[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tally with sshd: ssh password-based failures not tally'd

George Hansper wrote:
George Hansper wrote:
For Mandrake 10.1, 'MaxAuthTries N' allows 'N+1' tries, and never allows more than 3 tries anyway.

That a feature of the client, not server. From the ssh_config(5) man page:

     Specifies the number of password prompts before giving up.  The
     argument to this keyword must be an integer.  Default is 3.

Fedora Core 3 (openssh-server 3.9p1-7) has started giving me the same
strange behaviour as Mandrake:

MaxAuthTries 1

> ssh george 127 0 0 1
Received disconnect from 2: Too many authentication failures for george

ie before I can enter a password!

... but, most likely, after the client has attempted some other authentication (eg hostbased or a key supplied by an agent).

Try "ssh -vvv yourserver" to see what it's doing and/or "ssh -o PreferredAuthentications=password yourserver" to force it to attempt only password auth.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]