invalid user dan or illegal user dan? Why different messages?

Last night, I wanted to update several hosts which were running sysutils/samdruckerclientshell. I ran csshX host1 host2 host3 … hostn.

I didn’t get connected to all the host, so I closed out those screens and tried againg, adding -l dvl to the command. I got connected. Updated the packages, and went on with other tasks.

What happened? On the laptop I was using, I was logged in as the user dan, so the ssh connection was made to the user, which no longer exists on host of my hosts. I originally used dan as my login, but have migrated them all th edvl.

Today, I was reviewing log messages and saw this:

Apr  4 22:06:51 dns2 sshd[8233]: Invalid user dan from 10.0.0.90 port 54097
Apr  4 22:06:51 dns2 sshd[8233]: Postponed keyboard-interactive for invalid user dan from 10.0.0.90 port 54097 ssh2 [preauth]
Apr  4 22:07:19 dns2 sshd[8233]: Connection closed by invalid user dan 10.0.0.90 port 54097 [preauth]

No worries, that was me, attempting to login the first time.

On another host, I saw:

Apr  4 22:07:14 dns1 sshd[19561]: error: PAM: Authentication error for illegal user dan from air01.example.org
Apr  4 22:07:14 dns1 sshd[19561]: Failed keyboard-interactive/pam for invalid user dan from 10.0.0.90 port 54096 ssh2
Apr  4 22:07:14 dns1 sshd[19561]: Postponed keyboard-interactive for invalid user dan from 10.0.0.90 port 54096 ssh2 [preauth]
Apr  4 22:07:16 dns1 sshd[19561]: Connection closed by invalid user dan 10.0.0.90 port 54096 [preauth]

What I noticed was invalid user versus illegal user. First, I checked /etc/passwd, thinking there might be a difference there. No, no entries for dan were found.

Next, I noticed that that PAM was involved in the second host.

Are the sshd configurations the same?

[13:09 dns1 dvl ~] % md5 /etc/ssh/sshd_config
MD5 (/etc/ssh/sshd_config) = 13877dfeee823fdfa057c73774504341

[13:20 dns2 dvl ~] % md5 /etc/ssh/sshd_config
MD5 (/etc/ssh/sshd_config) = 2a1590d7aa8da3fa49a6c4fb0a67f8c2

No. what is the difference?

[13:20 dns1 dvl ~] % diff -ruN /etc/ssh/sshd_config ~/tmp/sshd_config 
--- /etc/ssh/sshd_config	2024-06-28 17:49:23.341693000 +0000
+++ /usr/home/dvl/tmp/sshd_config	2025-04-05 13:20:59.250589000 +0000
@@ -105,7 +105,7 @@
 #PermitTunnel no
 #ChrootDirectory none
 #UseBlacklist no
-#VersionAddendum FreeBSD-20240318
+#VersionAddendum FreeBSD-20240806
 
 # no default banner path
 #Banner none

Ahh! Different versions of FreeBSD.

[13:21 dns1 dvl ~] % file /usr/sbin/sshd
/usr/sbin/sshd: ELF 64-bit LSB pie executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 14.1, FreeBSD-style, stripped
[13:21 dns1 dvl ~] % uname -a
FreeBSD dns1.int.unixathome.org 14.2-RELEASE-p1 FreeBSD 14.2-RELEASE-p1 GENERIC amd64

[13:20 dns2 dvl ~] % file /usr/sbin/sshd
/usr/sbin/sshd: ELF 64-bit LSB pie executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 14.2, FreeBSD-style, stripped
[13:21 dns2 dvl ~] % uname -a
FreeBSD dns2.int.unixathome.org 14.2-RELEASE-p1 FreeBSD 14.2-RELEASE-p1 GENERIC amd64

Got it! OK. 14.2 is giving the more detailed explanation.

Time for my second copy and on to other things.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top