Forum Discussion

Pandiarajan_701's avatar
Icon for Nimbostratus rankNimbostratus
Aug 30, 2011

Syslog Message

Aug 30 03:43:19 local/bigip1 alert sshd[16707]: pam_unix(sshd:auth): check pass; user unknown. Could someone explain what is this Log message is all about ??

1 Reply

  • Hi,



    There should be a second log line from pamd just after that one which lists the username and remote host that someone unsuccessfully attempted to authenticate via SSH with:



    Jun 24 20:57:14 bigip1 sshd(pam_unix)[10879]: check pass; user unknown


    Jun 24 20:57:14 bigip1 sshd(pam_unix)[10879]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=



    You can check SOL11719 for steps to take to mitigate brute force SSH attacks:



    sol11719: Mitigating risk from SSH brute force login attacks