Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
SSH-Log Entries
  • From: Kai Pfeiffer <pfeiffer.kai@xxxxxxx>
  • Date: Thu, 11 Nov 2004 23:51:13 +0100
  • Message-id: <200411112351.13773.pfeiffer.kai@xxxxxxx>
Hello,

I took a look at my /var/log/messages and now I have a question about the
log-entries from ssh-daemon.

Remote-users are only allowed to login via ssh2 and only RSA-authentication is
enabled, login via password isn't possible. Root-logins are forbidden.

If I use ssh to log into my box, the log-entries of sshd look like this:
--snip--
Nov 11 12:56:02 xxx sshd[698]: Connection from ::ffff:my.ip.add.res port 32775
Nov 11 12:56:02 xxx sshd[698]: Found matching RSA key:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff
Nov 11 12:56:02 xxx sshd[698]: Found matching RSA key:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff
Nov 11 12:56:02 xxx sshd[698]: Accepted publickey for meinloginname from
::ffff:xxx.xxx.xxx.xxx port 32775 ssh2
--snip--

If somebody else uses a wrong loginname it looks like this
--snip--
Nov 11 21:50:20 xxx sshd[4109]: Connection from ::ffff:xxx.xxx.xxx.xxx port
35472
Nov 11 21:50:22 xxx sshd[4109]: Illegal user test from ::ffff:xxx.xxx.xxx.xxx
--snip--

If somebody uses an existing username , eg "root", only this single line is in
the logs
--snip--
Nov 11 21:50:20 xxx sshd[4109]: Connection from ::ffff:xxx.xxx.xxx.xxx port
35472
--snip--

MY QUESTION IS: WHAT DO THIS TWO ENTRIES MEAN?
--snip--
Nov 11 22:09:40 xxx sshd[4132]: Connection from ::ffff:xxx.xxx.xxx.xxx port
48806
Nov 11 22:09:40 xxx sshd[4132]: Did not receive identification string from
::ffff:xxx.xxx.xxx.xxx
--snip--

Thank You

Kai Pfeiffer

< Previous Next >
Follow Ups