I have a linux server running under a windows virtualbox. I use ssh with publickey to login, and use lftp's sftp feature for file transfer, which also use publickey.
Today when I check the log file, there is something making me very confused:
Nov 28 21:39:06 soft-server sshd[11933]: Accepted publickey for myusername from 10.0.2.2 port 50590 ssh2
Nov 28 21:39:06 soft-server sshd[11933]:
pam_unix_session(sshd:session): session opened for user myusername by
(uid=0)Nov 28 21:39:25 soft-server sshd[11946]: Accepted password for myusername from 10.0.2.2 port 13494 ssh2
Nov 28 21:39:25 soft-server sshd[11946]:
pam_unix_session(sshd:session): session opened for user myusername by
(uid=0)Nov 28 21:39:25 soft-server sshd[11948]: subsystem request for sftp by
user myusernameNov 28 21:40:16 soft-server sshd[11935]: Received disconnect from
10.0.2.2: 11: disconnected by userNov 28 21:40:16 soft-server sshd[11933]:
pam_unix_session(sshd:session): session closed for user myusername
How can I suddenly use password to login? Is there any possibility that my own operation makes this behavior happens?
Best Answer
Well, that's a legit sftp-via-ssh connection from your IP address. Either you've been keylogged, or (more likely in my opinion) you forgot that you set up password-based sftp for some application like DreamWeaver which is automatically logging in to your virtual host to keep its file repository up to date.