[Bug 611] Unnecessary authentication attempt in auth2-none.c creates delay
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jul 1 10:32:14 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=611
Summary: Unnecessary authentication attempt in auth2-none.c
creates delay
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: matthewg at zevils.com
The userauth_none function, which is called at the start of every SSH2
connection, attempts to authenticate the user by calling auth_password with an
empty password. In the case where the user's password is not empty, which will
be the majority of the time, this can create a noticable delay, since many
systems are set up to insert a pause after a failed authentication attempt in
order to prevent brute-force attacks. The attached patch will suppress the
auth_password call in userauth_none if the PermitEmptyPasswords option is turned
off. On my system (Debian GNU/Linux sid), this eliminates a two-second delay in
logging in.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list