[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tally with sshd: ssh password-based failures not tally'd



That's pretty common when you have a load of keys added to ssh-agent - ssh 
client tries each of these first, before asking you to provide a password. 

Either specify password as the PreferredAuthentication for this Host, or drop 
all identities from ssh-agent (ssh -add -D) and try that.

Regards, Philip Yarra.

On Mon, 10 Jan 2005 01:07 pm, George Hansper wrote:
> George Hansper wrote:
> 
> >    Changing the /etc/ssh/sshd_config setting:
> >     MaxAuthTries 1
> >    limits the user to 1 try per TCP connection, and brings pam_abl into
> >    line with real attempts
> > 
> >    This works for Fedora Core 3 (openssh-server 3.9p1-7)
> > 
> >    For Mandrake 10.1, 'MaxAuthTries N' allows 'N+1' tries, and never 
allows more
> >    than 3 tries anyway. 'MaxAuthTries 1' kicks you out before you start!
> >    I'm reluctant to set 'MaxAuthTries 0', even though this works. I though
> >    I had Mandrake allowing "N-1" tries, too, though I can't reproduce it 
for now.
> > 
> 
> Fedora Core 3 (openssh-server 3.9p1-7) has started giving me the same
> strange behaviour as Mandrake:
> 
> 	MaxAuthTries 1
> 
>  > ssh george 127 0 0 1
> Received disconnect from 127.0.0.1: 2: Too many authentication failures for 
george
> 
> ie before I can enter a password!
> 
> If I set:
> 	MaxAuthTries 2
> 
>  > ssh georgeh 127 0 0 1
> george 127 0 0 1's password:
> Received disconnect from 127.0.0.1: 2: Too many authentication failures for 
george
> 
> ie one attempt.
> 
> I have restarted the sshd server at each config change, and I haven't been 
drinking, either!
> 
> Obviously, this ambiguity of MaxAuthTries is a "characteristic" of 
openssh-server 3.9p1-7
> 
> Regards,
> 	George Hansper
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list redhat com
> https://www.redhat.com/mailman/listinfo/pam-list
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]