Red Hat Bugzilla – Bug 101252
update of openssh shows authentication failure in the message log
Last modified: 2014-01-21 17:48:42 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030708
Description of problem:
When you update the ssh components (client, askpass et. al.) through up2date
tool next time you try to login a message appears in the /var/log/messages:
sshd(pam_unix): authentication failure; logname= uid=0 euid=0
tty=NODEVssh ruser= rhost=xxxx user=root
And then the process of login is normal. It means you can login and logut
This problem occurs with all the users.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
2.The package openssh is updated
3.ssh -l root mydomain.com
Actual Results: A message "authentication failure" appears in /var/log/messages
but the connection to the system works.
Expected Results: Connection to the system without that message like the
previous version of ssh.
default configuration of pam and xinetd
I began seeing this same behavior on a RedHat 7.2 system, after installing
openssh-3.1p1-8. The ssh connection and login is successful, and produces this
output in /var/log/messages:
Jul 30 13:12:48 themachine sshd(pam_unix): authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=somewhere user=someone
Jul 30 13:12:52 themachine sshd(pam_unix): session opened for user someone
Jul 30 13:12:52 themachine sshd(pam_unix): session closed for user someone
This is with kernel 2.4.20-19.7.
The /etc/ssh/sshd_config file had been changed as follows:
This is a problem, because the /var/log/messages file has tons of false alarms,
and they will obscure any real failed login attempts.
FYI, this was already reported in Bug #101157.
I'm experiencing the same problem under both RH 7.3 as well as 8.0 after
updating all openssh packages to 3.1p1-8.
FWIW I built openssh-3.6.1p2-1 from the src rpm from openssh.org and do not
experience the delay in a valid login or bogus auth. failed messages. The delay
is bad enough for us since we uss ssh to run all sorts of commands remotely on a
growing likst of machines and 2 seconds adds up. but bogus error messages
regarding something as werious as authentication is absolutely unacceptable
Natlin - please do not close this with NOTABUG as you did 101157. There is
something seriouly wrong with the back port unless I am serioulsy missing
something which is entirely possible. Red Hat may do something that is
difficult to incorporate but this need fixing or you will have a lot of users
backing this out.
there is a link to a patch and more info at:
*** This bug has been marked as a duplicate of 101157 ***