# SSH warnings even for successful logins on FreeBSD 12.0



## rihad (Feb 23, 2019)

From /var/log/auth.log

```
Feb 23 13:20:00 abc sshd[78779]: user rihad login class unicode [preauth]
Feb 23 13:20:00 abc sshd[78779]: Failed unknown for rihad from 192.168.0.4 port 55967 ssh2
Feb 23 13:20:00 abc sshd[78779]: user rihad login class unicode [preauth]
Feb 23 13:20:00 abc sshd[78779]: Failed unknown for rihad from 192.168.0.4 port 55967 ssh2
Feb 23 13:20:00 abc sshd[78779]: user rihad login class unicode [preauth]
Feb 23 13:20:00 abc sshd[78779]: Accepted publickey for rihad from 192.168.0.4 port 55967 ssh2: RSA SHA256:xxx
```
These show up as login failures in daily security run output (which they aren't really).


----------



## mickey (Feb 23, 2019)

+1

```
$ grep "Failed unknown" /var/log/auth.log | wc -l
     151
```
That aint right.

PR 234793


----------



## rihad (Feb 23, 2019)

PasswordAuthentication is set to no, as it is by default. This is a stock FreeBSD 12 install. This same config gives no warnings in v. 10 or 11.


----------



## mickey (Feb 23, 2019)

This definately started after upgrading to FreeBSD 12.0 and was not present with 11.2. Password authentication is not and probably never has been enabled, I use ecdsa-sha2-nistp521 keys exclusively to authenticate. And as one can see in the PR, other people also experience the same problem.


----------

