Failed password for invalid user in /var/log/auth.log ?
1,472 views
Skip to first unread message
Drew Fustini
Apr 10, 2017, 6:34:03 PM4/10/17
to Beagle Board
Has anyone seen ssh warnings similar to this in /var/log/auth.log on
their BeagleBone?
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0
tty=ssh ruser= rhost=103.207.37.232
Failed password for invalid user support from 103.207.37.232 port 57227 ssh2
fatal: Read from socket failed: Connection reset by peer [preauth]
Did not receive identification string from 103.207.37.232
Address 123.31.31.90 maps to localhost, but this does not map back to
the address - POSSIBLE BREAK-IN ATTEMPT!
Invalid user support from 123.31.31.90
input_userauth_request: invalid user support [preauth]
pam_unix(sshd:auth): check pass; user unknown
A BeagleBone user is trying to determine if this is a problem:
https://forums.adafruit.com/viewtopic.php?f=49&t=115295&p=575972
I've not see this behavior. The BeagleBone on my internal network
running Debian 8.7 does accept accept ssh connections. I don't see
any activity like the above but my home router does not forward any
ports to the BeagleBone.
thanks,
drew
their BeagleBone?
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0
tty=ssh ruser= rhost=103.207.37.232
Failed password for invalid user support from 103.207.37.232 port 57227 ssh2
fatal: Read from socket failed: Connection reset by peer [preauth]
Did not receive identification string from 103.207.37.232
Address 123.31.31.90 maps to localhost, but this does not map back to
the address - POSSIBLE BREAK-IN ATTEMPT!
Invalid user support from 123.31.31.90
input_userauth_request: invalid user support [preauth]
pam_unix(sshd:auth): check pass; user unknown
A BeagleBone user is trying to determine if this is a problem:
https://forums.adafruit.com/viewtopic.php?f=49&t=115295&p=575972
I've not see this behavior. The BeagleBone on my internal network
running Debian 8.7 does accept accept ssh connections. I don't see
any activity like the above but my home router does not forward any
ports to the BeagleBone.
thanks,
drew
William Hermans
Apr 10, 2017, 8:16:59 PM4/10/17
to beagl...@googlegroups.com
If that person is trying to log in with root from one of the latest image, they're going to get an error, which is possibly a PAM error. Robert changed the root account so one can not by default log in over ssh as root. It can be fixed, but it's probably nto a good idea for anyone to "fix" this. Instead keep security in mind when logging into their board.
--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CAPgEAj5BMaKahEsp91dT06GE720-%2BiXXOMdons__%3DQBaamyZZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Robert Nelson
Apr 10, 2017, 8:31:05 PM4/10/17
to Beagle Board
On Mon, Apr 10, 2017 at 5:33 PM, Drew Fustini <dr...@beagleboard.org> wrote:
> Has anyone seen ssh warnings similar to this in /var/log/auth.log on
> their BeagleBone?
>
> pam_unix(sshd:auth): check pass; user unknown
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0
> tty=ssh ruser= rhost=103.207.37.232
> Failed password for invalid user support from 103.207.37.232 port 57227 ssh2
> fatal: Read from socket failed: Connection reset by peer [preauth]
> Did not receive identification string from 103.207.37.232
> Address 123.31.31.90 maps to localhost, but this does not map back to
> the address - POSSIBLE BREAK-IN ATTEMPT!
> Invalid user support from 123.31.31.90
> input_userauth_request: invalid user support [preauth]
> pam_unix(sshd:auth): check pass; user unknown
So the beagle with an address of 123.31.31.90, had a host trying to
> Has anyone seen ssh warnings similar to this in /var/log/auth.log on
> their BeagleBone?
>
> pam_unix(sshd:auth): check pass; user unknown
> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0
> tty=ssh ruser= rhost=103.207.37.232
> Failed password for invalid user support from 103.207.37.232 port 57227 ssh2
> fatal: Read from socket failed: Connection reset by peer [preauth]
> Did not receive identification string from 103.207.37.232
> Address 123.31.31.90 maps to localhost, but this does not map back to
> the address - POSSIBLE BREAK-IN ATTEMPT!
> Invalid user support from 123.31.31.90
> input_userauth_request: invalid user support [preauth]
> pam_unix(sshd:auth): check pass; user unknown
connect, and it blocked it:
beagle:
http://ipaddress.is/123.31.31.90
host trying to connect:
http://ipaddress.is/103.207.37.232
This either occurred from two ways:
1: his upstream provider gave him a new ip address
2: he connected the Beagle directly to the web.
I'm going to guess #2, and his board is either a bot now, or probally
will be shortly..
aka, get a firewall, port forward, don't use port 22, etc...
Regards,
--
Robert Nelson
https://rcn-ee.com/
William Hermans
Apr 10, 2017, 9:05:07 PM4/10/17
to beagl...@googlegroups.com
In that case yeah I did not pay attention to the IPs. It may be best to disable ssh login passwd's all together, and use ssh certificates / key login's only Something like this: https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
But depending on the users experience level with Llinux. It may be a bit over his / her head.--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CAOCHtYjLhKjXnzES-jTpcEuA%3DL9ek%3DozZcJi8vEYaBaZw7x-KA%40mail.gmail.com.
Brian Yates
Apr 10, 2017, 11:15:01 PM4/10/17
to BeagleBoard
Mr. Nelson was correct on guess #2. And yes, it's all a bit over my head, but I'm trying...thanks for the help.
Reply all
Reply to author
Forward
0 new messages