Jozef_Hamar
Jan 27, 2015Altostratus
LTM time discrepancy in logs during terminated SSH connection attempt
Hi guys,
I am running BIG-IP Virtual Edition 11.6.0. Today, while troubleshooting completely different issue, I noticed following in the logs:
[root@hostname:Active:Standalone] log tail -f ltm
Jan 27 21:44:30 hostname info sshd[13792]: Accepted publickey for root from 10.100.0.1 port 48930 ssh2
Jan 27 21:45:25 hostname info sshd[13792]: Received disconnect from 10.100.0.1: 11: disconnected by user
Jan 27 12:56:27 hostname info sshd[14220]: Connection closed by 10.0.20.2
Jan 27 21:56:36 hostname err sshd[14221]: error: PAM: User not known to the underlying authentication module for jozef from 10.0.20.2
Jan 27 12:56:42 hostname info sshd[14224]: Connection closed by 10.0.20.2
Jan 27 21:56:57 hostname info sshd[14227]: Accepted keyboard-interactive/pam for root from 10.0.20.2 port 45904 ssh2
Jan 27 21:57:04 hostname info sshd[14227]: Received disconnect from 10.0.20.2: 11: disconnected by user
Jan 27 12:59:57 hostname info sshd[14269]: Connection closed by 10.0.20.2
Note the time column. It happens only if I try to open a SSH connection, but then Ctrl-C it in the password prompt:
jojoii@linux:~$ ssh user@10.100.0.20
Password:
^C
jojoii@linux:~$
Did not noticed similar behavior in any other case. Am I missing something here, please? Or is this some minor bug? Can somebody try to simulate this, please?
Thanks in advance.
Jozef