Openssh vs. unsuccessful_login_count on AIX

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gents,

I have a AIX 6.1 TL2 server using Quest/Vintela Authentication Services(QAS) for users authentication and I'm also using a openssh version provided by Quest (http://rc.quest.com/topics/openssh/).
When a AIX user's unsuccessful_login_count is greater than 5 the user is not able to login via telnet BUT if he tries to login via SSH it works on the second try. The user's unsuccessful_login_count by the time that he tries to login for the first time, At the time that he tries the second time, no troubles are found and he succeed to log in.

When running the SSH server on debug mode the following entries can be seen:
…
Accepted keyboard-interactive/lam for invalid user username from 127.0.0.1 port 39992 ssh2
debug3: AIX/setauthdb set registry 'VAS'
debug1: loginsuccess(): The file access permissions do not allow the specified action.
debug3: aix_restoreauthdb: restoring old registry ''
monitor_child_preauth: authenticated invalid user
debug1: do_cleanup
debug1: do_cleanup
…
On the syslog file the following can be seen:
Oct  2 13:05:05 servername auth|security:info sshd[409648]: Login restricted for username: There have been too many unsuccessful login attempts; please see \tthe system administrator.
Oct  2 13:05:05 servername auth|security:info sshd[409648]: Failed none for invalid user username from 127.0.0.1 port 40139 ssh2
Oct  2 13:05:11 servername auth|security:info sshd[409648]: vasaix: Authentication <succeeded> for <Active Directory> user: <username> account: <username@xxxxxxxxxxx> service: <AIX LAM> reason: <N/A>
Oct  2 13:05:11 servername auth|security:info sshd[409648]: Accepted keyboard-interactive/lam for invalid user username from 127.0.0.1 port 40139 ssh2
Oct  2 13:05:11 servername auth|security:crit sshd[409648]: fatal: monitor_child_preauth: authenticated invalid user

The logs shows the user  being validated by Vintela but AIX doesn't let him in. 
After this SSH unsuccessful operation the user's unsuccessful_login_count is set to 0 by SSH.

Now I ask to the list: Is the interaction between SSH and AIX supposed to be like that, I mean, was SSH suppose to ignore the unsuccessful_login_count on AIX and just reset it?  If SSH is going to reset the user's unsuccessful_login_count why the user is not able to login in the first try?

Any reply will be greatly appreciated.

Best regards,

Jackson




      ____________________________________________________________________________________
Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com


[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux