with > VERBOSE logging. > > sshd[63290]: Failed unknown for testuser1 from 192.168.xx.yyy port > 60643 ssh2 ? > > The user is able to login no problem, but the error message is bubbling > up in our HIDS. We had to white list it, but it would be useful to > understand exactly why and what is failing. > > —Mike
It’s one of the other SSH authentication types (e.g., GSSAPI, password, etc.) which is in the processing order before public key. I’m assuming you’re seeing that ‘failure’ immediately before your successful key authentication in auth.log; I actually had to switch back to INFO for logging because that ‘failure’ trips up sshguard which kicks in and blocks the IP despite the public key auth succeeding right after whichever other auth type is tried and fails. (Unfortunately, I wasn’t able to determine which specific other authentication type was being tried first, since moving logging back to INFO resolved my immediate issue of getting blocked by sshguard before successfully processing my key.) Thanks, -- Matt Garber _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
