[Logwatch] sshd illegal user with keys

Michael Rolli rolli at iml.unibe.ch
Tue Jul 25 23:47:53 MST 2006


Hi all
I'm used to remote login through ssh to my servers and to not do this  
by keyboard interactive but public/private keypairs (authorized_keys2).

Interestingly logwatch is mentioning me as an illegal user though I  
can regularly login. One thing I realized was that illegal user (2  
times) + postponed auth (2 times) = Users logging in (4 times). So it  
seems that an illegal login is always followed by a correct one.

Any hints? I would be glad if I can login without producing an  
illegal one.

Regards
Michael


Output of logwatch:

  --------------------- SSHD Begin ------------------------


  Illegal users from:
     192.168.30.199 (my.client.host.com): 2 times

  Postponed authentication:
     root/publickey:
        192.168.30.199: 2 Time(s)

  Users logging in through sshd:
     root:
        192.168.30.199 (aumlap-mr.unibe.ch): 4 times


More information about the Logwatch mailing list