On Thu, Mar 07, 2002 at 10:29:32PM -0500, Matt Zimmerman wrote: > I got these just now, from OpenSSH_3.0.2p1 Debian 1:3.0.2p1-8. There is no > user smw on my system, and there never has been. It doesn't look like there > was a compromise. Otherwise, it looks like someone connecting to the wrong > IP address, but I have not seen this PAM error before. Has anyone else seen > this kind of activity? > ... > Mar 7 21:50:22 mizar sshd[15396]: PAM pam_set_item: NULL pam handle passed This can happen if someone ssh's to a machine then ^C's out of ssh when asked for the password. I see this on FreeBSD 4.x (whose PAM implementation is based on LinuxPAM): Mar 8 18:27:08 merlin sshd[34674]: pam_set_item: NULL pam handle passed -- Chris D. Faulhaber - jedgarat_private - jedgarat_private -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org
This archive was generated by hypermail 2b30 : Sun Mar 10 2002 - 17:13:56 PST