On Thu, Sep 22, 2016 at 2:28 AM, Delisle, John <john.delisle@xxxxxxxxxxxx> wrote: [...] > debug1: Remote protocol version 2.0, remote software version Welcome To Ceridian OpenSSH should probably log it better, but this banner is weird. According to RFC 4253 section 4.2 the format is: SSH-protoversion-softwareversion SP comments CR LF so this server is claiming that its software version is "Welcome" with a comment of "To Ceridian". [...] > debug3: receive packet: type 1 > Received disconnect from 1.2.3.4 port 32:11: Too many bad authentication attempts! The server sends a disconnect. > debug1: Authentication succeeded (password). > Authenticated to IBM.SFG.SFTP.server ([1.2.3.4]:32). The client thinks the session is authenticated, though. I think that's actually a bug in the OpenSSH client: ssh_userauth2() calls ssh_dispatch_run() with DISPATCH_BLOCK blocking on authctxt.success. It assumes that if it exits then it's authenticated. ssh_packet_read_poll_seqnr(), however, will return SSH_ERR_DISCONNECTED in that case, which will cause ssh_dispatch_run() to return. I don't think this is relevant to your problem, though. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev