On 23 February 2018 at 01:49, Paul Ellis <openssh-unix-dev@xxxxxxxxxxx> wrote: > We are attempting to use openssh sftp to connect to a server that is running > some version of the Axway SFTP server. After a publickey auth completes, the > server resends publickey as a valid auth. That could be potentially correct behaviour in the case where the server requires several keys to authenticate, although it sounds like this is not the case here. > This results in a loop as openssh > sftp resubmits the publickey information. This seems similar to a discussion > in 2014 that terminated with the thought that it might be nice if the client > tracked this > (https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-August/032800.html). > Is there any option we can use that will prevent this behavior? Not currently. > Attempts to > contact Axway have failed as we’re not direct customers of theirs and the > party actually running the server is blaming openssh. You might want to direct them to RFC4252[1] section 5.1, which covers partial authentication and says: """ Already successfully completed authentications SHOULD NOT be included in the name-list, unless they should be performed again for some reason. """ [1] https://tools.ietf.org/html/rfc4252 -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
