On Tue, Mar 04, 2014 at 08:39:01 +0000, Prashanth Nayanagari -X (pnayanag - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Hi, > > Initially when we do ssh from Cisco IOS Router to my linux machine, we use to see only one password prompt , even though we configured number of password prompts in Linux machine to 3. For OpenSSH, the server does not specifically constrain the number of pasword authentication attempts. MaxAuthTries (default is 6) is the maximum number of authentication attempts (of any sort) per connection. Normally, the number of password prompts is configured by on the client, not the server. So, how did you attempt to do this? Or, do you really mean that you were connecting from the Linux box to the Cisco router? > So, to overcome this issue , someone changed the values in sshd_config file in openssh-3.5pl. Wow, OpenSSH 3.5p1 is __ancient__! It dates form October, 2002; a _lot_ has changed since then. > Before Fix > > #ChallengeResponseAuthentication yes > #PAMAuthenticationViaKbdInt no > > After Fix > > ChallengeResponseAuthentication no > PAMAuthenticationViaKbdInt no > > So, after this when we do ssh from IOs Router, the number of password prompts got increased, means if we configure 1 in linux device, the number of password prompts for wrong password seen is 2. And if we configure 2, the number of password prompts for wrong password seen is 3. > > So, can you please help me , why the Linux machine is behaving like this. > We are using openssh-3.5 and ssh version 2. > > Thanks in advance. > To make sure that I am understanding you correctly, initially you were getting just one password prompt, but after editing the sshd_config you get one more prompt than you expected. Is that correct? Are all the prompts identical? It would help to see a sample of how you are geing prompted. Also, what precisely was changed to try to adjust the number of password prompts on the server side. Finally, I feel compelled to recommend that you upgrade OpenSSH to a more recent version. Aside from the various security enhancements and bug fixes that have been incorporated over the past decade, it would be much easire to give useful advise for a version that those on the list have more recent experience with. -- Iain Morgan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
