Hi, Trying to understand why some spurious `There was 1 failed login attempt since the last successful logins`, that seems to appear on every single login, I think there is a bug in auth.c's auth_log with the handling of partial logins: https://github.com/openssh/openssh-portable/blob/c697e46c314aa94574af0d393d80f23e0ebc9748/auth.c#L355-L372 If I read this code correctly, when auth_log is called with authenticated=0 and partial=1 without authctxt->postponed being set (which is normal on partial authentications) then: - if method is password, keyboard-interactive or challenge-response (not sure why the others are not considered?), record_failed_login is called - audit_event is called with an event from audit_classify_auth which always seems to return a failure events (or unknown). So it seems that partial authentications are considered as failures :/ The simplest fix for me seems to be to return before L355 if partial or authctxt->postponed are set (maybe after checking that there isn't a logic flow and authenticated was set?). Am I missing something? Thanks in advance, Vincent Brillault
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
