Bug 234793 - Failed unknown for $USER in sshd logs even if I got authenticated
Summary: Failed unknown for $USER in sshd logs even if I got authenticated
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.0-RELEASE
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-09 16:24 UTC by Sverre
Modified: 2019-01-18 18:10 UTC (History)
2 users (show)

See Also:


Attachments
client-ssh-verbose.md (12.00 KB, text/plain)
2019-01-13 10:47 UTC, Egbert Pot
no flags Details
server--auth.log (1.38 KB, text/plain)
2019-01-13 10:48 UTC, Egbert Pot
no flags Details
server--sshd_config (3.91 KB, text/plain)
2019-01-13 10:49 UTC, Egbert Pot
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sverre 2019-01-09 16:24:10 UTC
If I ssh into a box with 12.0-RELEASE I get in fine, but the server logs that my attempt Failed for $USER ... Looks weird and I saw this one dude online that complained about this causing fail2ban to add him to the ban list. This is not an issue on 11.2 with exactly the same setup and keys and users.
Comment 1 Egbert Pot 2019-01-13 10:47:11 UTC
Created attachment 201093 [details]
client-ssh-verbose.md
Comment 2 Egbert Pot 2019-01-13 10:48:23 UTC
Created attachment 201094 [details]
server--auth.log
Comment 3 Egbert Pot 2019-01-13 10:49:12 UTC
Created attachment 201095 [details]
server--sshd_config
Comment 4 Egbert Pot 2019-01-13 10:50:44 UTC
I I have the same issue as @Sverre. Due to this issue I cannot use Fail2Ban, since it also bans successful logins.

To help debugging this issue, I've added:
* SSH server configuration from /etc/ssh/sshd_config on the FreeBSD12 system; see server--sshd_config
* SSH server's authentication log output /var/log/auth.log; see server--auth.log
* Very verbose output of the SSH session initiated by the client; see client-ssh-verbose.md


--------------
Information on the SSH server - FreeBSD 12

$ uname -a
FreeBSD gatekeeper 12.0-RELEASE FreeBSD 12.0-RELEASE r341666 GENERIC  amd64

$ getconf LONG_BIT
64

$ uname -K
1200086

$ uname -U
1200086

$ sshd --help
sshd: illegal option -- -
OpenSSH_7.8p1, OpenSSL 1.1.1a-freebsd  20 Nov 2018

--------------
Information on the SSH client - OSx 10.14.2

$ sw_vers
ProductName:	Mac OS X
ProductVersion:	10.14.2
BuildVersion:	18C54


$ ssh -V
OpenSSH_7.9p1, LibreSSL 2.7.3
Comment 5 Ryan 2019-01-18 18:10:47 UTC
I'm also seeing this happening across multiple machines since updating to 12.0-RELEASE.  My sshd_config, auth.log, and client verbose log match the files uploaded by Egbert.

My server environment is:

$ uname -a
FreeBSD gateway 12.0-RELEASE-p2 FreeBSD 12.0-RELEASE-p2 GENERIC  amd64

$ getconf LONG_BIT
64

$ uname -K
1200086

$ uname -U
1200086

$ sshd --help
sshd: illegal option -- -
OpenSSH_7.8p1, OpenSSL 1.1.1a-freebsd  20 Nov 2018


I'm pretty confident saying that it's not a client issue, since I've tried all of the following and have received the same results with them all:

- The above mentioned FreeBSD server
- MacOS 10.14.2, OpenSSH_7.9p1, LibreSSL 2.7.3
- Blink for iOS v12.4.81
- PuTTY 0.69 on Windows 10