[Logwatch] sshd illegal user with keys

Michael Rolli rolli at iml.unibe.ch
Tue Jul 25 23:47:53 MST 2006

Hi all
I'm used to remote login through ssh to my servers and to not do this  
by keyboard interactive but public/private keypairs (authorized_keys2).

Interestingly logwatch is mentioning me as an illegal user though I  
can regularly login. One thing I realized was that illegal user (2  
times) + postponed auth (2 times) = Users logging in (4 times). So it  
seems that an illegal login is always followed by a correct one.

Any hints? I would be glad if I can login without producing an  
illegal one.


Output of logwatch:

  --------------------- SSHD Begin ------------------------

  Illegal users from: (my.client.host.com): 2 times

  Postponed authentication:
     root/publickey: 2 Time(s)

  Users logging in through sshd:
     root: (aumlap-mr.unibe.ch): 4 times

More information about the Logwatch mailing list