My Oracle Support Banner

Invalid Login Attempts Logged In "/var/log/secure" Log File - "User xxx from not allowed because not listed in AllowUser" (Doc ID 2359153.1)

Last updated on MAY 15, 2023

Applies to:

SOA Suite Cloud Service - Version N/A and later
Oracle Managed File Transfer Cloud Service - Version 16.1.3 and later
Oracle Integration - Version 17.4.1 and later
Information in this document applies to any platform.


This knowledge article reflects updated product names. Oracle Integration Classic (OIC-C) was formerly known as Oracle Integration Cloud (OIC). Please see KM <document 2493395.1> for the full list of recently renamed PaaS services.

 In any cloud environment, when user look at the log entries in /var/log/secure file, they can see multiple unknown login attempts  made to the box

For eg:
Feb  9 02:53:01 <Instance Name>-wls-1 sshd[24535]: User <some random user name> from not allowed because not listed in AllowUsers
Feb  9 02:53:01 <Instance Name>-wls-1 sshd[24536]: input_userauth_request: invalid user <some random user name>
Feb  9 02:53:02 <Instance Name>-wls-1 sshd[24536]: Received disconnect from 11:

Need to know the reason for the same and whether anyone is accessing the cloud instance


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.