Forum Discussion
Pandiarajan_701
Nimbostratus
Aug 30, 2011Syslog Message
Aug 30 03:43:19 local/bigip1 alert sshd[16707]: pam_unix(sshd:auth): check pass; user unknown. Could someone explain what is this Log message is all about ??
hoolio
Cirrostratus
Aug 30, 2011Hi,
There should be a second log line from pamd just after that one which lists the username and remote host that someone unsuccessfully attempted to authenticate via SSH with:
Jun 24 20:57:14 bigip1 sshd(pam_unix)[10879]: check pass; user unknown
Jun 24 20:57:14 bigip1 sshd(pam_unix)[10879]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.2.3.4
You can check SOL11719 for steps to take to mitigate brute force SSH attacks:
sol11719: Mitigating risk from SSH brute force login attacks
https://support.f5.com/kb/en-us/solutions/public/11000/700/sol11719.html
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects