On Mon, 9 Aug 2021 14:52:40 -0700, Jordan Geoghegan <jor...@geoghegan.ca> wrote:
> Hello, > > I was hoping somebody could set me straight here. On one of my > machines I have a number of entries in my /var/log/authlog file that > look like this: > > Failed none for invalid user admin from 14.239.50.255 port 51796 > > The machine has been being hammered with SSH bruteforce attempts and > I noticed that "Failed none" entry popping up frequently. > > What exactly does "Failed none" mean here in this in this context? > > Any insight would be greatly appreciated as my Google-fu has failed > me in my search for an answer. I don't have any experience with ssh's code but after a quick grep, it seems to come from https://github.com/openbsd/src/blob/73b5c081a08ab8132aaab716c8f4da9aebb020e7/usr.bin/ssh/auth.c#L272-L282 I guess the "none" is the auth method selected by the client. Someone with more knowledge on the ssh protocol can surely give you a more detailed answer. Cheers, Danie
