[Bro] Understanding Connection history for ssh.
Azoff, Justin S
jazoff at illinois.edu
Mon Oct 10 12:37:46 PDT 2016
> On Oct 10, 2016, at 3:22 PM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
> The problem is that, when contacted the concerned party,
> they say that they don't see any login attempts from that IP and
> asking whether we were sure that the ssh login were successful.
If they are not seeing *any* attempts then something is screwed up with the logging on their end.
It's possible that the value of auth_success is wrong, but it's not possible that no attempt happened. There was a tcp 3 way handshake, there was a ssh protocol negotiation, they should have something in their logs.
 Or misleading, often from the SSH point of view it was a login, but sometimes the remote system drops you into another password prompt instead of a shell. Appliances do this a lot.
- Justin Azoff
More information about the Bro