On Mon, 9 Aug 2021 14:52:40 -0700, Jordan Geoghegan
<jordan@geoghegan.ca> wrote:
> Hello,
>
> I was hoping somebody could set me straight here. On one of my
> machines I have a number of entries in my /var/log/authlog file that
> look like this:
>
> Failed none for invalid user admin from 14.239.50.255 port 51796
>
> The machine has been being hammered with SSH bruteforce attempts and
> I noticed that "Failed none" entry popping up frequently.
>
> What exactly does "Failed none" mean here in this in this context?
>
> Any insight would be greatly appreciated as my Google-fu has failed
> me in my search for an answer.
I don't have any experience with ssh's code but after a quick grep, it
seems to come from
https://github.com/openbsd/src/blob/73b5c081a08ab8132aaab716c8f4da9aebb020e7/usr.bin/ssh/auth.c#L272-L282
I guess the "none" is the auth method selected by the client. Someone
with more knowledge on the ssh protocol can surely give you a more
detailed answer.
Cheers,
Danie
No comments:
Post a Comment