check pass; user unknown

UNIX for Advanced & Expert Users
1

Hi all,

While watching the log at /var/log/messages on a Centos 4.x box I keep seeing this come up

Jul 18 09:38:40 ws096 PAM_pwdb[708]: check pass; user unknown

From what I understand this might be a ssh attack or am I wrong here?
The bad thing is that it does not show an IP address its coming so I could block it. Anybody run into this before and found a solution?

Thanks!

2

I think it was just a mistake - maybe someone tried to log on using a wrong name or thinking he/she was going connect to another box. A login attack would look like login spam in your logs, I think.