API tools faq
paste
Guest User

Untitled

a guest
Aug 1st, 2018
243
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.45 KB | None | 0 0
raw download clone embed print report
  1. account required pam_access.so
  2.  
  3. + : LOCAL : ALL
  4. - : baduser : ALL
  5. - : ALL : ALL
  6.  
  7. Aug 1 09:42:31 server sshd[6994]: debug1: Forked child 39850.
  8. Aug 1 09:42:31 server sshd[39850]: debug1: Set /proc/self/oom_score_adj to 0
  9. Aug 1 09:42:31 server sshd[39850]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
  10. Aug 1 09:42:31 server sshd[39850]: debug1: inetd sockets after dupping: 3, 3
  11. Aug 1 09:42:31 server sshd[39850]: Connection from 10.63.61.22 port 58629 on 172.30.17.45 port 22
  12. Aug 1 09:42:31 server sshd[39850]: debug1: Client protocol version 2.0; client software version WinSCP_release_5.9.2
  13. Aug 1 09:42:31 server sshd[39850]: debug1: no match: WinSCP_release_5.9.2
  14. Aug 1 09:42:31 server sshd[39850]: debug1: Enabling compatibility mode for protocol 2.0
  15. Aug 1 09:42:31 server sshd[39850]: debug1: Local version string SSH-2.0-OpenSSH_7.2p2
  16. Aug 1 09:42:31 server sshd[39850]: debug1: permanently_set_uid: 110/65534 [preauth]
  17. Aug 1 09:42:31 server sshd[39850]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
  18. Aug 1 09:42:31 server sshd[39850]: debug1: SSH2_MSG_KEXINIT sent [preauth]
  19. Aug 1 09:42:31 server sshd[39850]: debug1: SSH2_MSG_KEXINIT received [preauth]
  20. Aug 1 09:42:31 server sshd[39850]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
  21. Aug 1 09:42:31 server sshd[39850]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
  22. Aug 1 09:42:31 server sshd[39850]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
  23. Aug 1 09:42:31 server sshd[39850]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
  24. Aug 1 09:42:31 server sshd[39850]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
  25. Aug 1 09:42:31 server sshd[39850]: debug1: rekey after 4294967296 blocks [preauth]
  26. Aug 1 09:42:31 server sshd[39850]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
  27. Aug 1 09:42:31 server sshd[39850]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
  28. Aug 1 09:42:32 server sshd[39850]: debug1: rekey after 4294967296 blocks [preauth]
  29. Aug 1 09:42:32 server sshd[39850]: debug1: SSH2_MSG_NEWKEYS received [preauth]
  30. Aug 1 09:42:32 server sshd[39850]: debug1: KEX done [preauth]
  31. Aug 1 09:42:32 server sshd[39850]: debug1: userauth-request for user gooduser service ssh-connection method none [preauth]
  32. Aug 1 09:42:32 server sshd[39850]: debug1: attempt 0 failures 0 [preauth]
  33. Aug 1 09:42:32 server sshd[39850]: debug1: user gooduser does not match group list ftpaccess at line 102
  34. Aug 1 09:42:32 server sshd[39850]: debug1: user gooduser does not match group list monetique at line 109
  35. Aug 1 09:42:32 server sshd[39850]: debug1: PAM: initializing for "gooduser"
  36. Aug 1 09:42:32 server sshd[39850]: debug1: PAM: setting PAM_RHOST to "10.63.61.22"
  37. Aug 1 09:42:32 server sshd[39850]: debug1: PAM: setting PAM_TTY to "ssh"
  38. Aug 1 09:42:32 server sshd[39850]: debug1: userauth_send_banner: sent [preauth]
  39. Aug 1 09:42:32 server sshd[39850]: debug1: userauth-request for user gooduser service ssh-connection method password [preauth]
  40. Aug 1 09:42:32 server sshd[39850]: debug1: attempt 1 failures 0 [preauth]
  41. Aug 1 09:42:32 server sshd[39850]: pam_krb5(sshd:auth): authentication failure; logname=gooduser uid=0 euid=0 tty=ssh ruser= rhost=10.63.61.22
  42. Aug 1 09:42:32 server sshd[39850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.63.61.22 user=gooduser
  43. Aug 1 09:42:32 server sshd[39850]: pam_winbind(sshd:auth): getting password (0x00000388)
  44. Aug 1 09:42:32 server sshd[39850]: pam_winbind(sshd:auth): pam_get_item returned a password
