I have set up a new debian vm and installed gitlab-ce. There is not really much more on the VM…
Right from the beginning, the following msg started to show up in the auth.log:
Mon 2015-08-24 21:47:36.154862 CEST [s=a93d5b0787f54cb68c24d8c7c55985a4;i=2c1bc8;b=567468ca921c4b52ba291 _TRANSPORT=syslog _UID=0 _GID=0 _BOOT_ID=567468ca921c4b52ba2911c8b97e5f3a _MACHINE_ID=b6d23c0be1dbee31de2dd2b1553a4f0c _HOSTNAME=kraken SYSLOG_FACILITY=4 PRIORITY=4 SYSLOG_IDENTIFIER=root _COMM=logger MESSAGE=ssh/bash: Logged in without disclosing public key - Intrusion? _PID=9283 _SOURCE_REALTIME_TIMESTAMP=1440445656154862
By now it appears a few hundred times a day.
What exactly does it mean? Should I be worried?
update: the msg does seem to come from sshd
1 23979 23979 23979 ? -1 Ss 0 4:37 /usr/sbin/sshd -D 23979 9274 9274 9274 ? -1 Ss 0 0:00 \_ sshd: root@pts/2 9274 9276 9276 9276 pts/2 9276 Ss+ 0 0:00 \_ -bash
It seems to be triggert at every login from root (at least as well) and then appears in the logs between once and 40 or so times.
OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k 8 Jan 2015
The journal entry indicates that, by pid, bash posted the log message, using the
logger program. This indicates that something in your startup scripts is creating this message.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.