System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Difference between failed password and authentication failed

 
SOLVED
Go to solution
coollllllllllll
Regular Advisor

Difference between failed password and authentication failed

Hi ,

 

We have rx2660 box with hp ux11iv2 .

We are getting some ip hits with unknown ip's giving messages ;

 

Failed password for root from 1.1.3.4. port 22 sssh2

 

I tried to login myself from system ; that gave an error ;

 

Authentication failed.

 

Whts the diference between the above two errors ?

4 REPLIES

Re: Difference between failed password and authentication failed

Were you using ssh to logon too?

Those messages pretty much seem to mean the same to me.

coollllllllllll
Regular Advisor

Re: Difference between failed password and authentication failed

Hi Dennis,

 

I have no idea how this ip is trying to access into my server through which application, thats what i want to find.

Am in touch with my network/firewall team asking them the same question.

 

 

 

 

 

Matti_Kurkela
Honored Contributor
Solution

Re: Difference between failed password and authentication failed

"Failed password for root from 1.1.3.4. port 22 ssh2" looks like a message that sshd would send to syslog when someone attempts to log in but fails to provide the correct password.

 

  • "Failed" = the login attempt was not successful
  • "password" = the remote client requested password authentication, and there was nothing in the sshd configuration to disallow that.
  • "for root" = the remote client attempted to log in as root.
  • "from 1.1.3.4" = this is the IP address of the remote client.
  • "port 22 ssh2" = this identifies the destination port on your server (TCP port 22, i.e. the standard port for the SSH protocol) and the SSH protocol version (version 2 = the current protocol version).

 

All these details are available to the sysadmin of the system, so that s/he can evaluate whether it is an intrusion attempt or a legitimate user having problems with logging in.

 

On the other hand, "Authentication failed." is the kind of message that is given to the user that is trying to log in, when something is not right (e.g. trying to log in to a non-existent user account, wrong password, account is locked, etc.).

 

At this point, the user identity is not known: s/he might be a hostile intruder, so the user is not given any clues about what exactly was wrong. A legitimate user is supposed to contact a helpdesk or the sysadmin anyway at that point. 

MK
coollllllllllll
Regular Advisor

Re: Difference between failed password and authentication failed

Thanks Matti again.