Failed password for invalid user in /var/log/auth.log ?

Has anyone seen ssh warnings similar to this in /var/log/auth.log on
their BeagleBone?

pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0
tty=ssh ruser= rhost=
Failed password for invalid user support from port 57227 ssh2
fatal: Read from socket failed: Connection reset by peer [preauth]
Did not receive identification string from
Address maps to localhost, but this does not map back to
Invalid user support from
input_userauth_request: invalid user support [preauth]
pam_unix(sshd:auth): check pass; user unknown

A BeagleBone user is trying to determine if this is a problem:

I've not see this behavior. The BeagleBone on my internal network
running Debian 8.7 does accept accept ssh connections. I don't see
any activity like the above but my home router does not forward any
ports to the BeagleBone.


If that person is trying to log in with root from one of the latest image, they’re going to get an error, which is possibly a PAM error. Robert changed the root account so one can not by default log in over ssh as root. It can be fixed, but it’s probably nto a good idea for anyone to “fix” this. Instead keep security in mind when logging into their board.

So the beagle with an address of, had a host trying to
connect, and it blocked it:


host trying to connect:

This either occurred from two ways:

1: his upstream provider gave him a new ip address

2: he connected the Beagle directly to the web.

I'm going to guess #2, and his board is either a bot now, or probally
will be shortly..

aka, get a firewall, port forward, don't use port 22, etc...


In that case yeah I did not pay attention to the IPs. It may be best to disable ssh login passwd’s all together, and use ssh certificates / key login’s only Something like this:

But depending on the users experience level with Llinux. It may be a bit over his / her head.

Mr. Nelson was correct on guess #2. And yes, it’s all a bit over my head, but I’m trying…thanks for the help.