  45. Aug 1 09:42:32 server sshd[39850]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTHTOK_EXPIRED (27), NTSTATUS: NT_STATUS_PASSWORD_EXPIRED, Error message was: Password expired
  46. Aug 1 09:42:32 server sshd[39850]: pam_winbind(sshd:auth): user 'gooduser' password expired
  47. Aug 1 09:42:32 server sshd[39850]: debug1: PAM: password authentication accepted for gooduser
  48. Aug 1 09:42:32 server sshd[39850]: debug1: do_pam_account: called
  49. Aug 1 09:42:44 server sshd[39850]: pam_sss(sshd:account): Access denied for user gooduser: 10 (User not known to the underlying authentication module)
  50. Aug 1 09:42:44 server sshd[39850]: Accepted password for gooduser from 10.63.61.22 port 58629 ssh2
  51. Aug 1 09:42:44 server sshd[39850]: debug1: monitor_child_preauth: gooduser has been authenticated by privileged process
  52. Aug 1 09:42:44 server sshd[39850]: debug1: monitor_read_log: child log fd closed
  53. Aug 1 09:42:44 server sshd[39850]: debug1: PAM: establishing credentials
  54. Aug 1 09:42:44 server sshd[39850]: pam_unix(sshd:session): session opened for user gooduser by (uid=0)
  55. Aug 1 09:42:44 server systemd: pam_sss(systemd-user:account): Access denied for user gooduser: 10 (User not known to the underlying authentication module)
  56. Aug 1 09:42:44 server systemd: pam_unix(systemd-user:session): session opened for user gooduser by (uid=0)
  57. Aug 1 09:42:44 server sshd[39850]: User child is on pid 39886
  58. Aug 1 09:42:44 server sshd[39886]: debug1: SELinux support disabled
  59. Aug 1 09:42:44 server sshd[39886]: debug1: PAM: establishing credentials
  60. Aug 1 09:42:44 server sshd[39886]: debug1: permanently_set_uid: 20010/20000
  61. Aug 1 09:42:44 server sshd[39886]: debug1: rekey after 4294967296 blocks
  62. Aug 1 09:42:44 server sshd[39886]: debug1: rekey after 4294967296 blocks
  63. Aug 1 09:42:44 server sshd[39886]: debug1: ssh_packet_set_postauth: called
  64. Aug 1 09:42:44 server sshd[39886]: debug1: Entering interactive session for SSH2.
  65. Aug 1 09:42:44 server sshd[39886]: debug1: server_init_dispatch_20
  66. Aug 1 09:42:44 server sshd[39886]: debug1: server_input_channel_open: ctype session rchan 256 win 2147483647 max 16384
  67. Aug 1 09:42:44 server sshd[39886]: debug1: input_session_request
  68. Aug 1 09:42:44 server sshd[39886]: debug1: channel 0: new [server-session]
  69. Aug 1 09:42:44 server sshd[39886]: debug1: session_new: session 0
  70. Aug 1 09:42:44 server sshd[39886]: debug1: session_open: channel 0
  71. Aug 1 09:42:44 server sshd[39886]: debug1: session_open: session 0: link with channel 0
  72. Aug 1 09:42:44 server sshd[39886]: debug1: server_input_channel_open: confirm session
  73. Aug 1 09:42:44 server sshd[39415]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
  74. Aug 1 09:42:44 server sshd[39415]: debug1: session_by_channel: session 0 channel 0
  75. Aug 1 09:42:44 server sshd[39415]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
  76. Aug 1 09:42:45 server sshd[39886]: debug1: server_input_channel_req: channel 0 request simple@putty.projects.tartarus.org reply 0
  77. Aug 1 09:42:45 server sshd[39886]: debug1: session_by_channel: session 0 channel 0
  78. Aug 1 09:42:45 server sshd[39886]: debug1: session_input_channel_req: session 0 req simple@putty.projects.tartarus.org
  79. Aug 1 09:42:45 server sshd[39886]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
  80. Aug 1 09:42:45 server sshd[39886]: debug1: session_by_channel: session 0 channel 0
  81. Aug 1 09:42:45 server sshd[39886]: debug1: session_input_channel_req: session 0 req subsystem
  82. Aug 1 09:42:45 server sshd[39886]: debug1: subsystem: internal-sftp
  83. Aug 1 09:42:45 server sshd[39886]: Starting session: subsystem 'sftp' for gooduser from 10.63.61.22 port 58629 id 0
  84.  
  85.  
