What are "pam_unix(sshd:auth): check pass; user unknown" messages in system log?

Categories: Steelhead Family
Solution Number: S18223
Subscribe

KNOWLEDGE ARTICLE SUBSCRIPTIONS


You are subscribing to receive updates on knowledge article:

S18223: What are "pam_unix(sshd:auth): check pass; user unknown" messages in system log?

Your updates will be sent to .

Cancel  

Close

Share via Email Printer Friendly Version

Issue

When INFO level logging is enabled, in some scenarios when RADIUS/TACACS is used in combination with local login, pam_unix(sshd:auth): check pass; user unknown messages are seen in system logs

Solution

This is normal and expected behaviour on all RiOS releases. By default, SSH allows empty passwords for user logins. This means that every single user on SSH login is matched against local database with empty password. If user is found but password is set, system log will report authentication failure and user will be prompted for password. If user is not found localy because it exists in RADIUS or TACACS database, system log will report pam_unix(sshd:auth): check pass; user unknown and user will be again prompted for password and later checked against RADIUS/TACACS database.

Environment

All RiOS releases

NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Last Modified: 2013-09-26

Rate this Article
Can't find an answer? Create a case