[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tally with sshd: ssh password-based failures not tally'd



George Hansper wrote:
George Hansper wrote:
[...]
For Mandrake 10.1, 'MaxAuthTries N' allows 'N+1' tries, and never allows more than 3 tries anyway.

That a feature of the client, not server. From the ssh_config(5) man page:


 NumberOfPasswordPrompts
     Specifies the number of password prompts before giving up.  The
     argument to this keyword must be an integer.  Default is 3.

[...]
Fedora Core 3 (openssh-server 3.9p1-7) has started giving me the same
strange behaviour as Mandrake:

MaxAuthTries 1

> ssh george 127 0 0 1
Received disconnect from 127.0.0.1: 2: Too many authentication failures for george


ie before I can enter a password!

... but, most likely, after the client has attempted some other authentication (eg hostbased or a key supplied by an agent).


Try "ssh -vvv yourserver" to see what it's doing and/or "ssh -o PreferredAuthentications=password yourserver" to force it to attempt only password auth.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]