  86. Aug 1 09:44:41 server sshd[6994]: debug1: Forked child 39945.
  87. Aug 1 09:44:41 server sshd[39945]: debug1: Set /proc/self/oom_score_adj to 0
  88. Aug 1 09:44:41 server sshd[39945]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
  89. Aug 1 09:44:41 server sshd[39945]: debug1: inetd sockets after dupping: 3, 3
  90. Aug 1 09:44:41 server sshd[39945]: Connection from 10.63.61.22 port 58658 on 172.30.17.45 port 22
  91. Aug 1 09:44:41 server sshd[39945]: debug1: Client protocol version 2.0; client software version WinSCP_release_5.9.2
  92. Aug 1 09:44:41 server sshd[39945]: debug1: no match: WinSCP_release_5.9.2
  93. Aug 1 09:44:41 server sshd[39945]: debug1: Enabling compatibility mode for protocol 2.0
  94. Aug 1 09:44:41 server sshd[39945]: debug1: Local version string SSH-2.0-OpenSSH_7.2p2
  95. Aug 1 09:44:41 server sshd[39945]: debug1: permanently_set_uid: 110/65534 [preauth]
  96. Aug 1 09:44:41 server sshd[39945]: debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
  97. Aug 1 09:44:41 server sshd[39945]: debug1: SSH2_MSG_KEXINIT sent [preauth]
  98. Aug 1 09:44:41 server sshd[39945]: debug1: SSH2_MSG_KEXINIT received [preauth]
  99. Aug 1 09:44:41 server sshd[39945]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
  100. Aug 1 09:44:41 server sshd[39945]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
  101. Aug 1 09:44:41 server sshd[39945]: debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
  102. Aug 1 09:44:41 server sshd[39945]: debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
  103. Aug 1 09:44:41 server sshd[39945]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
  104. Aug 1 09:44:41 server sshd[39945]: debug1: rekey after 4294967296 blocks [preauth]
  105. Aug 1 09:44:41 server sshd[39945]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
  106. Aug 1 09:44:41 server sshd[39945]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
  107. Aug 1 09:44:41 server sshd[39945]: debug1: rekey after 4294967296 blocks [preauth]
  108. Aug 1 09:44:41 server sshd[39945]: debug1: SSH2_MSG_NEWKEYS received [preauth]
  109. Aug 1 09:44:41 server sshd[39945]: debug1: KEX done [preauth]
  110. Aug 1 09:44:41 server sshd[39945]: debug1: userauth-request for user baduser service ssh-connection method none [preauth]
  111. Aug 1 09:44:41 server sshd[39945]: debug1: attempt 0 failures 0 [preauth]
  112. Aug 1 09:44:41 server sshd[39945]: debug1: user baduser does not match group list ftpaccess at line 102
  113. Aug 1 09:44:41 server sshd[39945]: debug1: user baduser matched group list monetique at line 109
  114. Aug 1 09:44:41 server sshd[39945]: debug1: PAM: initializing for "baduser"
  115. Aug 1 09:44:41 server sshd[39945]: debug1: PAM: setting PAM_RHOST to "10.63.61.22"
  116. Aug 1 09:44:41 server sshd[39945]: debug1: PAM: setting PAM_TTY to "ssh"
  117. Aug 1 09:44:41 server sshd[39945]: debug1: userauth_send_banner: sent [preauth]
  118. Aug 1 09:44:41 server sshd[39945]: debug1: userauth-request for user baduser service ssh-connection method password [preauth]
  119. Aug 1 09:44:41 server sshd[39945]: debug1: attempt 1 failures 0 [preauth]
  120. Aug 1 09:44:41 server sshd[39945]: pam_krb5(sshd:auth): user baduser authenticated as baduser@AD.DOMAIN.COM
  121. Aug 1 09:44:42 server sshd[39945]: debug1: PAM: password authentication accepted for baduser
  122. Aug 1 09:44:42 server sshd[39945]: debug1: do_pam_account: called
  123. Aug 1 09:44:54 server sshd[39945]: pam_sss(sshd:account): Access denied for user baduser: 10 (User not known to the underlying authentication module)
  124. Aug 1 09:44:54 server sshd[39945]: Accepted password for baduser from 10.63.61.22 port 58658 ssh2
  125. Aug 1 09:44:54 server sshd[39945]: debug1: monitor_child_preauth: baduser has been authenticated by privileged process
  126. Aug 1 09:44:54 server sshd[39945]: debug1: monitor_read_log: child log fd closed
  127. Aug 1 09:44:54 server sshd[39945]: debug1: PAM: establishing credentials
  128. Aug 1 09:44:54 server sshd[39945]: pam_unix(sshd:session): session opened for user baduser by (uid=0)
  129. Aug 1 09:44:54 server sshd[39945]: User child is on pid 39979
  130. Aug 1 09:44:54 server sshd[39979]: debug1: SELinux support disabled
  131. Aug 1 09:44:54 server sshd[39979]: debug1: PAM: establishing credentials
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!