Secure Shell login attempts

Posted on July 11, 2011 by billy

After getting the following secure shell login attempts, I’ve decided to remove winbind from my home linux boxes. It’s not a big deal as I’ve only got a few workstations and I’m not running Active Directory at home. They are all in a windows workgroup so no problems.

Jul 10 09:12:18 workstation sshd[14329]:
pam_winbind(sshd:auth): getting password (0x00000388)
Jul 10 09:12:18 workstation sshd[14329]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jul 10 09:12:18 workstation sshd[14329]:
pam_winbind(sshd:auth): request wbcLogonUser failed:
WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS:
NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul 10 09:12:28 workstation sshd[14331]:
pam_winbind(sshd:auth): getting password (0x00000388)
Jul 10 09:12:28 workstation sshd[14331]:
pam_winbind(sshd:auth): pam_get_item returned a password
Jul 10 09:12:28 workstation sshd[14331]:
pam_winbind(sshd:auth): request wbcLogonUser failed:
WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS:
NT_STATUS_NO_SUCH_USER, Error message was: No such user

To remove winbind from a Ubuntu or Debian workstation, type the following.



sudo apt-get remove winbind

Job done. :-D

To prevent brute force login attempts on workstations running ssh (secure shell), I would always suggest either installing fail2ban or denyhosts.

References:
Samba.org winbind

Ubuntu Forum – SSH login attempts using winbind

About billy

Senior IT Technician working in Edinburgh, Scotland.
This entry was posted in Linux, Personal and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>