Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Oct 2019 17:53:00 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 234793] Failed unknown for $USER in sshd logs even if I got authenticated
Message-ID:  <bug-234793-227-K4JeNMmbo6@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-234793-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-234793-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234793

lysfjord.daniel@smokepit.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lysfjord.daniel@smokepit.ne
                   |                            |t

--- Comment #20 from lysfjord.daniel@smokepit.net ---
Just chiming in..

It has been like this for a good while:
SELECT COUNT(1) FROM logs WHERE program =3D 'sshd' AND msg like 'Failed unk=
nown
for %';
+----------+
| COUNT(1) |
+----------+
|    17695 |
+----------+

First entry: 2019-01-07 17:33:52 (aka the same day as I upgraded to 12.0 on
that server).

Full sshd.conf:

PermitRootLogin no
StrictModes yes
MaxAuthTries 2=20
AllowGroups sshlogin
AuthorizedKeysFile      .ssh/authorized_keys
ChallengeResponseAuthentication yes
UsePAM yes
UseDNS no
Subsystem       sftp    /usr/libexec/sftp-server
AuthenticationMethods publickey,keyboard-interactive

pam.d/sshd:
auth            required        /usr/local/lib/pam_google_authenticator.so
nullok
auth            required        /usr/local/lib/pam_ldap.so
account         required        pam_nologin.so
account         required        pam_login_access.so
account         sufficient        /usr/local/lib/pam_ldap.so      no_warn
ignore_authinfo_unavail ignore_unknown_user
account         required        pam_unix.so
session         required        pam_permit.so
password        sufficient      /usr/local/lib/pam_ldap.so      no_warn
ignore_authinfo_unavail ignore_unknown_user
password        required        pam_unix.so

I may have missed something glaringly obvious, but so far, I've just put the
line "Failed unknown for" on whitelists.. The config, both for sshd and pam=
, is
an almost word-for-word copy from the linux install the server used to have,
where this message did not occur.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234793-227-K4JeNMmbo6>