sshd connection close by authenticated user

Posted on

Hello,

i have a problem when two specific machines try to connect via scp to my red hat server.
Below is the sshd log from the RH server:

Sep 18 17:30:49 pandora sshd[1448011]: Connection from xxx.xxx.xxx.xxx port 60166 on 10.49.21.200 port 22
Sep 18 17:30:49 pandora sshd[1448011]: debug1: Local version string SSH-2.0-OpenSSH_8.0
Sep 18 17:30:49 pandora sshd[1448011]: debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4.fe.20201006
Sep 18 17:30:49 pandora sshd[1448011]: debug1: match: OpenSSH_6.4.fe.20201006 pat OpenSSH* compat 0x04000000
Sep 18 17:30:49 pandora sshd[1448011]: debug1: SELinux support disabled [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: permanently_set_uid: 74/74 [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: SSH2_MSG_KEXINIT received [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: kex: host key algorithm: ssh-rsa [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-512-etm@openssh.com compression: none [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-512-etm@openssh.com compression: none [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: kex: diffie-hellman-group-exchange-sha256 need=64 dh_need=64 [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: kex: diffie-hellman-group-exchange-sha256 need=64 dh_need=64 [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
Sep 18 17:30:49 pandora sshd[1448011]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: rekey out after 4294967296 blocks [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: rekey in after 4294967296 blocks [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: KEX done [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: userauth-request for user sysbckpatp service ssh-connection method none [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: attempt 0 failures 0 [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: PAM: initializing for "sysbckpatp"
Sep 18 17:30:50 pandora sshd[1448011]: debug1: PAM: setting PAM_RHOST to "xxx.xxx.xxx.xxx"
Sep 18 17:30:50 pandora sshd[1448011]: debug1: PAM: setting PAM_TTY to "ssh"
Sep 18 17:30:50 pandora sshd[1448011]: debug1: userauth_send_banner: sent [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: Connection closed by authenticating user sysbckpatp xxx.xxx.xxx.xxx port 60166 [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: do_cleanup [preauth]
Sep 18 17:30:50 pandora sshd[1448011]: debug1: monitor_read_log: child log fd closed
Sep 18 17:30:50 pandora sshd[1448011]: debug1: do_cleanup
Sep 18 17:30:50 pandora sshd[1448011]: debug1: PAM: cleanup
Sep 18 17:30:50 pandora sshd[1448011]: debug1: Killing privsep child 1448012

What do you mean and why the "Connection closed by authenticating user sysbckpatp xxx.xxx.xxx.xxx port 60166 [preauth]" ?

Thanks for the support

FA

Responses