[Bug 2249] sshd ignores PAM_MAXRETRIES pam return value

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jun 25 21:32:56 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2249

--- Comment #1 from Matthijs Kooijman <matthijs at stdin.nl> ---
It seems things are a bit less obvious when I thought. When I try to
reproduce the log message by trying to log in with dummy passwords, it
seems sshd kicks me out after 3 tries:

Jun 25 13:26:12 login sshd[6762]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=84-245-29-136.dsl.cambrium.nl  user=root
Jun 25 13:26:14 login sshd[6762]: Failed password for root from
84.245.29.136 port 44444 ssh2
Jun 25 13:26:16 login sshd[6762]: Failed password for root from
84.245.29.136 port 44444 ssh2
Jun 25 13:26:18 login sshd[6762]: Failed password for root from
84.245.29.136 port 44444 ssh2
Jun 25 13:26:18 login sshd[6762]: Connection closed by 84.245.29.136
[preauth]
Jun 25 13:26:18 login sshd[6762]: PAM 2 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser=
rhost=84-245-29-136.dsl.cambrium.nl  user=root

This log suggests that the client actually closed the connection, not
the server. Is there perhaps some limit builtin to the ssh client?


I also see this in my logs, presumably from a password bruteforcer that
might be violating the SSH protocol?

Jun 25 11:28:58 login sshd[6419]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.10.191.168 
user=root
Jun 25 11:29:01 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:03 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:05 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:07 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:09 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:12 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:12 login sshd[6419]: Disconnecting: Too many
authentication failures for root [preauth]
Jun 25 11:29:12 login sshd[6419]: PAM 5 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser= rhost=116.10.191.168  user=root
Jun 25 11:29:12 login sshd[6419]: PAM service(sshd) ignoring max
retries; 6 > 3

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list