From owner-freebsd-questions@FreeBSD.ORG  Sat Oct  7 19:32:43 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AA47C16A4A7
	for <questions@freebsd.org>; Sat,  7 Oct 2006 19:32:43 +0000 (UTC)
	(envelope-from peo@intersonic.se)
Received: from neonpark.inter-sonic.com (neonpark.inter-sonic.com
	[212.247.8.98]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25E2C43D5A
	for <questions@freebsd.org>; Sat,  7 Oct 2006 19:32:03 +0000 (GMT)
	(envelope-from peo@intersonic.se)
X-Virus-Scanned: amavisd-new at inter-sonic.com
Message-ID: <45280086.9050009@intersonic.se>
Date: Sat, 07 Oct 2006 21:31:18 +0200
From: Per olof Ljungmark <peo@intersonic.se>
Organization: Intersonic AB
User-Agent: Thunderbird 1.5.0.7 (X11/20060915)
MIME-Version: 1.0
To: Robert Huff <roberthuff@rcn.com>
References: <17703.8714.727674.221682@jerusalem.litteratus.org>
In-Reply-To: <17703.8714.727674.221682@jerusalem.litteratus.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: questions@freebsd.org
Subject: Re: ssh(d) "Failed keyboard-interactive/pam for invalid user"
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Oct 2006 19:32:43 -0000

Robert Huff wrote:
> 	One of my machines running:
> 
> FreeBSD 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Thu Aug  3 15:33:32 EDT 2006
> 
> 	has suddenly decided to deny all ssh connections, whether by
> key-exchange or password.
> 	When attempting the latter, this appears in auth.log:
> 
> Oct  3 22:47:44 jerusalem sshd[46280]: error: PAM: authentication error for illegal user <deleted> from bronze.lcs.mit.edu
> Oct  3 22:47:44 jerusalem sshd[46280]: Failed keyboard-interactive/pam for invalid user <deleted> from 128.31.0.11 port 63059 ssh2
> 
> 	Thre's nothing relevant in /usr/src/UPDATING, and searching on
> Google points to Samba-related stuff.  I am running Samba, but fail
> to understand how this can affect a non-Samba-related login.
> 	Anyone willing to whap me with the clue-iron?
>

Are you using pam_ldap?