Invalid Login Attempts Logged In "/var/log/secure" Log File - "User xxx from xx.xxx.xxx.xxx not allowed because not listed in AllowUser"

(Doc ID 2359153.1)

Last updated on JUNE 07, 2018

Applies to:

SOA Suite Cloud Service - Version N/A and later
Oracle Managed File Transfer Cloud Service - Version 16.1.3 and later
Integration Cloud - Version 17.4.1 and later
Information in this document applies to any platform.

Goal

 In any cloud environment, when user look at the log entries in /var/log/secure file, they can see multiple unknown login attempts  made to the box

For eg:
Feb  9 02:53:01 <Instance Name>-wls-1 sshd[24535]: User <some random user name> from xx.xxx.xxx.xxx not allowed because not listed in AllowUsers
Feb  9 02:53:01 <Instance Name>-wls-1 sshd[24536]: input_userauth_request: invalid user <some random user name>
Feb  9 02:53:02 <Instance Name>-wls-1 sshd[24536]: Received disconnect from xx.xxx.xxx.xxx: 11:


Need to know the reason for the same and whether anyone is accessing the cloud instance

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms