Last night, I wanted to update several hosts which were running sysutils/samdruckerclientshell. I ran csshX host1 host2 host3 … hostn.
I didn’t get connected to all the host, so I closed out those screens and tried againg, adding -l dvl to the command. I got connected. Updated the packages, and went on with other tasks.
What happened? On the laptop I was using, I was logged in as the user dan, so the ssh connection was made to the user, which no longer exists on host of my hosts. I originally used dan as my login, but have migrated them all th edvl.
Today, I was reviewing log messages and saw this:
Apr 4 22:06:51 dns2 sshd[8233]: Invalid user dan from 10.0.0.90 port 54097 Apr 4 22:06:51 dns2 sshd[8233]: Postponed keyboard-interactive for invalid user dan from 10.0.0.90 port 54097 ssh2 [preauth] Apr 4 22:07:19 dns2 sshd[8233]: Connection closed by invalid user dan 10.0.0.90 port 54097 [preauth]
No worries, that was me, attempting to login the first time.
On another host, I saw:
Apr 4 22:07:14 dns1 sshd[19561]: error: PAM: Authentication error for illegal user dan from air01.example.org Apr 4 22:07:14 dns1 sshd[19561]: Failed keyboard-interactive/pam for invalid user dan from 10.0.0.90 port 54096 ssh2 Apr 4 22:07:14 dns1 sshd[19561]: Postponed keyboard-interactive for invalid user dan from 10.0.0.90 port 54096 ssh2 [preauth] Apr 4 22:07:16 dns1 sshd[19561]: Connection closed by invalid user dan 10.0.0.90 port 54096 [preauth]
What I noticed was invalid user versus illegal user. First, I checked /etc/passwd, thinking there might be a difference there. No, no entries for dan were found.
Next, I noticed that that PAM was involved in the second host.
Are the sshd configurations the same?
[13:09 dns1 dvl ~] % md5 /etc/ssh/sshd_config MD5 (/etc/ssh/sshd_config) = 13877dfeee823fdfa057c73774504341 [13:20 dns2 dvl ~] % md5 /etc/ssh/sshd_config MD5 (/etc/ssh/sshd_config) = 2a1590d7aa8da3fa49a6c4fb0a67f8c2
No. what is the difference?
[13:20 dns1 dvl ~] % diff -ruN /etc/ssh/sshd_config ~/tmp/sshd_config --- /etc/ssh/sshd_config 2024-06-28 17:49:23.341693000 +0000 +++ /usr/home/dvl/tmp/sshd_config 2025-04-05 13:20:59.250589000 +0000 @@ -105,7 +105,7 @@ #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240318 +#VersionAddendum FreeBSD-20240806 # no default banner path #Banner none
Ahh! Different versions of FreeBSD.
[13:21 dns1 dvl ~] % file /usr/sbin/sshd /usr/sbin/sshd: ELF 64-bit LSB pie executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 14.1, FreeBSD-style, stripped [13:21 dns1 dvl ~] % uname -a FreeBSD dns1.int.unixathome.org 14.2-RELEASE-p1 FreeBSD 14.2-RELEASE-p1 GENERIC amd64 [13:20 dns2 dvl ~] % file /usr/sbin/sshd /usr/sbin/sshd: ELF 64-bit LSB pie executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 14.2, FreeBSD-style, stripped [13:21 dns2 dvl ~] % uname -a FreeBSD dns2.int.unixathome.org 14.2-RELEASE-p1 FreeBSD 14.2-RELEASE-p1 GENERIC amd64
Got it! OK. 14.2 is giving the more detailed explanation.
Time for my second copy and on to other things.