Invalid User vs. User Not Allowed in ssh log
7,895
Invalid user means the ssh request was made by a user name on the system, "cni07" in this case. There is no user "cni07"
User not allowed means there is a user, "root" in this case, but that user is not allowed to log in via ssh. This could be restricted by a variety of means in the sshd_config file.
Related videos on Youtube
Author by
user198485
Updated on September 18, 2022Comments
-
user198485 almost 2 years
When looking at the
auth.log
:From a security perspective, what is the difference between "Invalid User" and "User Not allowed because not listed in "AllowUsers."
Examples:
Nov 6 10:42:37 ePVPNDMZ01X sshd[12598]: Invalid user cni07 from <IP Address> Nov 4 07:28:15 ePVPNDMZ01X sshd[2722]: User root from <IP Address> not allowed because not listed in AllowUsers