Secure Shell
Exact "Accepted password for" log message meaning Jan 19 2011 12:50PM
Christophe Brocas (forum) (christophe brocas cnamts fr) (1 replies)
Re: Exact "Accepted password for" log message meaning Jan 19 2011 09:31PM
Daniel Llewellyn (diddledan gmail com)
And again, to the list.

2011/1/19 Christophe Brocas (forum) <christophe.brocas (at) cnamts (dot) fr [email concealed]>:
> But I have recently found these records :
> Dec 30 09:18:23 host1 sshd[2281638]: Connection from 10.0.0.1 port 1217
> Dec 30 09:18:29 host1 sshd[2281638]: Failed none for XXX from 10.0.0.1 port 1217
> ssh2
> Dec 30 09:18:33 host1 sshd[2281638]: Accepted password for XXX from 10.0.0.1
> port 1217 ssh2
> Dec 30 09:18:33 host1 sshd[1908826]: Disconnecting: Remote login for account XXX
> is not allowed.
>
> Question : does the 4th line mean that :
> - the 3rd line does not say that connection is OK
> - the 3rd line only means that the password method is allowed on this server to
> connect ?

as far as I'm aware: "Accepted password for XXX" means that user "XXX"
has correctly authenticated with SSH's password mechanism. The next
line after that informs that XXX, while correctly AUTHENTICATING, is
not AUTHORISED to use the service.

caveat: I notice that the PIDs (2281638 and 1908826) are different
from the first three lines and the fourth. Are you sure these four
lines all refer to the same connection attempt?

--
Regards,
The Honeymonster aka Daniel Llewellyn

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus