Bug 101252 - update of openssh shows authentication failure in the message log
Summary: update of openssh shows authentication failure in the message log
Status: CLOSED DUPLICATE of bug 101157
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh
Version: 7.3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2003-07-30 14:07 UTC by Javier Rojas Balderrama
Modified: 2014-01-21 22:48 UTC (History)
12 users (show)

Clone Of:
Last Closed: 2005-02-04 15:40:18 UTC

Attachments (Terms of Use)

Description Javier Rojas Balderrama 2003-07-30 14:07:36 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030708

Description of problem:
When you update the ssh components (client, askpass et. al.) through up2date
tool next time you try to login a message appears in the /var/log/messages:

 sshd(pam_unix)[20347]: authentication failure; logname= uid=0 euid=0
tty=NODEVssh ruser= rhost=xxxx  user=root

And then the process of login is normal. It means you can login and logut

This problem occurs with all the users.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.up2date -u 
2.The package openssh is updated
3.ssh -l root mydomain.com

Actual Results:  A message "authentication failure" appears in /var/log/messages
but the connection to the system works.

Expected Results:  Connection to the system without that message like the
previous version of ssh.

Additional info:

kernel: 2.4.20-13.7bigmem
default configuration of pam and xinetd

Comment 1 Todd Allen 2003-07-30 17:35:42 UTC
I began seeing this same behavior on a RedHat 7.2 system, after installing
openssh-3.1p1-8.  The ssh connection and login is successful, and produces this
output in /var/log/messages:

Jul 30 13:12:48 themachine sshd(pam_unix)[1856]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=somewhere  user=someone
Jul 30 13:12:52 themachine sshd(pam_unix)[1856]: session opened for user someone
by (uid=0)
Jul 30 13:12:52 themachine sshd(pam_unix)[1856]: session closed for user someone

This is with kernel 2.4.20-19.7.

The /etc/ssh/sshd_config file had been changed as follows:
      X11Forwarding yes
      PasswordAuthentication yes
      ChallengeResponseAuthentication no
      PAMAuthenticationViaKbdInt no

This is a problem, because the /var/log/messages file has tons of false alarms,
and they will obscure any real failed login attempts.

Comment 2 Jordan Russell 2003-08-04 00:53:12 UTC
FYI, this was already reported in Bug #101157.

Comment 3 Ashley M. Kirchner 2003-08-05 10:06:24 UTC
I'm experiencing the same problem under both RH 7.3 as well as 8.0 after
updating all openssh packages to 3.1p1-8.

Comment 4 Bret Hughes 2003-08-08 03:48:52 UTC
FWIW I built openssh-3.6.1p2-1 from the src rpm from openssh.org and do not
experience the delay in a valid login or bogus auth. failed messages.  The delay
is bad enough for us since we uss ssh to run all sorts of commands remotely on a
growing likst of machines and 2 seconds adds up. but bogus error messages
regarding something as werious as authentication is absolutely unacceptable

Natlin - please do not close this with NOTABUG as you did 101157.  There is
something seriouly wrong with the back port unless I am serioulsy missing
something which is entirely possible.  Red Hat may do something that is
difficult to incorporate but this need fixing or you will have a lot of users
backing this out.


Comment 5 Rajiv Manglani 2003-08-08 04:00:53 UTC
there is a link to a patch and more info at:

Comment 6 Tomas Mraz 2005-02-04 15:40:18 UTC

*** This bug has been marked as a duplicate of 101157 ***

Note You need to log in before you can comment on or make changes to this bug.