Unix failed-logon events generated on successful access for SSH2 connections

Article:TECH191855  |  Created: 2012-06-27  |  Updated: 2012-07-18  |  Article URL http://www.symantec.com/docs/TECH191855
Article Type
Technical Solution



In your logs, you note that for successful SSH2 connections, there are also failed-logon events immediately preceeding each.


SSH2 connections are first tried without authentication, then with the specified credentials.   The initial contact will silently fail almost immediately then the connection will be tried with the user/password provided.


Disregard these entries, they do not indicate a security event happening.  You may optionally configure your firewall product to not log these.

Article URL http://www.symantec.com/docs/TECH191855

Terms of use for this information are found in Legal Notices