I have a weird problem with a gentoo virtual machine that I just installed: if I try to login with an invalid or denied user, the sshd server will close the connection without authenticating. By comparison, a recent debian 13 trixie installation asks for authentication without outright closing the connection.
client shell:
$ ssh -l abcd 192.168.1.214
Connection closed by 192.168.1.214 port 22
server log:
Feb 15 16:15:14 baldur sshd-session[2201]: Invalid user abcd from 192.168.1.130 port 36434
Feb 15 16:15:14 baldur sshd-session[2201]: fatal: PAM user mismatch
client shell:
$ ssh -l my_denied_user 192.168.1.214
Connection closed by 192.168.1.214 port 22
server log:
Feb 15 16:16:49 baldur sshd-session[2396]: User my_denied_user from 192.168.1.130 not allowed because listed in DenyUsers
Feb 15 16:16:49 baldur sshd-session[2396]: fatal: PAM user mismatch
Is it considered normal behavior ? Personally I would consider that a security risk, as it will give a clue to attackers which users can actually login, instead of letting them hammering invalid users.
