authentication failure followed by success.

This is my first time posting to this list, so I appologize if it's the wrong list to post this to. I've got some interesting things I've been seeing in my logs for a little bit now. Basically, whenever a user logs in with ssh, I get an immediate 'authentication failure', followed by a successful login (assuming the password or public key is okay).

log example:
Aug 13 12:16:51 hamlet sshd(pam_unix)[14333]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=remote.host.com user=myname Aug 13 12:16:54 hamlet sshd(pam_unix)[760]: session opened for user myuser by (uid=500)

The failure seems to happen even before the user types a password. I get this whether the authentication is public key or password.

This has got me a bit nervous. I've confirmed that this happens whether the client is Cygwin openssh, or from a RedHat Linux machine using openssh. My server is running on RedHat Linux 8.0, ssh -V yields "OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f".

Is this a Bad Thing? Or simply a mis-configuration? Why would this happen before the user actually attempts to authenticate? I don't believe I've changed anything in the server configs for a long time.

-- 

// Andrew MacKenzie  |  http://www.edespot.com

// GPG public key: http://www.edespot.com/~amackenz/public.key

// Concerned about the "viral" nature of the GPL? Try this: *Write Your Own


// Damn Code*