Tony Nugent <[EMAIL PROTECTED]> writes:
> On Sat Dec 09 2000 at 17:23, Harry Putnam wrote:
>
> > Running:
> > Redhat Linux 6.2
> > ssh-1.2.27-5i
> > ssh-clients-1.2.27-5i
> > ssh-extras-1.2.27-5i
> > ssh-server-1.2.27-5i
> > pam-0.72-20
> >
> > [also posted to comp.security.ssh]
> >
> > [ Verosity alert.... it seem somewhat unavoidable to have the output
> > to examine]
> >
> > I've been noticing for while now that attempts to use ssh to su to a
> > user on my home machine produces authentication failure messages in
> > system log that look like:
> >
> > Dec 9 16:22:18 reader PAM_pwdb[2083]: \
> > authentication failure; (uid=0) -> korn for ssh service
>
> Is that shell (/bin/ksh ??) mentioned in /etc/shells?
That may be a little misleading. `korn' is the name of a dummy user.
An account where I do experimental things needing a different env.
The korn account is in fact running pdksh as its login shell
though. Very clever of me eh?
cat /etc/shells:
^^^^^^^^^^^^^
/bin/bash
/bin/sh
/bin/tcsh
/bin/csh
/bin/ash
/bin/bsh
/bin/ksh
/bin/zsh
You may be onto something though... Why does it show (uid=0)? Isn't
that root's uid?
In the example case the one ssh'ing is a regular user and the account
being ssh'ed to is regular user. Where does (uid=0) enter the picture?
If I say `ssh -l reader localhost' from the reader account. That is
ssh to myself, I get the same message.
Dec 11 04:37:28 reader PAM_pwdb[3501]: \
authentication failure; (uid=0)-> reader for ssh service
What does this hve to do with (uid=0)? Maybe because pam is running
in uid=0?
Some onee else has pointed out that ssh or PAM is checking some other
protocols too, and that is what is failing, but that it is normal to
have that happen.
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
