Hello, I am not sure if its a bug, or if the bug lies in my config... Viewing the authlog on a 6.1_STABLE box, (amd64, GENERIC, OpenSSH_6.2p1), I see the usual ssh bruteforce attempts , however it looks like they are bypassing pubkey only auth and using password auth:-
.... Sep 10 13:29:42 darkstar sshd[1765]: Invalid user ftp from <omitted> Sep 10 13:29:42 darkstar sshd[1765]: input_userauth_request: invalid user ftp Sep 10 13:29:42 darkstar sshd[1765]: Failed password for invalid user ftp from <omitted> port 54808 ssh2 Sep 10 13:29:43 darkstar sshd[1765]: error: Received disconnect from <omitted>: 11: Bye Bye .... Sep 10 17:59:15 darkstar sshd[2288]: Connection from <omitted> port 56298 Sep 10 17:59:16 darkstar sshd[2288]: Invalid user cron from <omitted> Sep 10 17:59:16 darkstar sshd[2288]: input_userauth_request: invalid user cron Sep 10 17:59:16 darkstar sshd[2288]: Failed password for invalid user cron from <omitted> port 56298 ssh2 Sep 10 17:59:16 darkstar sshd[2288]: error: Received disconnect from <omitted>: 11: Bye Bye Sep 10 17:59:16 darkstar sshd[14149]: Connection from <omitted> port 56419 Sep 10 17:59:17 darkstar sshd[14149]: Failed password for root from <omitted> port 56419 ssh2 Sep 10 17:59:17 darkstar sshd[14149]: error: Received disconnect from <omitted>: 11: Bye Bye Sep 10 17:59:17 darkstar sshd[21692]: Connection from <omitted> port 56553 Sep 10 17:59:18 darkstar sshd[21692]: Failed password for root from <omitted> port 56553 ssh2 Sep 10 17:59:18 darkstar sshd[21692]: error: Received disconnect from <omitted>: 11: Bye Bye When I connect with pubkey, I get the following as expected:- Sep 10 20:57:59 darkstar sshd[5242]: Connection from <omitted> port 47627 Sep 10 20:57:59 darkstar sshd[5242]: Failed none for <my_user_name> from <omitted> port 47627 ssh2 Sep 10 20:58:05 darkstar sshd[5242]: Found matching RSA key: <XX:XX:XX:XX:XX:XX:XX> Sep 10 20:58:05 darkstar sshd[5242]: Accepted publickey for <my_user_name> from <omitted> port 47627 ssh2 So, thinking that there is something wrong with my config, I try and force password auth with to try and reproduce the log :- ssh -o PreferredAuthentications=keyboard-interactive -o PubKeyAuthentication=n root@<hostname> and ssh -o PreferredAuthentications=password -o PubKeyAuthentication=n root@<hostname> but the log shows (correctly) Sep 10 22:04:06 darkstar sshd[8948]: Failed none for root from <omitted> port 48465 ssh2 Sep 10 22:04:06 darkstar sshd[8948]: Connection closed by <omitted> sshd.conf has these set :- PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no The config is pretty much identical to how it was on FreeBSD. I am stumped as to what exactly is happening. ?? Cheers, Mike
