Yes, I have tried that option with no difference in behavior. It seems it ignores that option when provided. Just for reference, I am building it on RedHat 5. I have never had this issue on any previous version of OpenSSH. I use the default configuration with only the changes specified in the RHEL 5 STIG applied. I appreciate the security advice. The root account was indicated simply as an anonymous indicator. I do have PermitRootLogin=no applied. But this same issue is present regardless of the account provided. Best regards, Trey Henefield, CISSP Senior IAVA Engineer Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA Trey.Henefield@xxxxxxxxxxxxx Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450 www.ultra-ats.com -----Original Message----- From: Daniel Kahn Gillmor [dkg@xxxxxxxxxxxxxxxxx] Received: Thursday, 15 Jan 2015, 4:03PM To: Trey Henefield [trey.henefield@xxxxxxxxxxxxx]; Ángel González [keisial@xxxxxxxxx] CC: openssh-unix-dev@xxxxxxxxxxx [openssh-unix-dev@xxxxxxxxxxx] Subject: RE: OpenSSH v6.7 & NumberOfPasswordPrompts Option ... On Thu 2015-01-15 15:47:33 -0500, Trey Henefield wrote: > debug3: authmethod_lookup keyboard-interactive > debug3: remaining preferred: password > debug3: authmethod_is_enabled keyboard-interactive > debug1: Next authentication method: keyboard-interactive > debug2: userauth_kbdint > debug2: we sent a keyboard-interactive packet, wait for reply > debug2: input_userauth_info_req > debug2: input_userauth_info_req: num_prompts 1 > Password: > debug1: Authentications that can continue: publickey,password,keyboard-interactive > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > root@10.10.2.51's password: > debug2: we sent a password packet, wait for reply > debug1: Authentications that can continue: publickey,password,keyboard-interactive > debug2: we did not send a packet, disable method > debug1: No more authentication methods to try. > Permission denied (publickey,password,keyboard-interactive). > > > In the above output, the first prompt is "Password:". The second prompt is "root@10.10.2.51's password:" The first prompt is a keyboard-interactive prompt; the second prompt is the password prompt. please try again with -oKbdInteractiveAuthentication=no Regards, --dkg PS if possible, you should probably avoid using password authentication for the root account anyway, but that's a sideline to the issue you're seeing here. Disclaimer The information contained in this communication from trey.henefield@xxxxxxxxxxxxx sent at 2015-01-15 17:54:25 is confidential and may be legally privileged. It is intended solely for use by openssh-unix-dev@xxxxxxxxxxx and others authorized to receive it. If you are not openssh-unix-dev@xxxxxxxxxxx you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev