Hi Darren,
I'm using OpenSSH version 4.6p1. I also use -lbsm flag when running configure to enable Solaris 10's BSM.
I notice that the none method failure is counted in /etc/shadow as a failed login, but the successful of the publickey method is not decrementing the failed login count in /etc/shadow. Hence resulting in the user account eventually being locked with a few ssh using publickey authentication as described below.
I configured a user in a server with Openssh publickey authentication.
I found that everytime when ssh to the user using publickey, there's at the beginning of the ssh session, the following log message:
sshd[743]: Failed none for xxxx from a.b.c.d port xxxx ssh2
I understand that is required as the first step in SSHV2 authentication.
However, as I'm using Solaris 10 with LOCK_AFTER_RETRIES=yes. I found in the /etc/shadow file, the failed count for the user is incremented by one everytime when ssh with publickey. I suspect the failure of this first "none" authentication method is somehow returned and consider by Solaris as a login failure. This causes the user eventually being locked after a few ssh by publickey.
I wonder if there is any way to skip returning this "none" failure to the Solaris OS resulting in the fail login count being incremented.
Thanks in advance,
John Wong
