What does this error mean and can I fix it.
Darren Tucker
dtucker at zip.com.au
Wed Oct 6 19:55:29 EST 2004
Logu wrote:
>>This is true with OpenSsh 3.8p1 and OpenSsh 3.9p1. I am running on Sun
>>Solaris servers, both Solaris 8 and Solaris 9.
>>
>>I send all ssh syslog messages to local3 via the sshd_config file. I
>>periodically get in my error logs the line:
>>
>>Oct 4 15:29:36 wintermute sshd[14517]: [ID 800047 local3.error] error:
>>Could not get shadow information for NOUSER
>>
>>I do not think this is interfering with any user. I would like to get rid
>>of these false positive errors, but I have not been able to track down
>>what this error is stating. Can any of you provide assistance in
>>determining what this means. Thank you.
It's most likely a failed logon attempt on an account without an entry
in /etc/passwd and /etc/shadow.
If you're seeing them on an Internet-facing machine it's possible
they're caused by the password-guessing worm (which tries accounts like
"admin" and "guest") doing the rounds:
http://marc.theaimsgroup.com/?l=full-disclosure&m=109078144002874
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list