[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tally with sshd: ssh password-based failures not tally'd



George Hansper wrote:

   Changing the /etc/ssh/sshd_config setting:
    MaxAuthTries 1
   limits the user to 1 try per TCP connection, and brings pam_abl into
   line with real attempts

This works for Fedora Core 3 (openssh-server 3.9p1-7)

   For Mandrake 10.1, 'MaxAuthTries N' allows 'N+1' tries, and never allows more
   than 3 tries anyway. 'MaxAuthTries 1' kicks you out before you start!
   I'm reluctant to set 'MaxAuthTries 0', even though this works. I though
   I had Mandrake allowing "N-1" tries, too, though I can't reproduce it for now.


Fedora Core 3 (openssh-server 3.9p1-7) has started giving me the same strange behaviour as Mandrake:

MaxAuthTries 1

> ssh george 127 0 0 1
Received disconnect from 127.0.0.1: 2: Too many authentication failures for george

ie before I can enter a password!

If I set:
	MaxAuthTries 2

> ssh georgeh 127 0 0 1
george 127 0 0 1's password:
Received disconnect from 127.0.0.1: 2: Too many authentication failures for george

ie one attempt.

I have restarted the sshd server at each config change, and I haven't been drinking, either!

Obviously, this ambiguity of MaxAuthTries is a "characteristic" of openssh-server 3.9p1-7

Regards,
	George Hansper


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]