Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 101252 - update of openssh shows authentication failure in the message log
Summary: update of openssh shows authentication failure in the message log
Keywords:
Status: CLOSED DUPLICATE of bug 101157
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh
Version: 7.3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-07-30 14:07 UTC by Javier Rojas Balderrama
Modified: 2014-01-21 22:48 UTC (History)
12 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-02-04 15:40:18 UTC
Embargoed:

Attachments (Terms of Use)

Description Javier Rojas Balderrama 2003-07-30 14:07:36 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030708

Description of problem:
When you update the ssh components (client, askpass et. al.) through up2date
tool next time you try to login a message appears in the /var/log/messages:

 sshd(pam_unix)[20347]: authentication failure; logname= uid=0 euid=0
tty=NODEVssh ruser= rhost=xxxx  user=root

And then the process of login is normal. It means you can login and logut
succesfully.

This problem occurs with all the users.

Version-Release number of selected component (if applicable):
openssh-3.1p1-8

How reproducible:
Always

Steps to Reproduce:
1.up2date -u 
2.The package openssh is updated
3.ssh -l root mydomain.com
4

Actual Results:  A message "authentication failure" appears in /var/log/messages
but the connection to the system works.

Expected Results:  Connection to the system without that message like the
previous version of ssh.

Additional info:

kernel: 2.4.20-13.7bigmem
default configuration of pam and xinetd
Comment 1 Todd Allen 2003-07-30 17:35:42 UTC 
I began seeing this same behavior on a RedHat 7.2 system, after installing
openssh-3.1p1-8.  The ssh connection and login is successful, and produces this
output in /var/log/messages:

Jul 30 13:12:48 themachine sshd(pam_unix)[1856]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=somewhere  user=someone
Jul 30 13:12:52 themachine sshd(pam_unix)[1856]: session opened for user someone
by (uid=0)
Jul 30 13:12:52 themachine sshd(pam_unix)[1856]: session closed for user someone

This is with kernel 2.4.20-19.7.

The /etc/ssh/sshd_config file had been changed as follows:
      X11Forwarding yes
      PasswordAuthentication yes
      ChallengeResponseAuthentication no
      PAMAuthenticationViaKbdInt no

This is a problem, because the /var/log/messages file has tons of false alarms,
and they will obscure any real failed login attempts.
Comment 2 Jordan Russell 2003-08-04 00:53:12 UTC 
FYI, this was already reported in Bug #101157.
Comment 3 Ashley M. Kirchner 2003-08-05 10:06:24 UTC 
I'm experiencing the same problem under both RH 7.3 as well as 8.0 after
updating all openssh packages to 3.1p1-8.
Comment 4 Bret Hughes 2003-08-08 03:48:52 UTC 
FWIW I built openssh-3.6.1p2-1 from the src rpm from openssh.org and do not
experience the delay in a valid login or bogus auth. failed messages.  The delay
is bad enough for us since we uss ssh to run all sorts of commands remotely on a
growing likst of machines and 2 seconds adds up. but bogus error messages
regarding something as werious as authentication is absolutely unacceptable
IMNSHO.  

Natlin - please do not close this with NOTABUG as you did 101157.  There is
something seriouly wrong with the back port unless I am serioulsy missing
something which is entirely possible.  Red Hat may do something that is
difficult to incorporate but this need fixing or you will have a lot of users
backing this out.

Bret
Comment 5 Rajiv Manglani 2003-08-08 04:00:53 UTC 
there is a link to a patch and more info at:
<http://bugs.gentoo.org/show_bug.cgi?id=20404>
Comment 6 Tomas Mraz 2005-02-04 15:40:18 UTC 

*** This bug has been marked as a duplicate of 101157 ***
Note You need to log in before you can comment on or make changes to this bug.