Sftp 服务器记录“密码失败来自 xxxx”

Sftp 服务器记录“密码失败来自 xxxx”

我使用 Java sftp 客户端 JSCH 连接 sftp 服务器,客户端抛出“Auth failed”异常偶尔,并且 sshd 日志显示“Failed password for from xxxx”偶尔也。

我已经确认sftp用户和密码是正确的,那为什么偶尔错了吗?详细信息如下:

环境

客户端:Java = 1.7,jsch=0.1.50
服务器:OpenSSH_5.3p1,OpenSSL 1.0.1e-fips

sshd_配置

Protocol 2
SyslogFacility AUTHPRIV   
PasswordAuthentication yes 
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
MaxStartups 1000
Subsystem       sftp    internal-sftp
Match Group sftp
ChrootDirectory /opt/bank/%u
ForceCommand    internal-sftp
AllowTcpForwarding no
X11Forwarding no

/var/log/安全日志

Mar 29 19:59:19 localhost sshd[30522]: debug1: Forked child 24126.
Mar 29 19:59:19 localhost sshd[24126]: Set /proc/self/oom_score_adj to 0
Mar 29 19:59:19 localhost sshd[24126]: debug1: rexec start in 5 out 5 newsock 5 pipe 79 sock 80
Mar 29 19:59:19 localhost sshd[24126]: debug1: inetd sockets after dupping: 3, 3
Mar 29 19:59:19 localhost sshd[24126]: Connection from xx.xx.xx.xx port 39834
Mar 29 19:59:19 localhost sshd[24126]: debug1: Client protocol version 2.0; client software version JSCH-0.1.50
Mar 29 19:59:19 localhost sshd[24126]: debug1: no match: JSCH-0.1.50
Mar 29 19:59:19 localhost sshd[24126]: debug1: Enabling compatibility mode for protocol 2.0
Mar 29 19:59:19 localhost sshd[24126]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Mar 29 19:59:21 localhost sshd[24126]: debug1: user xxxx does not match group list sftp at line 134
Mar 29 19:59:21 localhost sshd[24126]: debug1: PAM: initializing for "xxxx"
Mar 29 19:59:21 localhost sshd[24126]: debug1: PAM: setting PAM_RHOST to "xx.xx.xx.xx"
Mar 29 19:59:21 localhost sshd[24126]: debug1: PAM: setting PAM_TTY to "ssh"
Mar 29 19:59:22 localhost sshd[24126]: debug1: Unspecified GSS failure.  Minor code may provide more information\nKey table file '/etc/krb5.keytab' not found\n
Mar 29 19:59:22 localhost sshd[24126]: pam_tally2(sshd:auth): user xxxx (500) tally 4, deny 3
Mar 29 19:59:25 localhost sshd[24126]: debug1: PAM: password authentication failed for xxxx: Authentication failure
Mar 29 19:59:25 localhost sshd[24126]: Failed password for xxxx from 172.168.39.3 port 39834 ssh2
Mar 29 19:59:25 localhost sshd[24126]: pam_tally2(sshd:auth): user xxxx (500) tally 11, deny 3

所以,我不知道为什么有时它有效,有时却失败。

答案1

这看起来像答案:

pam_tally2(sshd:auth): user xxxx (500) tally 4, deny 3

您已pam_tally2在服务器上进行了配置,但密码验证失败。因此,从您提供的信息来看,似乎有一些虚假的 SSH 服务器验证尝试,在您尝试使用应用程序登录后,帐户已被锁定。但如果没有更多相关日志,很难说。

相关内容