Whenever one of our server's admins tries to access our machine running Mac OS X Server 10.5 via SSH, I get the following error exactly every 10 seconds in the security log:
sshd[32575]: /etc/sshd_config line 70: Unsupported option KerberosGetAFSToken
sshd[32575]: error: PAM: Authentication failure for (username) from 129.1.95.241
sshd[32575]: Failed keyboard-interactive/pam for (username) from 129.1.95.241
The user is able to log in and work as normal, but this error is dominating the log file. At first we discovered he had a left-over public ssh key on his system, but even after deleting that the error persists. The error keeps appearing every 10 seconds, even when the user is no longer logged into the server!
Has anyone seen this issue before? How can these errors be generated from the same IP even when that machine does not have an open connection to the server? Where else should I look?
Thanks very much for your help!
Best Answer
Sounds like some rogue script that runs on 129.1.95.241 and tries to log in. I'd have a look at that host directly.
Or if it's not under your control block it with the firewall. If it indeed is needed than somebody will come screaming at you at you'll have the option to "repair" this. If you have a contact for the server probably drop a mail with some deadline to give a warning.