On 15/01/15 16:29, Trey Henefield wrote:
Greetings,
I discovered an issue in the latest version of SSH, where the number of password prompts are doubled. If I specify 1, I get 2, and so on.
NumberOfPasswordPrompts is a client option. And it is working fine here
on 6.7p1:
Running ssh -vvv -o NumberOfPasswordPrompts=1 testmachine, I only get
asked for a password once, then disconnect.
Could you send us the output of such command on your tests?
(there isn't anything specially sensitive there, but feel free to
obscure any data you son't feel comfortable sharing, such as your
username, host name or key ids...)
Note that at the server side, the option is called MaxAuthTries, and
works differently, counting authentication attempts of any kind.
For OpenSSH, the server does not specifically constrain the number of
pasword authentication attempts. MaxAuthTries (default is 6) is the
maximum number of authentication attempts (of any sort) per connection.
-- Ian Morgan last February on "Issue With SSHD Password Guesses" thread
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev