com.jcraft.jsch.JSchException: Auth fail

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Hi,

I've come across some messages from sshd (OpenSSH 6.7) in my auth.log that 
I hadn't noticed before:

 sshd[32008]: error: Received disconnect from x.x.x.x: 3: \
     com.jcraft.jsch.JSchException: Auth fail [preauth]

I was kinda puzzled why sshd would emit some JCraft[0] messages and the 
best explanation I found was this Serverfault[1] answer, quoting a snippet 
from packet.c:1965 and adding:

 > It looks like openssh server passes through the last message from the 
 > client in its "Received disconnect" error message, so it appears that 
 > this is a zombie login attempt from a botnet that is authored in Java.

So, while this explains the log message, I'm wondering if there are some 
security implications in "passing messages from the client through the 
server and into the auth.log", i.e. could this be exploited somehow or is 
the function handling these strings in packet.c "strong" enough not to 
pass through or interpret malign strings?

IOW, has this particular function been audited yet?

Thanks,
Christian.

[0] http://www.jcraft.com/jsch/
[1] https://serverfault.com/questions/650303/auth-log-indicates-error-with-jschexception/661616#661616
-- 
BOFH excuse #318:

Your EMAIL is now being delivered by the USPS.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux