#28 Unknown usernames rejected without prompting a password

open
nobody
None
5
2008-03-12
2008-03-12
Anonymous
No

SSH login attempts with an unknown username result in a closed connection without prompting for a password. Using:

OpenSSH 4.5p1-r2
OpenSSL 0.9.8.4
AIX 5.3 TL6 SP5

Relevant syslog.out records:

Mar 12 11:07:27 hostname auth|security:info sshd[16274]: reverse mapping checking getaddrinfo for [hostname.domain.tld] [n.n.n.n] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 12 11:07:27 hostname auth|security:info sshd[16274]: Invalid user bogus from n.n.n.n
Mar 12 11:07:27 hostname auth|security:info syslog: ssh: failed login attempt for UNKNOWN_USER from n.n.n.n
Mar 12 11:07:27 hostname auth|security:crit sshd[16274]: fatal: monitor_read: unpermitted request 45

Discussion

  • ssh
    ssh
    2008-05-06

    Logged In: YES
    user_id=1169276
    Originator: NO

    This happens if you have enabled PAM authentication. For normal STD_AUTH even for unkown user it will prompt for passwd.